NHIN Workgroup Mtg Materials and Transcript

The NHIN Workgroup of the HIT Policy Committee met on Wednesday, December 16, 2009. The meeting materials from the ONC website and the rough draft transcript (until they moved into closed session) of the meeting are below. Also be sure to check out the FACA blog and the Health IT Buzz blog for the latest updates.

Meeting Materials:

  • Agenda [PDF - 409 KB]

  • NHIN Workgroup

    Transcript

    December 16, 2009

    Presentation

    Judy Sparrow – Office of the National Coordinator – Executive Director

    Good morning, everybody, and welcome to the HIT Policy Committee’s NHIN Workgroup. We’re holding a public session this morning on directory services and certificates. Just a reminder to workgroup members on the telephone to please identify yourselves when speaking. The meeting will be transcribed. Let me go around the room and introduce the members around the table here in the room, and I’ll begin on my right.

    Marc Probst – Intermountain Healthcare – CIO

    Marc Probst with Intermountain Healthcare.

    Mark Frisse – Vanderbilt University – Accenture Professor Biomed Informatics
    Mark Frisse, Vanderbilt University….

    Doug Fridsma – Arizona State – Assoc. Prof. Dept. Biomedical Informatics

    Doug Fridsma, ONC.

    Christine Bechtel - National Partnership for Women & Families – VP

    Christine Bechtel, the National Partnership for Women and Families.

    Neil Calman - Institute for Family Health - President & Cofounder

    Neil Calman, Institute for Family Health.

    Jim Cromwell – Department of Veterans Affairs
    Jim Cromwell, Department of Veterans Affairs.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Wes Rishel, Gartner.

    Carol Diamond – Markle Foundation – Managing Director, Health

    Carol Diamond, Markle.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Farzad Mostashari, Office of the National Coordinator.

    John Blair – Tacanic IPA – President & CEO

    John Blair, Tacanic IPA.

    Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

    Micky Tripathi, Massachusetts eHealth Collaborative.

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Jim Borland, Social Security Administration.

    Tony Trenkle – CMS – Director of OESS

    Tony Trenkle, CMS.

    Mariann Yeager – NHIN – Policy and Governance Lead

    Mariann Yeager, ONC staff to this workgroup.

    Judy Sparrow – Office of the National Coordinator – Executive Director

    Arien Malec is running a little bit late, and then we have a number of members on the telephone line. David Lansky, are you present?

    David Lansky – Pacific Business Group on Health – President & CEO

    Yes, I am. Thanks.

    Judy Sparrow – Office of the National Coordinator – Executive Director

    Jonah Frohlich? Marc Overhage? And with that, David Lansky, I’ll turn it over to you.

    David Lansky – Pacific Business Group on Health – President & CEO

    Thank you, Judy. Thank you, all, for making the time to come and join us today. I’m sorry I can’t be there in person because of obligations I have out here in California, but we very much appreciate the committee members and the presenters today, taking the time on this rushed schedule to squeeze in this hearing prior to the holidays. I think everyone in the room knows that we are working against a shared commitment to enable meaningful use and as many users as possible to be successful with meaningful use in this next year or two, and this workgroup was convened to take a look at the opportunities to enable the connectivity and data exchange function that will help as many hospitals and doctors in the country by successful with the program in the next couple of years, supported by ARRA.

    To do that, we felt some great urgency in at least understanding what’s happening in the environment and identifying opportunities to either point people in the right directions or enable new services that will help the users be successful with the program. Given that urgency, I appreciate so many of us making the accommodations to the schedule and being there in person to have the discussion today.

    I think we’ve taken a look in our first meeting or two at the requirements for meaningful use, as proposed, as recommended to ONC. And, of course, we’ll all wait and see in the next several weeks what the final requirements are, but we have a reasonable understanding that certain elements of data exchange will be critical to being successful parts of the larger strategy of enabling information use to improve care. And as we’ve taken that initial look at the requirements for meaningful use, we’ve identified a subset of likely early elements, early criteria. We’ve in turn looked at those and recognized that a great number of them can be achieved through pushing information from one health professional or health organization to another.

    I think, as Farzad will walk us through in a moment, having done a little bit of dissection of the problem, we’ve singled out the capability of finding and locating the recipients of messages of clinical information messages as a critical, foundational element of this challenge. So we thought today we’d get together, try to understand what’s happening in the larger market place, and see where the opportunity may be for any recommendations or actions on the part of those agencies that are listening to ONC and its partners to try to accelerate the capability of locating and transmitting messages across parties in the network.

    I was really interested in and pleased by the written testimony we received today. I found it very educational. I think the questions that Marc and Farzad and others had sent out to guide the presenters were really right on, very helpful. And, as a result, I think we’ve got a very good basis in written testimony for a discussion today, so I hope the presenters will build upon what they’ve already provided in text and try to turn their attention to some of the real practical questions that we all have.

    Because I don’t have the pleasure of being there in person, I don’t know what the best sequence is to tackle the elements. Maybe I’ll ask Farzad if it’s timely now to do a bit of level setting he’s prepared to do.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Yes, David. Thank you. I was trying to ineptly keep up with you on the slides, so I apologize to the audience for that. Let me start by acknowledging the central task that as we are committed to supporting the needs of providers who are motivated to achieve meaningful use in 2011 and 2012, using the NHIN, the National Health Information Network to accomplish that, we also have to be also keeping an eye on where we want to go. Whatever strategy that we pursue has to be part of an evolutionary path that can help get us to the needs of today, as well as the needs of tomorrow.

    The meaningful use exchange criteria recommended by the HIT Policy Committee are here not just for 2011, but also 2013 and 2015. We know this will go through and this too will go through an evolutionary process, but just making the point that whatever approach we do has to support not just the simple, as David pointed out. Many of those could be met by simple push interoperability, but we also have to keep an eye towards how that can serve as the foundation and the onramp of core, structural elements for supporting more sophisticated forms of exchange to come.

    The reason why we’re focusing today on one area, on directories, is that this was, as is part of our deliberations in the first couple of meetings, was the answer to the question, what can be done or a possible answer to the question what can we do today that can accelerate information exchange under a variety of scenarios? In supporting both near term push functions, as well as the full NHIN query functionality. So we’re here today with the public hearing on current approaches to some of the leading organizations and others who have directories.

    In this case, I think, mostly of providers, but also health plans … here. And then we have a second hearing on authentication issues, which is also frequently raised as a core functionality, a core need that would be required to support and accelerate and reduce the cost of secure information exchange using the Internet over the long run.

    As the NHIN workgroup continues its work, it’s going to have to consider some other, very important questions and issues. The need for a solid trust fabric, this may be different in different context, in different types of exchange. But nonetheless, it is foundational.

    We asked the NHIN workgroup to clarify the best role for government. We don’t think that the NHIN is going to be a box in the middle that everybody, you know, gets on the box, and the government runs the box in the middle that everyone connects to. That’s really not the vision. The question is what is the appropriate role for government, and I would include states as well as the federal governments in that, in supporting some of the key components of exchange. How can we, as we do this, enable broad participation across the full spectrum of organizations, large and small?

    This is going to be the agenda for today. I think we’re going to be on time, actually maybe a little bit ahead, which is good because, to this schedule, we’re also going to be fortunate that we have Tony Trenkle from CMS here also today joining us from the policy committee to also give us some perspective on directors from CMS and the health IT point of view.

    People ask often what is the NHIN then. Who has wondered that question? No one here, wow, you guys are really up to date on this. Maybe those on the phone have raised their hands. For me, it was helpful, and I’m not very technically gifted, so this was very helpful to me, thanks to Doug Fridsma for making things simple enough for me to understand.

    But he said, look; if two organizations today want to exchange information in the paper world, what are the different pieces to that? Well, the first part is deciding what gets transmitted and how that is to be transmitted. There’s a document there. I think it’s in German, and making the point that if, within your organization, maybe you talk whatever language you want to talk, but if you want to speak between organizations, outside the walls of the house, it becomes necessary to agree on a common language in terms of the vocabulary. It also becomes important to clarify what is the form that that document is going to take, and how is that message going to be communicated. In this case, the paper and the envelope.

    You may want to look up who you want to send it to. You’d say, well, I want to send it to Dr. Jones. What is Dr. Jones’ address? Or you might want to say I’m looking for a cardiologist who takes this insurance plan, and let me look up that cardiologist to send this referral to.

    You need a phonebook, and the phonebook has not only the name of the person, but also how you can reach them. It has an address. It has a phone number, a fax number, so a basic phonebook or a directory is required.

    Well, you sign the bottom of that referral form, and that is what serves today as kind of one of the ways in which we do authentication that this person who sent me the referral or sent me the prescription, that's their John Hancock there, and that is in deed who they are – they are who they say they are. You drop it in the mail, and the mailman picks it up and gets on the truck, and that is the current delivery protocols for how that information gets communicated.

    It ends up in a mailbox, and of course the security afforded by that mailbox, that federal issue, U.S. Postal Service specification mailbox, the security doesn’t rest in the physical security of that mailbox. It rests in the laws and the agreements and the fact that it’s a felony to interfere with the post. But it’s all of those that have built up over time that provide the security that people feel when using the U.S. Postal Service to communicate information.

    Then something else happens here, which is pretty important, which is the provider who receives it interprets that request in the context of their relationship with the sender. This is, today, a critical aspect of how business gets conducted, not only in medicine, but all over. And it is often implicit rather than explicit.

    In answer to the question what is the NHIN, the NHIN, the foundational NHIN components is all that stuff: the authentication and certificates that are currently used, the vocabulary document and message standards and protocols, the delivery protocol, and it is the Internet that is used, directories, making explicit trust relationships through the use of, in the case of the NHIN cooperative, the DURSA, the Data Use Reciprocal Support Agreement, and the security in the encryption and the mutual authentication afforded by the system.

    This is what the NHIN is, and it currently supports two health information organizations who meet certain assumptions about what they can support, whether it’s an integrated delivery network or health information organization or SSA in being able to communicate information with each other according to standard protocols. And the two external pieces of this that are really required to be operational are the certificate authorities and the directories. Those are the two pieces of the NHIN. And I really urge folks here and on the phone to get to know the NHIN, not for what you think it is, but for what it actually is. It is in fact a remarkably, I think, but we would love your feedback, elegant and spare infrastructure for enabling information exchange.

    With that as kind of the introduction to what the NHIN is, I think our question to the NHIN, our challenge to the NHIN workgroup was we know that the NHIN cooperative is operational. Just last week, we had the VA and DoD, I think, and SSA and I believe Kaiser have assigned the DURSA, and they’re going to be exchanging information actively. I think, for many other organizations, whether it’s the health information organizations, whether it’s integrated delivery networks who already have some of the capabilities that the NHIN assumes that you have, whether it’s a policy engine, whether it’s a patient directory and the capacity to sign and bind to the DURSA. Those organizations should absolutely look to the NHIN as a way that they can exchange information with the DoD, with the VA, and to participate in this data sharing cooperative.

    But we also want to think about the NHIN in supporting, again, that broad range of providers, some of whom may not be part of, certainly in the near term, health information organizations or other institutions that have that full set of services. And I think a key question that we’re asking is what can we do today. What can the government do today to enable the broadest ability to exchange information securely over the Internet in a way, again, that scales, in a way that’s accessible, but also a way that can build towards the vision of the future.

    We’re going to focus today on directories, and we will start hearing testimony on this in the first week in January. January 7th, is it, Judy? We will hear about authentication and identity management. So thank you, and I think we can go right to—

    Judy Sparrow – Office of the National Coordinator – Executive Director

    Kathleen Mahan.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    The testimony from Kathleen Mahan.

    Kathleen Mahan – Surecripts – VP Product Management

    Good morning.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Let me give a – Kathleen, we don’t have a bio for you here.

    Kathleen Mahan – Surecripts – VP Product Management

    No, you don’t have a bio on me.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    So introduce yourself, Kathleen.

    Kathleen Mahan – Surecripts – VP Product Management

    Sure. My name is Kathleen Mahan. I’m a vice president of product management with Surecripts. I’ve been with the company since early 2004, and have been very engaged with some of you on the workgroup panel today, and very involved with directories, particularly within our network, so I’m happy to present and will begin my testimony.

    My name is Kathleen Mahan, and I’m vice president of product management for Surecripts. As the vice president of product management for the legacy Surecripts organization, and now serving a similar capacity for the new, merged organization with RxHub, I have been involved in the development of an operational, national health information exchange for prescription information now called Surecripts.

    As most of you know, Surecripts is the nation’s e-prescribing network, which connects prescribers in all 50 states through their choice of e-prescribing software to the nation’s leading payers, chain pharmacies, and independent pharmacies. Through our work in standards, certification, education, and collaboration at the national, regional, and state level, we have established a national, digital, healthcare infrastructure for the exchange of prescription information. Interoperability is at the core of our mission, focused on success.

    I want to thank the HIT Policy Committee NHIN Workgroup for the opportunity to comment on our experience and development in the use of directory services. The Surecripts directory services support a national network that connects over 155,000 providers, over 52,000 community pharmacies, 6 mail order pharmacies, and 25 of the nation’s largest PBMs for the purposes of exchanging prescription related information in the ambulatory setting.

    The Surecripts’ network success is grounded in a focus on neutrality, transparency, and the use of industry standards. As a result, our network is now being utilized to support new interoperability use cases or requirements such as medication reconciliation, processes within hospitals, and the transmission of the continuity of care record, CCR, CCD, documents across the network to streamline documentation for transitions of care. With that as a foundation, I will now turn the specific questions of the committee.

    Question: What is the scope of service, content structure, and business model of your directory services? Surecripts directory services consist of a prescriber directory and a pharmacy directory, as well as the associated capabilities to create, update, and share directory information across the network. Each directory contains a unique identifier for each participant on the network, as well as demographic data, address information, certified application use, available service, and more.

    The directory services offer two methods of update and maintenance: a messaging solution for automated updates, and a Web portal, otherwise known as administrative console that can be securely accessed by all participants in the network, assuming proper permissions. Surecripts assembles this information in a prescriber and pharmacy directory download files that prescriber vendors and pharmacies and pharmacy vendors download to populate their end systems with the relevant data. Prescriber vendors pull the pharmacy download file, and the pharmacy vendors pull the prescriber download file.

    Every prescriber on the network must be registered with in the Surecripts prescriber directory. The identification of the prescriber and the entry of the necessary data are currently performed by the vendor using one of the methods described above. Upon completion and validation of the registration process, the prescriber is assigned a unique identifier by location and by application. Note: We are currently using an internally enumerated identifier. However, an individual NPI, if clearly tied to the prescriber’s location, may be considered for future.

    Similarly, each pharmacy on the network, chain, independent pharmacy, specialty, mail order, etc., must also be registered within the Surecripts pharmacy directory. This registration process is managed by the pharmacy organization or the pharmacy vendor using one of the methods described above. The completed and validated registration record is assigned the industry standard, NCPDP ID, in this standard.

    Currently there is no charge to prescribing vendors for the three course Surecripts e-prescribing services. They are prescription benefits, prescription history in the ambulatory setting, and prescription routing. The directory services described above are included as part of the standard network services necessary to support these core, e-prescribing services. And they are covered in the standard business agreement for all network participants. Retail pharmacy, mail order, and pharmacy benefit management companies, organizations, pay a transaction fee for participating in the network. However, no additional transaction fees are assessed for directory messaging or downloads.

    Question: Based on your experience, how should directory services be governed and operated? Within the Surecripts e-prescribing network, directory services sit at the core of the network operations and should be governed with the mindset that these providers are sharing protected health information. Whether fax, mail, or electronically transmitted, the PHI is routed between the providers based on the provider’s demographic and address information stored in the directory service.

    Given that network participation must go through different processes to obtain a DEA number, an NPI, and/or an NCPDP ID, it would be helpful if these processes were standardized and coordinated by the issuing entities in order not to duplicate efforts. In addition, the issuing entity should take into account and consider the requirements necessary to utilize the information for transaction routing and information exchange. For example, it is imperative that the directory service information be specific to the address where the patient received care, not where the invoices are sent. This is one of the most important challenges facing a national directory service, as directory service offerings have traditionally been focused on the flow of reimbursements, not the sharing of patient information.

    It should also be noted that alternative routes for electronic information may be necessary. As an example, if there’s a communication failure in the network, it may be appropriate to fax prescriptions to the pharmacy. In these situations, it is extremely important that fax numbers within the directories are accurate.

    To have a truly successful offering, governance and operational maintenance should focus on the timely submission of updating provider information where the provider sees patients. While difficult, the directory service should impose some type of time limit as to when and how the directory information is made available to the provider be it either staff or applications. A timely directory service is no good if the updated information sits days or weeks before being distributed to the end provider for use. We should learn from other distributed directory services such as LDAP and/or implemented such as DNS.

    Question: If your directories are currently used to facilitate information exchange as part of a proprietary network, could you imagine having your directory available as a service to other organizations? Could you imagine using a public directory instead of your own internal one?

    Surecripts currently makes use of our directory services available to all network participants. The directory service makes use of a Web based XML messaging structure, which is an open source standard. Surecripts uses the syntax rules of XML, and defines tags and field constraints to explicitly define what and how the information should be submitted. The original design was intended for distributions, possibly all prescribers and pharmacies in the U.S., and can likely be extended to greater U.S. healthcare systems for implementation and use.

    A directory that addresses the following would be interesting to Surecripts: one, assurance of appropriate identity proofing; two, assignment of a single, unique identifier that is location specific; three, assurance of timely submission and updates from providers; four, account for the distribution of directory information across the network in a real time manner; five, indication of level of service supported by the network participant, for example, fax, paper, message type. We believe that it would still be necessary for various networks to maintain their own directories for registration purposes, tracking of various service types by user reporting, etc.

    Question: Is it feasible to aim for universal, authoritative directories, or should we accept the reality of multiple fragmented and overlapping directories? We believe that it is reasonable to have both. However, the core information should be standardized. Currently, it is unreasonable to think that all healthcare providers or systems will use the same directory data. Where one system may want additional data included in their provider directories, we still believe there is a core set of data that can be standardized as a baseline for all providers for the purposes of sharing PHI.

    This data set includes, but is not limited to, provider first name, provider last name, provider individual NPI, provider DEA, provider address line one, provider address two suite or floor, city, state, and zip, a USPS valid address, location name, clinic, pharmacy, lab, hospital, etc., and enabled services, medications paper/electronic, eligibility paper/electronic, medication history, continuity of care documents, fax, paper, etc. If possible, this minimum data set should standardize through a recognized ANSI approved or through an open source standard like XML.

    Question: If there were authoritative directories of providers, would other institutions integrate such directory services into their current or future business relationships? Since most vendors, pharmacy, health plans, hospitals, and other organizations already deal with the integration of provider information and the matching into their in-house records, this integration, should it be required, would not take most by surprise. The challenge is that this is already a very time consuming and inefficient process, even in the best of circumstances.

    With the development of NHIN, interoperability across healthcare systems, provider groups, pharmacies, and health plans adds yet another layer of complexity. There are a variety of options for a directory of provider information available today. However, there are no specific standards that these directories must meet in order to insure the accurate, complete, and timely information that is necessary to easily integrate this information into various network services and end user applications.

    The biggest challenge lies with presenting some type of incentive to the providers to make updates to a central authority. Currently, prescribers and pharmacies provide their information to several private directory types of services. The questions that we feel need to be answered are: what incentive would drive an individual provider to make updates whenever their information changed? How would these changes be distributed to private companies that make their revenue off this information? How could repetitive processes and conflicting information be avoided?

    While the private business sector for directory files exists today, there is no silver bullet. These companies are challenged with providing information on providers that can only be truly validated by the individual provider. Their revenue streams depend on this. Individual providers are then challenged with which third party companies to maintain updated records, as there are many.

    Question: What institutions could support these directory lists? Organizations such as NCPDP, Ingenix, and CAQH have a framework for updating the core information that can be effectively shared with other distributed directory services across the network. There are other organizations such as HMS, IMS, SKNA, etc., many that provide a variety of data services that could also be incorporated into the structure. We should also keep other data sources such as the AMA and the DEA in mind.

    Question: What will be required for these institutions to be trusted with the policy, technical, and administrative tasks? What are your views on the broader trust fabric? Any institution that acts as an authoritative directory service provider must meet a set of standards that addresses requirements including, but not limited to the following: one, identify proofing and credentialing; two, coordinated requirements; three, validation processes; four, frequency of update; five, distribution services framework; six, reporting; seven, support infrastructure and processes to quickly resolve these issues.

    There could be a single, authoritative provider for various directories such as physicians, pharmacies, hospitals, etc., or there could be a network of providers that are accredited to the directory services provider standards. We would suggest that the various distributed network directory services providers would then need to contract with the appropriate authoritative directory service providers. Appropriate standards would need to be developed to insure proper and timely directory synchronization across the network.

    Question: How might forms of credentialing and identity management be managed through directory services? Credentialing is a natural extension of directory services. State licensing information and DEA numbers can be supplied to the directory authority, but unless there is an explicit credentialing service, the information can be faulty. The information provided can be legitimate in the eyes of the provider, but if they make a simple error, this information will be erroneously distributed to many endpoints subscribing to the directory authority for information. To offer a complete service, an authority would have to retain real time services to check state licensing authority, the DEA, and other credentialing services.

    Identity management in the forms of proofing and authentication are services that many private sector companies offer. Ideally, the directory authority will make use of one said service. The solution must be able to initially identify an individual prescriber and, at a regular scheduled interval, provide re-authentication services. Initial identification to establish the directory entity for a provider and validation of all information in the directory entity establishes the starting point for information that will then need to flow through the network. It is possible that the authoritative directory service could maintain other directory information such as public keys that then can be synchronized across the network.

    Question: What standards issues must be addressed to achieve more effective use of directory services? NPI, the enumeration of the NPI seems to be managed fairly well. We haven’t seen many instances where duplicate NPIs have been issued. However, in order to be a truly effective NPI distribution service, the entity needs to consider a systemic way to distribute the updates.

    If the NPI is showing signs of being relied upon as being the de facto enumerator for providers … or other organizations need to set up some type of message based update service with download options. Currently, the only way to access the file is by pulling it off a Web site, not very automated. Entity type or institutional DEAs work for billing purposes, but do not work as identifiers when providers want to share data with each other. DEA numbers should be used to help uniquely identify a provider, but should not be relied upon as the primary identifier when comparing provider directory entities to each other.

    Thank for the opportunity to provide testimony. Surecripts looks forward to collaborating on this effort, and I would be happy to answer any questions.


    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you. That was terrific. I can’t tell if you did a good job answering the questions, or we did a good job making up the questions, or both.

    Kathleen Mahan – Surecripts – VP Product Management

    I think the questions were well posed.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    That was terrific. Questions from the workgroup? Wes?

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Thanks. I’m going to make a comment, not to be picking on you, but to be picking on a concept that we hear a lot. XML is the most wonderful standard in the world. It allows anyone to say we are standard, while producing a proprietary specification. So if I was to have any, even the slightest argument with our presentation, I would say that you have a proprietary specification that you use that is described in terms of the XML standard. Is that reasonable to say that? Is this your specification? You decide what the elements are, what the fields are, and so forth?

    Kathleen Mahan – Surecripts – VP Product Management

    That is correct. We use XML, which is open source. But the actual intelligence of the tag names is proprietary to our network. I guess, what is good with XML, and it’s a great standard, as it gives you a human readable tag naming convention, which identifies metadata very easily.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    I’m an advocate of XML. I’ve enjoyed its use and its over-hyping for years.

    Kathleen Mahan – Surecripts – VP Product Management

    Agreed.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    As I say, I don’t think you were intending to mislead people. I just wanted to clarify.

    Kathleen Mahan – Surecripts – VP Product Management

    Thank you.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    I have a couple other questions. In your prescriber directory, do you correlate doctors with the organizations they work for?

    Kathleen Mahan – Surecripts – VP Product Management

    Clinic or IPAs or at what level?

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Yes.

    Kathleen Mahan – Surecripts – VP Product Management

    All of the above? Okay. We correlate the prescribers with their technology vendor, and we correlate their location by street address, and then clinic name. The clinic name, unfortunately, is not enumerated, so it’s a free text string, but yes, we do correlate.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    So you have some information that could be used to help to correlate organization, but you don’t explicitly vet the organization name and create an enumerated organization identifier or anything like that?

    Kathleen Mahan – Surecripts – VP Product Management

    We try to standardize the clinics and the groupings thereof, obviously because it’s helpful within the directory service and also for messaging delivery.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Sure.

    Kathleen Mahan – Surecripts – VP Product Management

    So we try to standardize it to the extent that we can, yes, and we do have information that could be helpful, yes.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Okay. This is probably not a reasonable question to ask you, but I would like to get it on the table. If we were to extend the directory that you have to include non-prescribing clinicians, those who would have reason to send and receive clinical information, do you have any kind of an estimate of how much bigger that database would be?

    Kathleen Mahan – Surecripts – VP Product Management

    How much bigger the database?

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    The number of identified people.

    Kathleen Mahan – Surecripts – VP Product Management

    Are you saying including nurse practitioners?

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Yes, nurse practitioners, staff members, psychologists.

    Kathleen Mahan – Surecripts – VP Product Management

    We already have those particular prescribers in the network today. We don’t maintain office staff information, but certainly if there was a pervasive need, we could add that. We have physician’s assistant, nurse practitioners, doctors, all of the above today in the directory. I think what would be helpful is, with the NPI registration, there’s a taxonomy code associated that would be helpful in discerning the type of provider/prescriber. I think that would be very interesting, and we look forward to using that as well.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    You spoke about authoritative providers and other providers of directory services, and if I understood you properly, you were envisioning a cooperative role between authoritative providers and other providers. Is that…?

    Kathleen Mahan – Surecripts – VP Product Management

    Yes, I think a cooperative, collaborative….


    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Do you view the authoritative providers, there to be multiple or does it all get down to a single authoritative provider at some point?

    Kathleen Mahan – Surecripts – VP Product Management

    Well, I think we left it open in the testimony for the purposes of something for the group to quell over, but I certainly think it could be either/or, my personal opinion. I think the government’s role could be helpful in defining whether that’s one entity who oversees the distributed group, or if that can be a series of central authorities that have been vetted, certified, meet the standards that this group has identified.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Let’s go to Arien Malec.

    Arien Malec – RelayHealth – VP, Product Management

    You mentioned that you’re relying on the vendors for identity proofing. I wonder if you could describe the process that you used for insuring that the chain of custody is maintained, so what contractual requirements do you put on the vendors, and then what certification requirements do you put on the vendors?

    Kathleen Mahan – Surecripts – VP Product Management

    Sure. I’m not going to be able to give you the exact contractual language, but I can assure you that it’s there. If we need to provide that for the group, we probably could. I don’t have it off the top of my head.

    Regarding certification, that’s one of the more laborious processes that we go through in the company. Each technology vendor goes through an implementation and certification with Surecripts. The average implementation certification takes around five months, and that is looking at anything from workflow to technical syntax, semantic validation, syntactic validations, how they represent the data within their applications, also looking at how they store directory type information. Can they download our directory information in a timely manner? That is part of our core process.

    Arien Malec – RelayHealth – VP, Product Management

    Do you, as part of your certification of the EHR vendor, does not include a review of their processes for identify proofing individual physicians?

    Kathleen Mahan – Surecripts – VP Product Management

    No.

    Arien Malec – RelayHealth – VP, Product Management

    Do you look at their drivers’ license?

    Kathleen Mahan – Surecripts – VP Product Management

    No, it’s contractually covered.

    Arien Malec – RelayHealth – VP, Product Management
    But it’s the combination of the contractual commitment and then your certification or their processes for doing that?

    Kathleen Mahan – Surecripts – VP Product Management

    That’s correct. Yes.

    Arien Malec – RelayHealth – VP, Product Management

    Thanks.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    I had a question. You talked about downloading of files, and could you talk about the challenge of making sure that those files are downloaded in a timely way so that you don’t get calls from docs saying your database stinks because I can’t find the pharmacy down the street.

    Kathleen Mahan – Surecripts – VP Product Management

    Yes.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Could you talk about why this isn’t done as a Web service?

    Kathleen Mahan – Surecripts – VP Product Management

    Actually, we have a messaging based service so that could be actually systemically processed with our network participants, so they can actually request a download, and it will be sent to them.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    I’m sorry. What I mean is the individual lookup being done.

    Kathleen Mahan – Surecripts – VP Product Management

    Yes. We have a messaging service where an individual provider can be looked up and response back with our internal identifiers, their demographic information, etc. If they’re entitled and have security permissions to receive that information, we do, yes.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you. Last question to Micky.

    Micky Tripathi - Massachusetts eHealth Collaborative - President & CEO

    A quick question maybe a little bit unfair, but at any given time, how accurate do you think your directory is, and which fields are the greatest sources of inaccuracy?

    Kathleen Mahan – Surecripts – VP Product Management

    Sure. I think the directories, for the majority, are very accurate. Obviously we, over the course of this meeting, are going to send a million prescriptions successfully, 1.8 million eligibility requests successfully, and another 600,000 medication history requests successfully, so the majority of the directory information is very good. But like anything else in life, it’s that 2% that doesn’t get good data into the directories that will cause problems.

    I think one of the key components around this workgroup effort will be looking at this core set of data that I spoke to in the testimony, and being very explicit about how that data should be represented. At first appearance, it may seem very simple, but directory data is the baseline for which this routing is to happen. And when I say being very specific, I mean address, the street address, not the suite. The suite goes into another field. City, state, and zip should validate the triad with a valid, United States postal address. The clinic name should be populated. If possible, get to some type of enumerator. Legal name that is presented on a government issued identifier, not your nickname, unless there’s a separate place for it. Requiring individual NPI, all this type of information is helpful downstream to insure that disparate organizations can match the directory data together, and that’s essentially where the challenge is.

    M

    Farzad, can I ask a question?

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Go ahead.

    M

    Kat, thanks for the testimony. It was very helpful. As the layperson in the group, I’m just trying to come back to something you talked about and understand it more clearly. You talked about the options you envisioned for what needs to be nationally uniform, either as a set of standards, for example, what you just talked about, the standardization of the data elements, or the actual service provision, the directory service provision.

    In your testimony, you talked about the role of continued special function or proprietary directories versus the role of any broader, more uniform national or state level directory. I’m just trying to get a sense what you, as you’ve looked at the new, emerging requirements, envision the future ecosystem of directories to look like, and how do you see? Do you imagine that for a specific application like e-prescribing, there will continue to be a specific resource to support directory functions, or that there is a broker, a directory of directories that assist the individual user to get pointed in the right direction? I’m sorry if it’s a complicated question. I’m trying to get a layperson’s understanding of how this environment will look to the end user, as it evolves.

    Kathleen Mahan – Surecripts – VP Product Management

    I think that there’s probably, if I’m hearing the question correctly, there’s probably a model where the directory, a national directory service would have some type of core set of data that is going to look and feel very similar to what entities already have in their directory services. But I think, at a minimum, for national sharing of this directory data, there has to be a core set defined. Many other organizations here today probably already have that core data set within our directory services, but it would be making it national and standard recognized. So data format is one thing.

    Then there’s the notion of transportation. What’s the delivery service? How do you get that payload from one place to the other? I think that should be, because it’s external, I think there are many options available, but I think that should be a standard recommendation.

    I think it’s unlikely that institutions or entities will completely eradicate their own data set in lieu of a national, monolithic directory. I think there probably will still be local information, but I think also as guidance, I would say, with that core data set that has been agreed upon by these participants within the NHIN should not manipulate that core set of data. Otherwise it gets out of synch, so I think there should be constraints about if this is the data set that we’ve chosen to exchange at a minimum that allows us to share personal health information, it should be clearly defined. The method of transport should be clearly defined, and some rules about the manipulation of that data are important. But I think the ecosystem probably looks like a set of approved or centralized directory authorities could be region, but that entities like ourselves could be communicating with that or perhaps help in being one of those entities if need be if it’s a distributed system.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you so much.


    M

    Farzad, I wanted to get one clarification. The burden and cost of maintenance, both on the provider side of reporting to all the provider directory authorities, and at your end a validation and maintenance of the data set, right now I assume we’re entering a period of greater and greater redundancy and cost of multiple entities managing that and obviously the burden on the providers. Is it appropriate to think about efficiency of directory management as one of our criteria?

    Kathleen Mahan – Surecripts – VP Product Management

    Absolutely. I mean, you know, it is our hope that this leads us to be a better place. I certainly wouldn’t suggest throwing another spoke in the wheel just to cause more complexity. I would hope that the standardization will drive us to better efficiencies. If it works, it can really relieve burden and inefficiencies from our organization and other organizations, and it’s also a well-aligned system. It will also provide for protection of sharing of this information, which is a patient’s information is being shared across the wire based on this directory information. It’s not as simple as it first sounds, so I think a coordinated effort is critical.

    M

    Thanks.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you so much. We will have, if it’s okay, followup questions from the workgroup members.

    Kathleen Mahan – Surecripts – VP Product Management

    Absolutely.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    And we can put that in the public record. It also strikes me that while we’re talking about directories, all these, you know, we’ve touched on almost all of these other surrounding issues that were in our framework for what is the NHIN or what is needed to enable secure routing of health information. So if you could also, for each of the speakers, I think we’re going to ask you also to give us a little bit of detail in terms of how you deal with, in your network, all these various issues, including the issue of certificates and security and transmission, trust relationships and so forth. Thank you so much.

    Kathleen Mahan – Surecripts – VP Product Management

    Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Our next speaker is Robin Thomashauer representing the Council for Affordable Quality Healthcare.

    Robin Thomashauer – CAQH – Executive Director

    Switching it up a little bit. I hope you don’t mind.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    That’s fine.

    Sorin David – CAQH – Director of Universal Provided Data Source

    I’m not Robin.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Please identify yourselves.

    Sorin David – CAQH – Director of Universal Provided Data Source

    I’m Sorin Davis. I’m the director of the universal provided data source for CAQH.

    Gwen Lohse – CAQH – Deputy Director

    Gwen Lohse, Deputy Director for CAQH. Thank you for having us today for the whole working group. We’re going to walk through CAQH’s experience. We’ve very pleased that you invited us. We think that a national framework is essential to move ahead some of the existing fabric that’s already in the market. Kathleen obviously did a great overview of that.

    For those of you that don’t know CAQH, we are a nonprofit alliance of health plans and trade associations. We are focused on industry collaboration for initiatives that simplify healthcare administration. Our intent is to promote quality interactions between the health plans, the providers, and the vendors in between to reduce cost around administrative simplification.

    Currently we’re engaged in two initiatives, UPD and Core. They’re both a bit different. UPD is the directory that we’re going to speak about a bit more here. But Core itself also has a lot of lessons learned regarding the policies that we believe the NHIN is going to need, so they both play into our testimony.

    With regard to both the initiatives, additionally, they are multi-stakeholder in nature. Obviously CAQH itself is the health plans and the trades representing the health plans. But both of the initiatives have a very wide range of stakeholders involved, and as we share our experiences, we do believe that, as NHIN develops, we will all benefit from the overall umbrella that NHIN will have, so we hope we can contribute to the development of that.

    The first question, what is the content structure and business model of UPD? In 2002, CAQH developed UPD as a comprehensive, nonproprietary, provider database that invites licensed practitioners to submit and maintain their individual data, enabling secure, Web based authorization by health plans, hospitals, other managed care organizations for credentialing, directory maintenance, claims administration, and quality assurance. We’re defining credentialing just given that everyone is defining it a big differently, as the process between the health plans and the providers, that they need to be credentialed in order to receive a payment from the health plan. That’s obviously an evolving definition.

    With regard to the status and the critical mass of UPD today, we did start it in 2002, as I had mentioned. There are 800,000 providers in the system, and there are over 550 organizations that are accessing the system. There are more than 8,000 new providers joining every day. The 550 are electronically accessing the UPD to eliminate the cost and burden associated with credentialing with each health plan differently.

    For those of you that are not as familiar with the world of managed care organizations, before UPD, every health plan offered out a different credentialing application, and now they have one place to go to, and it’s significantly reduced the burden. There are cost studies done by MGMA to demonstrate the significant dollars that are coming out, and we can have that detail in our testimony, but we’re not going to go over it right now.

    For the business model, UPD is no cost to physicians. That was a key decision we made. We did not feel we could move ahead without developing a structure that provided no cost for physicians.

    The organizations that access the system are paying an annual subscription fee and a fee per provider, so a key pillar of UPD, and we believe a critical success factor for all the directories, is that the providers control their data, and they’re responsible for managing and maintaining it. This develops a clear trust channel and custody channel. The provider involvement and support is essential in our viewpoint for all of these directories.

    There are 700 data elements per physician and per provider in the database, and those include things like NPI and demographics. There’s a whole range, and we’re happy to share that detail with you. The data is updated every 120 days by providers, which allows for accessing by the 550 on a constant basis. When we talk about the 800,000 providers, it’s a range of providers: MDs, DOs, DCs, DPMs, DDSs, and then 30 other allied health professionals.

    Our thoughts on a directory, governance, and operations, the second question: Governance, we really feel that for these directories, obviously the NHIN umbrella is essential for the directories to operate because we need national policies. Individually, the governance should be from nonprofit, public utilities that can deliver it as most immediate critical mass as possible, so building off of what exists. We have a lot of work to do, and hopefully we can build from what is out there. Obtaining a broad support from all the stakeholders, so we have transparent and consistent policies across the different directories we feel is essential, and I think, Farzad, you had said there’s an evolution process in place, and we truly believe that this is going to be an evolution, and we all have to collaborate.

    With the operations, Surecripts did a great job of talking about timing expectations and some of the detail there, so we won’t go into that, but we would say you need to leverage best practices that align with NHIN across the board for the operations, and really support this HIE framework that’s being developed. Also, scaling easily and rapidly to assure a minimal learning curve for the directory users. If we make this too complicated, it’s just not going to work. Requiring minimal investment in new technology, again, make it as simple as possible so we can get it off the ground. Using existing standards, Wes is obviously an expert on the standards, and we very much support the concept of using those existing standards and trying to support them to making this open and non-proprietary. Then a phased adoption and incorporation of significant controls to garner trust, and that’s really where the NHIN policies come in.

    The third question, what is the information change exchange today. Do we do that? And what are the challenges? UPD currently does support information exchange. All the 550 organizations that participate with UPD are going in to gather the data on the 800,000 providers, and that’s happening on a daily basis.

    We also see that with meaningful use coming out and health information exchanges developing on a regional level, UPD has some experience that we hope will be useful to you all as we move forward. There are 13 states that have adopted UPD, and then there are a number of Medicaid agencies that are using UPD, so the data exchange is also on a public and private level, which obviously, as we work together, public and private need to collaborate.

    We also are looking at a lot of the HITECH requirements for health information exchanges and provider directories are obviously essential to that. As we look at UPD and the 700 data elements there, and some of the other experts that are testifying today, that we’ll all need to make some adjustments, and we’re looking forward to working closely with you on that. But building off of what we have, so we can move forward more quickly.

    Beyond UPD, what are the challenges for directories? We want to offer a little bit of testimony regarding our efforts with Core. Core is 115 organizations that are sitting around the table to develop policies and requirements and operating rules for information exchange. Some of the four challenges that we see are unique identifiers, data sharing policies, digital authentication. We will be doing a pilot with VeriSign on digital authentication and testing, both at an organization level and an individual level, and then the use of standards.

    Although the standards are out there, they’re not necessarily being followed. Wes’ earlier question about XML and how is it implemented, there are different implementations, and we need to work together to create the standards and use them in the same way. Additionally, the use of standards and the other four things that we just mentioned, as HIEs develop on a state level, we hope that the NHIN is going to provide a national framework, so there’s not 50 different state approaches to this.

    Question number four, UPD and proprietary networks: UPD is not a proprietary network. We have shared the schema with the Medicaid information technology architecture. We’ve also shared the schema with Medicare, the PayCo system, and we do believe, across the board, that these public utilities should be open and transparent, and that's really going to be able to make the NHIN and the HIEs successful.

    Question number five, is it possible for it to have a universal set of directories? We do believe that it is possible, and it should absolutely be the goal that we’re all trying to achieve. UPD is a good example of that. We started now about seven years ago, and there are 800,000 providers in the system, and we believe that shared experience and also the efforts that Surecripts have done are clear examples that these public utilities can be developed and supported.

    We need federal guidance, obviously, to make that happen, so to really have a universal, authoritative, provider directory network, that universal direction from the federal government is going to be essential. And the federated approach for directory governance and management should be given consideration, and we are happy to see Carol Diamond at the table. Markle has done a lot of work with federated approaches, so we hope that the lessons learned are going to be inserted into the NHIN. Then additionally, as we see HITECH, we’re hoping this provides an opportunity and the timing right now to share these lessons learned because the needs are going to be out there in the market, and we need to collaborate in order to meet the milestones.

    Question number six, do we believe that other institutions would integrate these directory services? Absolutely. That is happening today. I mentioned there are 700 date elements available per provider in the UPD, and there are 550 organizations using the UPD. They are integrating that data right now to credential their physicians, help with provider directories, help with claims adjudication, so that is possible. What we feel is essential that the policies are needed to insure there’s trust and governance and involvement from the key organizations that need to use the data.

    With regard to provider data where we really have a lot of experience, we have received support and guidance and, on a daily basis, are collaborating with the provider associations, for instance, the AMA, the AASP, the ACP, the MGMA. Without their involvement and support, we can’t garner that trust to integrate the data into the systems, so provider support from national associations, obviously individual organizations. Intermountain Health has been a big leader in that, and also state provider associations are going to be essential.

    Are there characteristics required for the governance and management of directory services? We do believe there are. Obviously there needs to be the umbrella of the NHIN as one of the biggest pieces to that, and then the ability to facilitate complex, multi-stakeholder, collaborative processes, adherence to open standards for interoperability, nonprofit status, commitment to transparency and inclusiveness, and a commitment to measuring data and an ongoing quality improvement program.

    We just recently did a study of the UPD to see the data accuracy, so there are, again, 800,000 physicians, 700 data elements per physician. Ninety-four percent of that data is accurate, and I think, as Surecripts mentioned in their testimony, it’s that 2% that gets us, so we are identifying ways to address the 6% that is not correct. But if we have policies and procedures from a governing body, we’re going to be able to do that much more easily. The last piece on the characteristics, the updating of the data frequently is going to be essential to build the trust and use of this.

    What are the institutional views for requirements about policies, technical and administrative tasks associated with managing the NHIN directory and the broader trust fabric? Obviously we’ve already talked about a bit as to what we see as the governance policies needed, the management policies needed, and then the crucial characteristics. Additionally, we had seen, for institutions to develop the trusted policies, technical and administrative tasks, there needs to be a proven track record by these entities, so if they’re a directory, and we’re going to have a federated approach, they have the trust of the community and have the multi-stakeholders at the community.

    Market leader and information that the individual organization provides, they need to be a market leader in the data that’s being managed in the directory. So if it’s provider data, if it’s health plan identifiers, there’s a whole range of directories that are needed that are market leaders in that area, well-established processes in creating and managing the information, and again, adherence to open standards and interoperability is going to be essential, and then evolution on market readiness so that there’s a phased approach that’s taken.

    We’re going to go through the optional issues. How might forms of credentialing and identity management be managed through directory services? We had seen identity management involving identity and contact information about the users or the organizations in the directory. At a more advanced level, as the NHIN is developing, it should involve security related to information such as roles and authorizations, and credentialing of professionals should be involved as well. We have held discussions with a number of organizations involved in identity management, including digital certificate management, and believe that certain directories that are out in the marketplace will obviously need to have authentication included in the directories, and there needs to be some national guidance and policies attached to those.

    The last question, what are the standards that must be addressed in order to achieve more effective use of directory services? The first answer we had here is technical standards, particularly Web services definition. Farzad mentioned at the beginning of the presentation that he had done – that the Internet is going to be the essential part of this, and we believe that as well, and so we need some Web based standards and policies to develop to the next level.

    There also needs to be strong federal support for these standards, so use of the standards across all the federal entities. The federal government is obviously pushing the HITECH Act forward and meaningful use and the state HIEs. And they’re going to be able to show through their different organizations the adoption of those standards, which will help the others in the industry to move ahead.

    For digital trust especially, there is a need for federal policies and regulations for it to get widespread acceptance and adoption of the digital certificates. Then just beyond the adoption of the standards and a use of the standards, the governance and the policy piece, we can’t emphasize enough because, if we do have a federated approach to the directory services, we’re going to need some governance and policy that really flows throughout all the organizations and that we follow. Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you very much. Let’s take a few questions. I’ll start you off. How do you currently deal with authentication? If I purport to be a physician, and I want to log on and fill out the 700 questions, how do you know it’s really me?

    Gwen Lohse – CAQH – Deputy Director

    That’s an excellent question. With credentialing, there are two sets. First, there’s the data collection piece, and we’re doing the data collection piece, and the physician is attesting to the data. Then the 550 organizations that are accessing the data are then verifying it on an individual level. So we have been approached by many of those 550, plus a number of states, to ask if we should do centralized verification, and that’s called primary source verification. Right now it’s occurring at an individual level. There are many private and public organizations that verify that data, and then every hospital verifies it differently. Sorin, would you like to add to that?

    Sorin David – CAQH – Director of Universal Provided Data Source

    Sure. There is an additional component that might help clarify this further. The process starts with an organization that’s participating, giving CAQH a list of the providers that it wants data on. That creates, if you will, the basis for the invitation to providers to participate. So already at the moment, as of today, it’s not open for any provider to just log in and say I am Sorin Davis, Cardiologist.

    There has to be something that initiates that invitation to the provider so that’s the first point. Then the providers are instructed to come to the UPD, and they authenticate themselves because we will have a series of data elements that are provided on them by the participating organizations, which they must answer in order to then be able to take possession of that initial record, so that they can begin to populate it on their own.

    Gwen Lohse – CAQH – Deputy Director

    To just add on that final piece, as the states are looking at the need to develop a provider directory, we have had some of the state organizations that are developing HIEs approach us to say, could UPD add in a credentialing process that moves more towards authentication. We’re absolutely looking at that. And, as I mentioned earlier, Core, our other initiative has a pilot underway with VeriSign that will involve a few different certificate authorities.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    A quick question from Wes, and then, unfortunately, Wes, and then I think we’ll have to move on to keep on schedule. We will submit questions, written questions to you as well.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    This 800,000, for those most part, those are somebody who somebody wanted to pay, right? So some payer went to you and said, "We’d like you to collect credentials on this." What’s your hit rate for you’ve already got the person in the database when somebody asks? I’m trying to get a sense of 800,000 is what percentage of the total number of possible people who want to get paid.

    Sorin David – CAQH – Director of Universal Provided Data Source

    That is one of the most difficult questions to answer because it’s difficult to get a baseline count of available practitioners out there. But if we were to use, for example, the FSMB, which will later testify, they publish for MDs and DOs the number of licensed and practicing physicians, in essence. Using that as the metric baseline for what’s available out there currently through the U.S., we’re servicing nearly 56% of all of them are using the system.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    So if that’s true, then you would expect that one out of every two … identify somebody they want to see, you would find you already have the data. Is that about the hit rate you’re finding?

    Sorin David – CAQH – Director of Universal Provided Data Source

    Yes.

    Gwen Lohse – CAQH – Deputy Director

    We do have data on a state-by-state level comparing what’s in the UPD to what the state reports, and we’re happy to share that with this working group.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Sure. Then the same question … do you keep track of the relationship between the individual provider person and the organization they work for?

    Sorin David – CAQH – Director of Universal Provided Data Source

    The individual providers are required to provide their primary practice location information, as well as additional practices. So they’re self-reporting and linking themselves to it. We don’t currently independently verify that those connections are correct.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you very much for your testimony.

    Sorin David – CAQH – Director of Universal Provided Data Source

    Thank you.

    Gwen Lohse – CAQH – Deputy Director

    Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Our next speakers are from Emdeon, Damien Creavin and Suzanne Powell. I will ask you to just say a sentence about yourself, but also so we make sure we have time for questions, if you could try to limit your comments to 15 minutes. Thank you.

    Damien Creavin – Emdeon – SVP & CIO

    I timed myself twice this morning and did it in 11 minutes and 36 seconds, so hopefully I can duplicate that now. Suzanne, do you want to introduce yourself?

    Suzanne Powell – Emdeon – Director of Government Affairs

    Good morning. I’m Suzanne Powell, and I’m Director of Government Affairs with Emdeon.

    Damien Creavin – Emdeon – SVP & CIO

    I’m Damien Creavin, and I’m the chief information officer at Emdeon. We took a little liberty in the way that we approached this. Rather than going after each question individually, we felt that we would look at it through a slightly different lens. And also, since we’re probably less well-known than some of our esteemed colleagues, we would sort of take the opportunity to tell you a little bit about ourselves, so hopefully you don’t mind.

    Good morning. My name is Damien Creavin, and I serve as the executive vice president of technology and chief information officer for Emdeon. We appreciate the opportunity to participate in this important forum, as you work to accelerate the development and expansion of the National Health Information Network. Emdeon understands the importance of establishing a strong, secure, and standards based infrastructure, and we look forward to discussing ways that Emdeon and other stakeholders in the private sector might be able to support you in these efforts.

    Given today’s focus on directory services, in my opening comments, I would like to provide some perspective on why this issue has become such a significant challenge and offer a high level assessment of the various models being considered to address it. I would also like to introduce the concept of the Emdeon Extranet, the culmination of over five years of work to transform Emdeon’s healthcare IT platform, which I have led since joining Emdeon in 2004. We believe this model can provide you with some important insights on how to accelerate innovation and information exchange.

    First, I would like to tell you a little bit about Emdeon and our role in connecting every facet of the U.S. healthcare system today. Emdeon is a health information intermediary that connects consumers, providers including pharmacies, and payers to facilitate financial, administrative and clinical health information exchange. We are the largest financial and administrative healthcare information exchange in the nation, and our clinical exchange volumes are growing dramatically with an annual run rate of 75 million e-prescriptions and 30 million orders and results. Through our recent acquisition of eRx Network, we will process over 1.9 billion transactions this year for more than 90% of the retail pharmacy sector. And, in total, we facilitate over five billion health information exchanges each year.

    Due to our footprint and 360-degree view of the industry, we understand the challenge the NHIN workgroup faces today, as you assess how best to onboard a massive and extremely diverse group of providers on a national scale. The stated goal of the NHIN is to establish or rather to enable the secure exchange of health information over the Internet. So the real question today is how do bring all of these providers onboard and manage their identities in what is still a free for all Internet.

    It’s clear that from both the participants in today’s meeting and the direction of your questions that you were interested in learning how the private sector might be able to support your efforts and address this important challenge. We do believe that companies like Emdeon, Surecripts, and others can collectively help to accelerate the onboarding of providers in a secure, standards based environment. Entities like ours can provide and/or support national directory of services based on a variety of models, as outlined in the questions posed for the meeting.

    For our part, we believe that the Emdeon Extranet could serve as one node in the NHIN that would provide robust connectivity and facilitate rapid deployment of the NHIN and, where appropriate, the connect gateway into the marketplace. Thus, we would like to make it available to the NHIN to accelerate these efforts. The Emdeon Extranet focuses the infrastructure provided by the Internet, that is, standards and specifications on top of network functions, and enhances contractual agreements to facilitate information exchange among all of the entities within our extensive footprint.

    Specifically, the Emdeon Extranet connects 155 million consumers, 500,000 physicians, 81,000 dentists, 55,000 pharmacies, 5,000 hospitals, and 1,200 payers. We also have over 600 channel partner relationships, which include practice management system vendors, hospital information system vendors, pharmacy system vendors and others. The secure, interoperable, and standards based network is vital to the daily function of the U.S. healthcare system. An illustration of the Extranet is actually included in our supplemental materials.

    We believe that the Emdeon Extranet can serve as a trusted broker for the NHIN and help to maximize the number of stakeholders that can get connected, minimize the time it takes to get them connected, and manage the risk for the federal government. We also believe that leveraging the Emdeon Extranet as a node, along with other private sector entities, could greatly reduce the cost of delivery to the marketplace and provide the critical mass necessary to power and sustain the NHIN for the long term. As we look at methods of deploying this into the marketplace, another area that we believe the Emdeon Extranet could serve support is distribution of the connect gateway to a significant portion of the total market. Emdeon can both use connect and distribute it. Stakeholders could connect, as they always do, using the tools they have in place, where the connect gateway enables to all points within the Emdeon Extranet.

    In fact, Emdeon has done extensive analysis of the connect technology stack. The connect stack is a direct fit with Emdeon’s strategic technology platform. We use a service-oriented architecture to build and deploy services on top of a robust network backbone. We use the Sun JCAPS technology stack to supply a range of capabilities. The connect stack uses the open source Sun equivalence to Emdeon’s enterprise license deployment. This compatibility and Emdeon’s depth of experience will make it significantly easier for Emdeon to support rapid deployment and adoption of connect where needed. Detailed specifications and architectural schematic have been provided in our supplemental materials.

    Now that you have an overview of Emdeon Extranet, I want to provide you with some specific information on how we handle provider authentication and authorization. These processes and our overall approach to onboarding stakeholders in the Emdeon Extranet will set the stage for our discussion of directory services. For the Emdeon Extranet, Emdeon certifies that providers can conduct electronic commerce in a secure, reliable, and consistent manner. Authentication functions are those in which Emdeon insures that the systematic communications are secure from point-to-point, occurring with an entity known to Emdeon that Emdeon has provided – and that entity has provided the proper authentication details in the form of user names, passwords, and digital certificates to verify that they are who they claim to be. Authorization functions are those that insure the entity has contracted with Emdeon to provide the service being requested, and that if the exchange requires communication with another Emdeon trading partner entity, that an agreement exists to share data with that entity.

    All payer and provider entity information is stored in a federation, relational data stores that are accessed via internal application servers implementing data access layers. But Emdeon’s Extranet directory services are not currently sold for providing authentication, authorization services outside of Emdeon. They are designed to be flexible and scaleable data models that allow any level of business associations to be prescribed that would support higher order business relationships, such as would be required to control specific point-to-point authorizations between payers, providers, vendors, and consumers. Emdeon also acts as a trusted third party, providing brokerage exchange services between two or more entities in which the requester has authenticated, authorization is verified and, additionally, authorization is verified that the requester is allowed to exchange data electronically with another entity also connected to Emdeon. This infrastructure gives us the flexibility to support a number of different directory models. A detailed discussion of the various models is included in the written materials.

    In either a centralized or decentralized model, directory services could satisfy a specific set of requirements including standards based access, service level agreements, authorization policies, and others. It would be both possible and feasible to expose enough payer, provider, or consumer information to a centralized directory that could be specified by NHIN to serve as a pointer to the Emdeon Extranet as a service provider associated with a given payer, provider, and consumer. If I might add, parenthetically, I think that this is probably one of the most key ideas in terms of what is the NHIN.

    The function of this directory would be to identify which nodes, such as the Emdeon Extranet or others like Surecripts, currently have relationships with the specific payer, provider, or consumer. Again, the Emdeon Extranet would become one of several nodes connecting stakeholders to the NHIN. Tying into a centralized public directory that supplies both authentication and authorization services is clearly technically feasible, but would require significant modification to not only the Emdeon services portfolio, but to every trading partner and provider that exchanges data with Emdeon.

    Finally, our understanding of at least one significant objective of this collaborative exchange of ideas is to identify ways to speed the adoption of NHIN, especially in light of current and upcoming industry initiatives and regulations. Thus, before I close, I would like to discuss the concept of convergence. Next year, we will see several major HIT initiatives and regulations converge, creating a perfect storm of sorts that will challenge payers and providers alike in managing capital investments, HIT infrastructure, and revenue drivers, both positive and negative. Healthcare reform, meaningful use, 5010, and ICD-10 will all lead to major changes in the marketplace. For some organizations, legacy systems may have to be consolidated and environments may have to be reengineered. In fact, I think that's a certainty. Thus, we would recommend that this convergence concept become part of the dialog, as you continue your evaluation of the opportunities and challenges for accelerating the NHIN.

    We encourage you to take a look at the illustration that we’ve provided that overlays the timelines and draw a box around the next one to two years. The ability of industry stakeholders to adapt to yet another process or infrastructure during this period will be very limited, suggesting the need to find the least disruptive approach to market deployment of the NHIN. We believe connecting to the Emdeon Extranet offers an advantage for the NHIN … indeed least disruptive to the industry in the context of this major convergence of HIT changes.

    In closing, I want to reiterate Emdeon’s willingness and commitment to make the Extranet available to NHIN to help you in driving innovation and adoption. We do believe strongly that Emdeon, along with others in the private sector, can help you to overcome some significant obstacles and, indeed, provide you with an approach for rapid deployment that is both cost effective and least disruptive. Furthermore, leveraging a robust, secure, and standards based network like the Emdeon Extranet that is proven and sustainable will help the federal government to establish the trust fabric that is such an important component of the development and success of the NHIN. Once again, we greatly appreciate the opportunity to participate in this important forum and look forward to a productive discussion. I would now be happy to answer any of your questions, and I think I actually did it better than 11 minutes and 36 seconds, so hopefully I didn’t do it too quickly.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    I’m sure there’ll be lots of questions. Christine, then Wes.

    Christine Bechtel - National Partnership for Women & Families – VP

    Christine Bechtel with the National Partnership for Women and Families, and you talked about consumers and data exchange of consumers. Can you just talk a little bit more about what you mean, what that looks like?

    Damien Creavin – Emdeon – SVP & CIO

    I’m sorry. I apologize. Can you repeat the question?

    Christine Bechtel - National Partnership for Women & Families – VP

    You mentioned that part of Emdeon’s work relates to data exchange with consumers. Can you talk more about that?


    Damien Creavin – Emdeon – SVP & CIO

    At the moment, our interaction with consumers is largely around payment between consumers and providers. That’s essentially it.

    Christine Bechtel - National Partnership for Women & Families – VP

    Is your platform such that it would be easy to facilitate clinical information sharing between providers and patients, potentially through whether it’s portal, platform, whatever?

    Damien Creavin – Emdeon – SVP & CIO

    Yes. In fact, actually the entire platform, as I mentioned, has been evolving over the past five years. One of the core design constraints in creating this platform was in fact to recognize the importance of all the stakeholders, whether they be providers, payers, consumers, or otherwise. In fact, today, through clinician, we are in fact exchanging, as I mentioned earlier, 30,000 lab orders, and we’re also doing 19 million e-prescriptions, so it’s another dimension of our engagement with consumers.

    Christine Bechtel - National Partnership for Women & Families – VP

    Then just the last question, do you by chance, as we start to think about – one of the questions that I think we’re asking today is about governance, and I’m thinking about what the need is for a consumer role in governance, broadly, but specifically to this area. Do you by chance, have you guys begun thinking about, you know, are there consumer reps on your board, other ways that consumers might be involved in looking at your data use agreements, contracts, and things like that? Is that something you have tackled?

    Damien Creavin – Emdeon – SVP & CIO

    We’re in the process right now of discussing that internally. We recognize that the consumer has been sort of the odd man out, at least from our perspective historically. We tried to think in terms of how best to serve the consumer and how best to have the consumer influence the way that our services evolve, but we’re right at the vanguard of that. I would be misrepresenting it to say that we have anything definitive. But clearly it’s a very important part of our mission.

    Christine Bechtel - National Partnership for Women & Families – VP

    Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Wes? John?

    John Blair – Tacanic IPA – President & CEO

    John Blair, Tacanic IP…. To follow on with Christine’s question, instead of provider to consumer or consumer to provider, provider to provider, you talked about your – I’m aware of your provider to health plan. That’s, I think, the lion share, or maybe not the lion share, but a big piece. Provider-to-provider, and you also spoke about channel relationships with vendors, so I’m curious about the specifics on your provider-to-provider clinical transactions.

    Damien Creavin – Emdeon – SVP & CIO

    Largely, our provider-to-provider transactions today are confined to our use of clinician in lab orders and hospital settings.

    Suzanne Powell – Emdeon – Director of Government Affairs

    That’s correct.

    Damien Creavin – Emdeon – SVP & CIO

    But it’s evolving dramatically.

    Suzanne Powell – Emdeon – Director of Government Affairs

    In fact, our clinician platform provides a very robust lab order entry capability that’s working very well within the provider community.

    John Blair – Tacanic IPA – President & CEO

    That's a platform. What about direct EHR vendor channels on that?

    Damien Creavin – Emdeon – SVP & CIO

    Also through the use of clinicians, our presentation of data for EHR consumption, but it’s all today presently centered around clinician.

    John Blair – Tacanic IPA – President & CEO

    Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Tony?

    Tony Trenkle – CMS – Director of OESS

    Yes, I just wanted to ask you about, you mentioned at the end there about the growth over the next several years, the challenges faced, and what are some of the lessons learned that you’ve seen so far that you can apply to, as HITECH and other types of implementations, create a greater need for directory services and different types of directory services?

    Damien Creavin – Emdeon – SVP & CIO

    That’s a really great question. As I listened to the other testimony, one thing that occurred to me is that it’s almost impossible to separate a discussion of directories from all of the support processes that go along with directory services. There was a question earlier about the accuracy of data and the frequency of hits to various databases. Depending on your point of view, we’re in the unenviable position.

    If our data is not accurate, transactions don’t flow. So we have to manage the accuracy of the relationships between a provider and payer, for example, on a daily basis, and we obsess over that. And when you think about, and I think that’s one of the key things to keep in mind when thinking about the larger context of NHIN in that the need to maintain accuracy and data so that commerce can flow will, if anything, grow dramatically. That could potentially represent an enormous burden on the federal government to the extent that you define NHIN to be a certain way.

    That’s why we strongly believe that co-opting the private sector into this so that they can bring, whether it’s Emdeon or other private sector contributors, can bring the experience they’ve had in managing stuff on a day-to-day basis and exposing it. For example, we have, in our authorization and authentication process today, we have this very tight relationship, for example, between provider and payer that’s contractually governed. It also requires the presentation of the typical level of demographic data, etc.

    We could potentially expose that data to an NHIN sort of – to a thin NHIN layer so that to the extent that someone sought a service for a particular provider, or sought a relationship with a particular payer, that thin layer in NHIN could point to this directory structure and get at that information very quickly. The beauty of that is that you obviously get the advantage of speed. But perhaps more important, you get the advantage of the day-to-day management of that situation because it is a very, very complex situation that changes every day, and so I think that’s probably – there are other lessons, but if I had to point to one, I would say that it by far the most important lesson to be learned that managing this thing, you can’t separate directories from the support services, and managing those support services should not be underestimated. The question is what’s the best role of NHIN to play in that context? I think our view is that NHIN can be a layer that interacts with that and that NHIN should capitalize on the capabilities of the private sector to manage that stuff on a day-to-day basis.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Just so I understand, the suggestion might be that if there were an authoritative directory, that there would be a synching up between the payer/provider information between your internal Extranet directories and the centralized directory so that the pointer would be there to say, if you’re looking for Dr. Jones to do this kind of service with, our network handles that. Just send it along to us.

    Damien Creavin – Emdeon – SVP & CIO

    That’s correct, and the burden of insuring that that data is accurate falls to us, so it changes the nature of the synchronization process. To the extent of that synchronization occurs every day or every hour, you could be assured that that point in time that the data is accurate. And I think that’s a very important notion in the sea of complexity, and I dare say that others of our peers in the private sector are likely capable of doing the same thing.

    Tony Trenkle – CMS – Director of OESS

    So there’s redundancy between what you have and what, say, Surecripts might have, then how would that be worked out in a model with an overarching directory?

    Damien Creavin – Emdeon – SVP & CIO

    I think, actually, if I could reframe that a little bit, to the extent that there’s either redundancy or there are gaps, the synchronization through the connection with NHIN can be managed so that effectively NHIN will always prevent this complete picture of the state of things because it’s silly to think that any one company can deliver every service, or any one company can satisfy every need. So a vital role for NHIN might be to bring these two things, these end things together to make sure that, I think, more importantly, the gaps are closed, and that the redundancy or the duplication is recognized and eliminated.

    Tony Trenkle – CMS – Director of OESS

    Yes. I guess I was thinking at it more from a cost model. If you’re being used as one of the directories that NHIN would rely on to do directory of services at a more granular level, and there were others, I mean, how would that play out?

    Damien Creavin – Emdeon – SVP & CIO

    I think the advantage to NHIN in that regard is that we’re committed, as I’m sure are other peer companies in the private sector, to driving down the overall costs of delivery of healthcare, whether it’s clinical or administrative. So to the extent that we’re successful in that undertaking, NHIN benefits directly as a result of that. So I think that’s another very strong reason why co-option of the private sector in this makes so much sense. I obviously can’t speak with, I know that I can speak with conviction on Emdeon’s commitment to drive down the cost of healthcare, and I’m making the assumption that that is the mission of others in the peer group. So the collection of those groups together should see the lowest possible cost to provide the range of services that we’re talking about to NHIN.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    With that, we’ll move on. Thank you very much. You will be receiving, again, questions from us as well.

    Suzanne Powell – Emdeon – Director of Government Affairs

    Thank you.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Jim Borland from the Social Security Administration is next.

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Good morning. I’m Jim Borland, Special Advisor for Health IT at the Social Security Administration. I’m joined this morning by two of our technical experts in provider directories, Marty Prahl Shanks Kahndi. I’m pleased to be here to provide testimony on SSA’s current practice of using agency created federal and state vendor files to identify and request medical evidence from provider sources, as well as its future vision and support for the creation of a single, authoritative directory of providers and medical records.

    SSA is the nation’s largest single provider of long-term disability insurance. Currently, SSA’s two federal programs provide roughly $15 billion monthly in cash benefits, which are based on the presence of a disability to almost 15 million beneficiaries. A roughly comparable amount of benefits, Medicare and Medicaid, are paid to these same beneficiaries or are provided to these same beneficiaries, which flow to healthcare providers in the form of reimbursements for Medicare and Medicaid services.

    To determine the eligibility of almost three million disability applicants who apply for benefits each year, SSA must obtain and review relevant medical records. In connection with that review, we make more than 15 million patient authorized requests to the nation’s 500,000 doctors, clinics, hospitals and other treating sources. We’re also proud to say that with our partner, Med Virginia, we are among the first to use the Nationwide Health Information Network to securely request and receive medical records. The availability of NIN means that our medical records requests, which typically require weeks or sometimes even months to fulfill, are responded to by participating clinicians of the Med Virginia network in seconds. The results of this use of health IT are incontrovertible. Where health IT gathered medical records are present, our average case processing times for disability benefits are cut by almost half.

    The use of health IT to gather medical records is groundbreaking, but it’s not without its challenges. Today, we use a homegrown, national provider directory that we call the source reference file. It’s a conglomeration of 54 state vendor files. It’s used for purposes as diverse as records requests and records payments. It is updated at both the state and the federal levels. Because of this, it contains duplicates, aliases, misspellings, incomplete and out of date information. It is not the thing we do best.

    Clinical exchange or exchange of a robust clinical summary, we do very well with our exchange partners. We don’t do directory services very well. For example, in the case of Beth Israel Deaconess Medical Center where we have four facilities that use health IT to share records with us, our source reference file contains over 1,200 entries. We’ve cross-referenced these entries to the electronic health record endpoint for BIDMC, but it’s a manual process that has to be constantly monitored. As we move forward to expand the use of health IT to gather medical records, we recognize that that model is unsustainable.

    About a year ago, we began work on a national provider directory to support both our health IT efforts and our planned consolidation of 54 state disability determination services systems into a single, national system that we call the disability case processing system. Among the foundational requirements for the national provider directory are standard identification information for all of the nation’s clinical professionals, something we’ve certainly heard this morning, not only the location where care is provided, but where the medical records that are associated with that instance of care are stored. If we can reach the provider, that’s fine, but if we can’t get to the provider’s records, whether they be electronic or paper, then we cannot gather the information that we need.

    In addition, I want to talk for just a moment about our electronic records express project. It is a secure, electronic – it’s an Internet site that provides for the secure, electronic exchange of essentially digital paper. It allows providers to fax us information and allows us to receive and store that digital paper in our electronic disability folder. It’s been very successful, and providers have adopted it very readily. But it does not provide the efficiencies that a structured data record would provide.

    You can see that our requirements are far from unique. Both SSA as well as the other NHIN participants have a common need for an authoritative directory of providers to facilitate interoperability and to support electronic communications and data exchange. The objective is to be able to easily identify providers and determine whether they are participants on the NIN. For NIN participants, the directory should identify clinical relationships and affiliations, and provide addressable, electronic endpoints for the request of medical evidence. For non-participants, we will know, and any clinician will know to trigger a request for medical records in a manner other than through our health IT system, by mail or fax for example.

    The value proposition of a unified registry is not unique to SSA. With the increased focus on health IT and adoption of electronic health records, there becomes a clear need for an authoritative means of identifying healthcare providers and understanding their relationships. To that end, SSA recently submitted a proposal to the integrating the healthcare enterprise committee in order to raise interest among the IHE members and in an attempt to gain partnership in pursuance of a provider registry. The cornerstone of that proposal was a common lookup interface, a 411 for healthcare providers.

    We look forward to working collaboratively with this working group and with other stakeholders to define the requirements for a provider registry. We also understand that we are in a unique position to help frame these requirements. As the first federal agency to participate in the live exchange of medical information through the NHIN and with our planned expansion efforts in 2010, we might serve and offer you a test bed for the electronic exchange facilitated by an authoritative provider registry. And certainly we’re in discussions with ONC to determine if and how we might best assist.

    I want to thank you for the opportunity to testify today. I’m certainly going to welcome your questions. But before I do, I want to give you a little bit of my reaction to what we heard this morning.

    The fact is that, as I mentioned earlier, exchanging robust clinical data sets with known partners is our strength. Identifying unknown sources using an authoritative source directory is a critical need, one that we’re committed to working with the ONC and the working group to fulfill. To that end or at this point, I will open up to committee members’ questions. I think we’ve tried, in our statement, to answer as many of the questions as we could that were posed by the working group, but certainly welcome any followups.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you very much. Questions from the workgroup members? Arien?

    Arien Malec – RelayHealth – VP, Product Management

    Thank you very much, Jim, for your testimony. It’s kind of fun to be on both sides of the committee. First an observation, and then a question. The observation is I think you’ve again expressed something that I think pretty much everybody who has testified has expressed, which is that it’s hard to separate the operations of maintaining a directory with the directory itself, that the two are kind of tied at the hip. Since you and your agency do both administrative and clinical transactions, I’m wondering if you can comment on the similarities or differences between directories for administrative transactions and directories for clinical transactions.

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Yes. What I’d like to do is give you kind of my high level perspective and then invite Marty to Shanks to comment. There certainly is a significant difference, and if it didn’t come out in our statement, I want to make it clear that, yes, we both request and receive clinical data from providers, but SSA, unlike others, is in a position where we pay for those records. We’re required by law to provide a reasonable reimbursement to the provider for the medical records that they send us. Currently that payment is roughly $15 on a national average basis, although there is a range between currently that rate as set by states, so we are processing those administrative, what we call fiscal transactions, using the same directory as we use to request and receive clinical information.

    Marty Prahl – SSA – Lead Contracted Health IT Architect

    One of the challenges we have, as far as what Jim had indicated on, as far as the different permutations that we look up, we have claimants, patients coming in that essentially know where they were treated. What we have to do is resolve that to where we get medical information, so there may be actual multiple treating locations. They know various alias names. They know various provider names in that, and we’re trying to resolve that where we ultimately pull clinical information from.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you. I don’t know, Tony, if you have to leave soon, but let me ask Tony Trenkle from CMS, as another federal agency who is going to be doing administrative transactions, about the needs of CMS for the unique provider directory.

    Tony Trenkle – CMS – Director of OESS

    We already do a lot of administrative transactions, Farzad. We pay a few bills each year. But in terms of HITECH, I think that brings some unique challenges to CMS because we’re going to be basically administering incentive payments for three separate programs: the Medicare fee for service, the Medicare Advantage, and the Medicaid program, although the payments will be made by the states on that. We still need that, but from a directory standpoint, we’re going to need a lot of basic services, as well as more expanded services.

    Of course, the first one is determining program eligibility is going to be a big one for us. Secondly, insuring accurate payments. The third would be avoiding duplication of payments across programs because we have a number of differences in the programs and how they’re managed, and we also have a number of programs already where we pay incentives. One in particular, the e-prescribing incentive program for Medicare fee for services. Providers who get that payment under MIPA will not be eligible for a payment under the EHR incentive programs.

    And we need provider directory also in working with the states. The states are going to be a key part of this effort with us. We need to exchange a lot of information with them. Obviously here at the CAQH, a number of states are already working with them. We’re going to be working closely with the states in terms of what we think they would need for basic information, and that they would need to send to us, and also what they would need in terms of maintaining the program, as well as, of course, the unique needs they would have as well.

    Then, of course, when the payment time begins, providers will be sending in information to us saying how they met the meaningful use criteria, so there’ll be a need for the directory to check that, so there’s a variety of things in the short-term. In the longer-term, we had the Medicare penalties that kick in for providers who are not Medicare fee for service, but will not meet the meaningful use criteria. We also have quality data that will be coming in as part of the meaningful use criteria, eventually through EHRs, so we have a multitude of things to be looking at, and we’re already looking at, as we begin developing this program, but the need for a directory at a national level, as well as what we have to do as an agency is something, I think, that’s critical. And certainly a lot of the testimony today has discussed some of the challenges of that, but there’s certainly a requirement, and it will only grow as HITECH continues to develop and healthcare reform and other types of initiatives come about over the next several years.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you, Tony. Questions from the workgroup members for either Social Security, or I’ll put Tony on the spot also.

    M

    A question: Who is the source of the state vendor files? Who manufacturers those?

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Sure. The state vendor files are produced by the state disability determination services. These are state agencies that, through agreements with Social Security, make our medical disability decisions or determinations on behalf of the individuals that file claims for disability benefits. It’s a legislatively mandated separation of duties to insure independence.

    Tony Trenkle – CMS – Director of OESS

    Just to get back to my area, as well as SSA, one of the problems we face as government agencies, as we develop directories of our own to meet very specific business requirements, and obviously we have what we call the PACO system for Medicare fee for service, so we’ve got these directories that meet our needs, may meet some of your needs, but don’t necessarily meet all of your needs, which creates a problem because you then begin to have these dozens of homegrown directories that are very program or business requirement specific.

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Yes, Tony. Let me comment on that. I mean, that is, I think why we’re here today is to look at how we integrate through some sort of a national directory service, the different varying requirements of not only government agencies, but providers, payers. And I don’t think that those requirements have to be all incorporated in a national solution. I think that’s the beauty of it is that we can all have our own requirements. We can each, in fact, have our own directories, but they must be linked together. They must be interoperable so that we can take advantage, not only of our data, but other common data that’s available across systems.

    Tony Trenkle – CMS – Director of OESS

    Exactly. I’d totally agree with that. We’re always going to have program and business specific requirements. But it’s that overlaying layer that we need to develop consistency across. I’m sorry, Marty. You wanted to add something?

    Marty Prahl – SSA – Lead Contracted Health IT Architect

    Yes, Tony. One of the things that Jim had mentioned is that, earlier this year, we put a proposal to IHE to standardize the interoperability specification for retrieval of information, but the administrative side of the administration, not what the repositories looked like, not what the directory service looks like itself, but how you interoperate between them, so essentially trying to set not only a national standard, but an international standard with HIE. We look to this work for others to collaborate in this way, looking at what the interoperability looks like, but also what the content and information as far as in the directory services would exchange at that point.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    We have the last question to Wes.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    Just netting out all the testimony we’ve had this morning, I think we’ve heard that getting the information is hard. Keeping it up to date is harder. That if the physician thinks they might get paid by providing the information, it’s easier to get it. And if you stop paying them if the information is bad, then it’s really easy to get it. And I would say that I don’t know how many times we have to learn the same lesson, but my concern is that it leaves us with a set of data that’s accurate, as accurate as the payment stream, but we need somehow to look at how to extend that to people who are clinically active and interacting, but don’t depend on the payment stream to be reminded to update their information.

    In regards to your work with Med Virginia, I just want to clarify. Do you generally seek anyone who has information on this patient, or do you go to the physician that the patient identified as having their information?

    Jim Borland – SSA – Special Advisor for Health IT, Office of the Commissioner

    Wes, we’re required. Because SSA is not a HIPAA covered entity, we are required to obtain the patient or the applicant’s authorization to request medical evidence to support their disability claim, so we will go after medical records from a named provider. We also, though, have the legislative responsibility to fully develop the medical record for an applicant so that if we discover additional sources of medical evidence, we may pursue those, but I think your specific question is in our work with Med Virginia. We request the information from a known named provider through the Med Virginia gateway.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    So some time in the future, you’ve got the legal authority. You could create a program to do a query against a database of patients, but that’s not your current level of operation….

    Marty Prahl – SSA – Lead Contracted Health IT Architect
    What we do today is we actually get the claimant information, the patient information. We get that list of providers that Jim had indicated. We run that against our source reference file and essentially identify whether this is one of our NHIN participants or whatever type of endpoint they would be interoperating with. That gets directed into the NHIN today to the Med Virginia gateway. Where we’re leveraging this further is we’d like to be able to show that association between the Med Virginia gateway and those facilities underneath: Richmond Memorial, St. Mary’s, Sheltering Arms, and so forth, to actually narrow the request down to only that specific organization, and then leverage the patient demographics that we have provided in that query to narrow it down to that specific patient. So we’re really looking at directed requests in that domain.

    The other thing that we see in the directory services is that the directory services become an identification feature for identifying facilities providers, and this becomes a key join point for consumer preferences, patient authorizations, and consents out there where that becomes an intersection point in this domain. So looking at not only we’re a pull facility that we’re going and making requests from facilities, but in a very directed manner. As far as when we start to leverage directory services from other perspectives with authorizations, consents, and preferences in this domain, this can be a location services for consumers looking at that same information to indicate who they will permit information sharing between.



    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you so much, Jim, Shanks, and Marty. Thank you. Our next speakers, and I think we’re pretty – five minutes late, but we’ll give you five minutes are from the Federation of State Medical Boards, Martin Crane and Humayun Chaudhry.

    David Lansky – Pacific Business Group on Health – President & CEO

    Farzad, it’s David. I just want to let you know that I may have to step off during this next presentation, so thanks to everybody for their help today.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Thank you, David.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Good afternoon. My name is Dr. Martin Crane, Chair of the Board of Directors of the Federation of State Medical Boards, and joining me today is Humayun Chaudhry, the Federation’s president and chief executive officer. I appreciate the opportunity to be with you today and to provide you with a brief overview of the Federation’s rich history of collecting, managing, and reporting data used in medical licensing and physician credentialing, and other venues.

    The Federation of State Medical Boards is a national, nonprofit organization whose members are the 70 state medical licensing and disciplinary boards of the United States and its territories. Since its beginning in 1912, the Federation has worked to develop what today serves as the leading and most comprehensive, verified, central repository of U.S. physician and physician assistant licensing and credentialing information.

    At the core of our physician data collection and management processes are the physician data center, the PDC, as we refer to it, and the Federation’s Credential Verification Service or the FCVS. Both the Physician Data Center and the FCVS require the ongoing management and updating of complex data sets, data storage and information sharing systems.

    The Physician Data Center receives data directly from a wide ranging web of organizations throughout the United States, including state medical boards, the Department of Defense, the Department of Health and Human Services, the Educational Commission for Foreign Medical Education Graduates and the United States Medical Licensing Examination and the Drug Enforcement Administration and International Medical Licensing Authorities. The data collected for this center includes provider specific information on MDs, DOs and physician assistants. With more than 1.0 million; there’s actually 1.15 million; records this nationally consolidated data bank of the U.S. health providers is used to supply state medical boards and healthcare credentialing entities, such as hospitals, payers, government agencies, certifying organizations and the public with crucial information about physicians and physician assistants, including disciplinary, licensing and biographical details. This information is also available to the public, the consumer via the Internet.

    In addition to the Physician Data Center, the Federation established the Credentials Verification Service in September of 1996 to provide centralized, uniform process for state medical boards to obtain verified primary source records of physician’s core medical credentials. This service is designed to streamline the credentialing process and reduce the workload. The system creates a more efficient process for physicians, who need their credentials primary source verified for the institutions, which are reviewing and utilizing these credentials. Time is saved and duplication reduced by our system, which efficiently gathers, verifies and permanently stores the physicians’ and/or physician assistant’s credentials in a central and secure repository at the Federation’s offices in Euless, Texas. Having all of the work done and the systems used within the United States provides the advantage of secure, available data at times of state and national emergency and reduces national security issues. Our familiarity with statutory, licensing and credential requirements creates even a more effective and efficient system.

    FCVS obtains primary source verification of medical education, post graduate training, examination history, board action history, board certification and identity. This repository of information allows a physician and/or physician assistant to establish a confidential, lifetime, professional portfolio that is continuously maintained and updated by the Federation in a secure environment and which can be forwarded at the physician’s request, to any state medical board, hospital, healthcare or any other entity that has established an agreement with FCVS. Since its inception FCVS has provided in excess of 100,000 portfolios and continues to grow in size and sophistication.

    As part of its ongoing commitment to the highest and most current standards of information technology, the Federation recently began a major investment in technology design to significantly enhance its capabilities for verifying physicians’ credentials through FCVS, which is expected to help pave the way for a new era of more efficient and streamlined medical licensure and credential verification in other venues. In the near future we will have the secure physician directed capability to tease out specific verified data sets that can be electronically and, obviously, instantaneously transferred to hospitals, to healthcare plan networks and other organizations in need of this credentialing information. This will provide the entire healthcare system, including physicians, with an efficiency on a grand scale. In addition to current credentialing elements we are constructing a future system that could expand data elements and also accommodate performance data in an initiative to pay attention to healthcare quality, patient safety and physician practice improvement.

    The Federation’s FCVS is aligned with the organization’s strategic vision evolving all of these data processes and capabilities to remain at the leading edge of information technology and technology information transfer. We see ourselves as a centralized and comprehensive resource of robust and verified information for physician and other healthcare provider credentialing, regulation and health policy development and implementation.

    In addition to these efforts the Federation is working with state medical boards and other partners to improve license portability through improved data retrieval and storage transfer processes. With improved license portability physicians’ credentials can be more expeditiously reviewed and license granted to allow them to practice in multiple states. As telemedicine grows, as physicians become more mobile in their careers and as access demands increase more physicians will likely be faced with this issue.

    The credentialing process can be complex, but we have begun to develop a process to simplify this. We have combined our FCVS credentialing service with a more standardized licensing procedure, the Uniform Application for Physician State Licensure that seeks to unify elements of licensure from state to state. The Uniform Application stores physician data so that a physician may reuse this information if they decide to apply for licensure in additional states. This process has been developed in close coordination with the nation’s state medical board and recognizes the varying needs and conditions for medical practice in each state. The Uniform Application is currently being used or implemented in 24 states, helping to streamline and standardize the licensing process while maintaining state medical board autonomy. More states are expected on board soon.

    Through these and other activities the Federation serves as a key information and data hub in a complex medical regulatory and credentialing system. We are committed to following a path that enhances our capabilities and ensures the highest standards of data and process integrity. Since our inception nearly 100 years ago the secure exchange of verified information has been one of the core pillars of the Federation’s mandate and we remain pledged to it and pledged to work with all to improve it. With our experience in physician information systems and a historical focus on secure data collection and transmission we believe the Federation can serve as a resource to NHIN as it helps move forward a national effort to organize and incorporate a creative health information strategy and infrastructure. We look forward to collaborating as a partner in this effort, which we believe is vitally important to the nation’s healthcare future.

    We appreciate this opportunity to participate in this important discussion and look forward to assisting the Committee in any way we can. We have submitted written submission to NHIN Workgroup’s questions and stand ready to expand on these answers as you see fit. Dr. Chaudry would like to comment specifically on one of the questions and we would be happy then to address any questions that you may have at this time. Thank you for this opportunity to testify.

    Humayun Chaudhry – Federation State Medical Boards – President & CEO

    Thank you, Dr. Crane. Good afternoon, everyone. I wanted to address one of the questions that was asked of those giving testimony. The question was if there were authoritative directories of providers would other institutions integrate such directory services into their current or future business relationships.

    I think it’s an important question and I think all of us in this room feel, many of us feel that there is a way to move forward on that, but there is an important caveat and that is that one of the things we found as we talk about data exchange, perception can sometimes become reality. The more that we can do a workgroup and working with our partners in this room to limit that perception the better it will be, because while we’re all talking about health information technology, it is also true that businesses are in the business of business. With that said, I think it’s important to try to limit that perception as best we can. It does facilitate getting back to what Farzad said about sophisticated means of information exchange.

    As far as the Federation is concerned, our goals have always been, for nearly a century, supporting quality healthcare through medical licensure and also protecting the public. That is something that is an important mission that resonates with physicians and other providers, who work with us, including state medical boards, for a very simple reason. For instance, if a physician were to have a board of action at any given jurisdiction that information is shared with us instantaneously, pretty much within a day. We share that within 24 hours through an electronic process that we have set up called the Disciplinary Alert Service with all 50 states, all 70 member boards, as well as the 10 providences of Canada. So we do what we can in terms of our resources to facilitate data exchange, but I agree that there are many other additional opportunities. Thank you.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    One comment: Sitting here also today it was an observation that we all bring to the table various domains. I’m not sure if it is trying to amalgamate, like an ... to all of the domains rather than to network and integrate each of what we do best.

    Also, with respect to a question that came about in so far as consumers, although we have detailed specific information, information technology, it is our organizational culture, our mandate from and our mission to the consumer and the public that makes us operate, so we are significantly aware of that part of our responsibility.



    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Let me thank you so much. Let me start off by asking whether your provider database, Provider Data Center is currently available to any other organizations to help with the uniquely identifying physicians and enabling transactions that they perform.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Farzad, there are parts of that data system in the Physician Data Center that are not only available to other organizations, but are available directly to the public on every provider. So you really have the comprehensive, authoritative directory of all licensed professionals in these classes -

    M

    752,235 active physicians, who are practicing in the country. Yes.

    M

    Their names are publicly available for anybody to download ...

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    There are certain data sets that are available to the public. Yes. Location, board action taken, etc, for those physicians that are available to the public for a nominal fee and they’re also available to other organizations that we have contracted with. That’s in our PDC.

    With respect to our FCVS, that is transferred back and forth to specific organizations that are engaged in the verification service, but we hope in the future with our enhanced system to be able to expand upon fields that we feel are necessary to implement ... healthcare and healthcare policy and we are looking into the feasibility of making those available also.

    Humayun Chaudhry – Federation State Medical Boards – President & CEO

    If I could, I would add that that data includes the number of states and which states that a particular provider has a license in. One of the trends we’ve seen over the last several years has certainly been with telemedicine, a number of physicians seeking medical licenses beyond their local or regional jurisdiction.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    A simple set, Farzad, is a set of data that was utilized during the Katrina emergency where a physician’s location and specialty and the status of their licensure became extremely useful during that emergency. We had that data. We were willing to share that data.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Really, the source of your data is the 70 kind of core holders of truth. You do take what they give you. You don’t ask the physicians to come and change it on your site. Do those go through the state medical boards or do they, if there are updates or so forth, they get done directly with you or with the state medical boards and then transmitted?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    The major source of our data comes from the state medical boards. It is, therefore, primary source verified and it is accurate, it is robust data. A physician, through the credential verification service that we have, is also able to add to that data, but that data that is added is not only physician directed. Every bit of that data has to be verified before it goes into our system.

    M

    Arien.

    Arien Malec – RelayHealth – VP, Product Management

    Thank you. I’ve got, actually, two questions. I assume that the data that you have is accurate with respect to licensure. That’s your primary purpose. Can you comment on place practice or clinical practice? A physician, who practices in multiple locations, I’m assuming you have one record and that the place of practice information is less reliable, but I’m just making an assumption there.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    It depends on how you define place of practice. As I indicated, we would know instantaneously when they achieve medical licensure in any particular jurisdiction. We would get that information pretty much instantaneously.

    Arien Malec – RelayHealth – VP, Product Management

    The license to practice you mean?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    As far as specifics of practice addresses, our database does enable a means by which we could have multiple addresses and many people do furnish multiple addresses, but they may not necessarily reflect every single practice location, but certainly, by jurisdiction we have that information.

    Arien Malec – RelayHealth – VP, Product Management

    I assume your source verification is primarily about the physician and their state license to practice, as opposed to place of practice.

    M

    No. The source verification goes beyond physicians. That would just be physician reported data. The primary source verification has to be by other additional sources beyond the physician.

    One respect you asked about the data, for instance, in the Physician Data Center. There is biographical information, their name, their date of birth, their Social Security number, their schools and graduation, the gender of the physician. Also included would be address, phone number, e-mail addresses, etc. They are all verified. License status. Any specialty certification. That’s for that. FCVS contains additional information.

    Arien Malec – RelayHealth – VP, Product Management

    Then the second question: I am struck by the omission of NPs on the list. You do MDs, DOs and PAs.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Excuse me. I didn’t ...

    Arien Malec – RelayHealth – VP, Product Management

    So you do MDs, DOs and PAs, but not NPs?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Yes. We do not. We do MDs, DOs and physician assistants.

    Arien Malec – RelayHealth – VP, Product Management

    Okay. Thank you.


    M

    Just a follow-up to Arien’s question, the first question: You do get all information about place of practice and even multiple places of practice, but typically, if re-licensing only happens every three years you probably only get it every time they have to re-license unless someone was motivated enough to come and update it. How often does that happen?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    That occurs immediately. Every state medical board, every jurisdiction has a statute that says that a physician, when they change their location, has to notify that state medical board within 30 days. That is then reported to us. License cycles range anywhere from two to three years also, but that information comes in. It is put into our system and it is available immediately.

    Humayun Chaudhry – Federation State Medical Boards – President & CEO

    I’m sorry, Martin. Just to clarify, many state medical boards require the provider to give the contact, the best contact address for them, which might be their home address, not necessarily the practice location.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Right. I’d like to say in answer to two questions, the first question had to do with the NPs, etc.: We feel that in the future, now that we’re enhancing the system, that it will be expandable to other types of providers, beyond physicians, because we think that there is a place for that in healthcare and the team approach to healthcare.

    Farzad, part of what we have learned is the field and data sets that we need as we have gone on are uniform application and license renewal processes. We are now asking states to expand the application to include those other fields so specifically we know where a physician is practicing at that particular time.

    Another field that we have asked is obviously when you’re looking at workforce data, which we would like to be able to have the most comprehensive information for that, is are you working. How many hours are you working? Where are you working those hours, etc.? You might be in an office seeing patients. You might be doing non-clinical work. You might be teaching. So we’re now introducing the concept with our state medical boards of including in the license renewal those fields so that we can access, because we believe that that information is going to be absolutely essential to making accurate healthcare policy in the future and believe that there has been some dissidence of the data that has been hard to agree.

    M

    Christine, last question.

    Christine Bechtel - National Partnership for Women & Families – VP

    Dr. Chaudry, you started to address some of what my question is in your comments. It’s related to disciplinary action. Can you talk more to what happens once a disciplinary board action has been taken? I mean, I assume it’s state law that dictates that you all get notified. When you redistribute that information back out, I think you said within 24 hours, to everybody and everybody else, how is it redistributed? In other words, is this sort of the same kind of update that they may be accustomed to getting or is this more of an alert, “This is really important. Pay attention to this. Download it immediately.”? Can you talk more about your process?

    Humayun Chaudhry – Federation State Medical Boards – President & CEO

    Sure. Actually, I’m going to defer to Dr. Crane, who actually served for a number of years on the Massachusetts Medical Board in terms of the ways in which the state medical boards interact with the Federation.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Sure. When a disciplinary action is taken that is reported not only immediately to the physician/practitioner’s data bank by a state medical board and is accessible there by other organizations, but it is reported to the Federation of State Medical Boards. As soon as that comes in, and this is an action that has actually been taken, we are able to integrate that into our system and immediately disseminate it to all 70 of our jurisdictions.

    There are 70 jurisdictions, by the way, instead of just 50, because there are allopathic or MD boards, osteopathic or DO boards, etc. and composite boards.

    Christine Bechtel - National Partnership for Women & Families – VP

    So you push the information out to your boards ...

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Absolutely. Yes.

    Christine Bechtel - National Partnership for Women & Families – VP

    But do they need to take an action to update their own directories or however they’re using that?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Each individual jurisdiction does get that information immediately and then they integrate it into their system, so if there is a physician, for instance, who practices in Kansas and Nebraska and the action was taken in Nebraska, Kansas would know about that the very next day.

    Humayun Chaudhry – Federation State Medical Boards – President & CEO

    I’ll mention that this is quite an important resource if you think about it, because some decades ago if you had a board action, whether it was revocation or suspension of your license, in theory you could just go across the border to another state and apply for licensure and the other state board would not necessarily know about it if you didn’t report it if you were applying for that licensure. One of the ways in which we were able to get all state medical boards on board with this disciplinary alert service was the value that it provided in helping assure that there was protection of the public in terms of licensure and discipline.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    That’s also, what you just were talking about, that is one of the data sets that is available to the public when the public calls us.

    M

    Okay. Wes has the last question.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    So Dr. Jones gets in trouble here and goes across the river and registers again. How do you know it’s the same Dr. Jones?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    We have fairly robust authentication processes in place, depending upon whether we’re talking about our Federation’s Credential Verification Service or just broadly in terms of licensure. This includes Social Security numbers, passports.

    Usually when a physician, whether they’re an international medical graduate or a U.S. medical graduate, we’ll have a long history of continuing medical education data that is typically part of their profile, if you will. In the realm of undergraduate medical education, for instance, whenever they take their U.S. MLE examination there is a unique identifier for taking that examination. That is linked up with their graduate medical education data and ultimately with their licensure data, so all of these things are linked together so that the data is clean and represents one individual.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    So you do that linkage?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Yes.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    You take data from various states and do linkage.

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    Yes.

    Wes Rishel – Gartner, Inc. – Vice President & Distinguished Analyst

    And then when Dr. Jones goes across the river then there is now this new entity in the state across the river that’s never been there before. You get that from them and you link it up and you say, “Oh, we know this guy.” I mean just not every state has every physician in the country in their state licensing database, right?

    Martin Crane – Federation State Medical Boards – Chairman of the Board

    One of the things: Most states obviously, just to come back to your question, have integrated into their identification system a picture. If you take out your license or somebody has a license, most jurisdictions will have a picture, but when Dr. Jones goes across the river not only does the other state query the Federation, but they have, because the other state has individual and independent authority to make their licensure and they don’t accept ordinarily the other state’s licensure, they make their own licensing verification of Dr. Jones and query every other state and query through us with respect to Dr. Jones’ identity.

    M

    Thank you so much for your testimony. Again, we will be sending you some additional questions. Thank you so much, everybody. If I could ask for recognition of all of our speakers before we move on to the public comment?

    W

    Members of the audience, if you care to make a public comment, please queue up to the microphone in the aisle and anybody on the telephone that cares to make a comment, if you’re already dialed in, just press *1 to speak or if you need to dial in, if you’re on the Web, dial 1-877-709-8152. We’ll take the gentleman at the front of the queue. Please state your name and organization and you have three minutes.

    Jon Schoonmaker – SAFE BioPharma Association

    Thank you very much. Good afternoon, everyone. I’m Jon Schoonmaker. I’m with The SAFE BioPharma Association. This is a not-for-profit group that has built and maintained a digital identity and signature standard for both, the biopharmaceutical community and the healthcare communities. We’re also a non-voting member of the Federal PKI Policy Authority and participate in that organization as a cross-certified issuer.

    All I’d like to do today is very briefly offer a supplemental approach to much of this around direct restructures and that is to expand on the commentary around an identity management structure. We obviously do identity management. We do certificates in many forms and we do that tightly aligned with the current federal government and the Federal PKI Policy Authority. By adding an identity management structure and corresponding or aligning that with certain types of information, whether that’s PII or de-identifiable data, and then typing out, if you will, the trust levels associated with acquiring access or authentication and authorization to access that information, by doing that work you will largely drive anyone with any directory or registry structure to adopt that identity structure and build it in and therefore, I believe you will get very much conforming directories and registries throughout the country and throughout the world and much of your work will be done for you. Much of the structure is in place today through the Federal PKI Policy Authority and their ICANS Program, which states participate in.

    Thank you very much for your time.

    W

    Thank you for those comments. Dr. Zuckerman.

    Alan Zuckerman – Georgetown University – Pediatrician

    My name is Alan Zuckerman. Today I’m representing the American Academy of Pediatrics, which is so concerned about enabling its members to participate in meaningful use that the board recently voted to create a child health informatics center.

    The most important characteristic of the NHIN is that it be available nationwide, which it clearly is not today. We know we have an interstate highway system, because you can drive from New York to California. While it was being constructed there were detours along the way. We have the fiber and we have the Internet and it’s exciting to see you bringing to attention how we can use directories and the other core services as a way to begin there.

    The example of postal mail is an excellent way to dramatize the NHIN, but the important contrast is that of e-mail, which is clearly very different, very much less effective, but most of my fellow pediatricians are totally unaware that the NHIN exists or can be around. One of the most important tasks that I think your workgroup should consider will be tangible proof of life for the NHIN and a way to verify the states that it actually is in function and there will be a lot of ways to ping data around the system and prove that pediatricians in any state can indeed connect and contact others.

    The most dramatic proof of value will come through the amount of time we all spend working on our credentials and our directory updates. If we can in some way avoid some of the replication of effort and data entry that we go through that will certainly excite people in practice.

    The biggest concern of physicians in practice is that of identity theft and we need to recognize the existence of these directories, their ability to be downloaded and queried has been perceived by physicians as an occupational hazard, just like exposure to H1N1 flu in the office. So there needs to be a lot of effort to do what Surecripts mentioned about treating this as protected health information.

    When we talk about medical identity theft we’re usually thinking of patients stealing health insurance benefits, but physicians are also worried about medical provider identity theft and the DEA numbers. We all continue to get queries for DEA numbers to be used as identifiers and just as Social Security numbers are sensitive, you need to make some statement on DEA numbers.

    You’ve had lots of mentioning of the multiple addresses, as physicians have multiple practices, but you need to be aware that very often the choices made are based on how organizations handle physical paper mail. As they move into an electronic world electronic addresses are going to behave differently. Physicians are going to use different electronic addresses from those they’ve used traditionally. An important part of that is the progression towards e-fax, where electronic health records are sending and receiving data by fax and that needs to become part of the system.

    Finally, I just wanted to encourage you to give some attention to the role of professional society as potential, both users and providers of directory services and as a reliable companion in building trust, because physicians often turn to their professional society directories on wanting to contact other physicians. We have talked in the past about health information exchanges as being geographic networks. There’s also been attention to affinity networks and we should perhaps use that language more. Pediatricians, cardiologists and others often look to their professional groups as people whom they trust to support communication between providers. Thank you.

    W

    Thank you. Next in line.

    Frank Roach – Transaction Network Services

    Hello. My name is Frank Roach and I’m with a company called Transaction Network Services. I just wanted to comment on Mr. Borland earlier when he made mention of the 411 analogy and I wanted to build on that a little bit and just recommend as you’re looking for solutions, specifically in this area and in general around the NHIN, that other industries outside of healthcare have brought solutions to bear on this. Specifically, that’s why the 411 analogy struck me. When you think of telecom, for example, every month, billions of times every month, these industries and organizations have built technology that essentially is able to go out and find the data from where it exists, pull it together, send it across multiple proprietary networks and to other databases so that text messages, phone conversations, etc. can be built up and torn down on a timely basis. I know the committees in the past have pulled in outside industry experts to testify and talk about these solutions and I’d recommend that continues as we get further along in this discussion. Thank you.

    W

    I believe we have two questions from the phone. Could you please identify yourself?

    Moderator

    The first question is from Brian Ayer. Please proceed with your question.

    Brian Ayer

    Hello. Thank you for giving everyone the opportunity to discuss this with you today. After reading yesterday the post Simple Interop: The Health Internet Node I’ve been struck by the idea that having a health Internet where you would use a top level domain, such as .HC or some other available TLD that you’d still be able to have the users say they were all covered entities under HIPAA, everyone that uses EPHI could maintain a current valid digital certificate that could be used to authenticate TLS connections. I just wondered if you guys had considered this or if it’s something that might work for the NHIN. Thank you.

    W

    Thank you. A final comment from the telephone, please.

    Moderator

    The next comment is from Mark Segal. Please proceed with your comment.

    Mark Segal – GE Healthcare – Director Government & Industry Affairs

    Good afternoon. I’m Mark Segal from GE Healthcare. We’ve given you our full statement. I’d like to just focus on a few key points really relating to the broader approach that you’ve been taking. First, to achieve Dr. Blumenthal’s recently communicated HIE vision it’s really critical in our view to maintain the fundamental premises of the NHIN, including robust standards and Internet technology to connect a wide variety of organizations and networks. Strict neutrality among connected edge systems not requiring are pushing folks towards large, centralized databases and data sharing, via both pull and push.

    Second, it’s clear that the NHIN has made real progress, demonstrating its ability to meet the needs of a wide variety of users.

    Third, in thinking about meaningful use in the NHIN we urge a focus on the deeper standards based HIE needed for 2013 meaningful use. Dr. Mostashari’s opening remarks regarding the NHIN evolutionary path were terrific in this regard.

    Fourth, we urge that you not refocus the NHIN on a primarily point-to-point HIE approach and seemingly simpler approaches to secure Internet transport. Such a fundamental shift would send the wrong signals to those considering investing in standards based HIE and diverge from the robust infrastructure needed to meet hi-tech goals. Our primary or sole focus on point-to-point, while seemingly attractive, has substantial risks detailed in our statement. Paradoxically, it might be better to have less exchange or a bit less exchange in 2011 to ensure that by 2013 we’re on the right path. The alternative could lock us into a shallower, less valuable trajectory requiring large, centralized databases and dependence on proprietary solutions.

    Finally, despite these concerns, we do agree that point-to-point has an important place along with more scalable, federated, registry based data sharing based on robust standards. We need the right tools for the task. HITSP and NHIN participants have done a great job in determining which standards are best for which value cases and ONC and others have developed toolkits for more robust standards. We urge you to engage closely and frequently with HITSP, IHE, health information organizations and providers, who are making successful use today of HITSP content and transport standards. We look forward to working with you directly and through the EHR association as we pursue our shared goals of a high value NHIN and widespread meaningful use. Thank you for the opportunity today and the terrific hearing.

    W

    Thank you, Mr. Segal. Let me turn the agenda back to Dr. Mostashari.

    Farzad Mostashari – NYC DH&MHH – Assistant Commissioner

    Well, I think that we’ve heard some terrific testimony. I think today’s testimony validates the workgroup’s decision to focus the first hearing on directories. They have surfaced, I think, critical issues around governance, around the role of government, around the evolutionary pathway and also most importantly, around how once you start talking about making something real, operational; that’s when you really start to get into the issues and really start to understand the challenges faced with us. So I am humbled by the work that everyone is doing out there in non-profits and state medical boards and for-profits, the work that the market is doing. We need to figure out how we can harness all of that good work and to work together. I’m also humbled by the challenges and the difficulties that are going to be faced as we move forward on this. There is no question that it’s going to be messy at times; that there isn’t the perfect solution that the government can build and maintain and just solve the problem, but I am convinced that with the intelligence and guidance of the NHIN Workgroup we’ll get as close to a workable solution that can help the American people as we can and to help physicians meet not just the letter, but also the intent of meaningful use in 2011, 2013 and beyond.

    With that the meeting is adjourned. Thank you.

    Public Comments

    1. Thanks - Basic Issue is this. Directories discussed and services today are based on an administrative, transaction, payment, authorization focus. However to date they have not focused on the demographics necessary for patient directed consent, public health needs, quality reporting & analysis as well as patients directions and or contact info for referrals. I would hope that there is a focus on the later which does not exist today in most cases as both SSA and CMS indicated. Steve Witter, Vice President Folio Associates. 508.280.9000

    2. In regards to data back-up and meaningful use: I would like to hear more about how once all of this data is placed into all the new EMR implementations in private practice and hospitals that it will be protected from loss. Currently HIPAA requires covered entities to back-up data but most do not do this and those that do, do so in-house, ergo if the office is lost due to disaster so is the backed up data. Others use cold storage for tape and optical disk, but this does not comply with the intended use and spirit of the NHIN; specifically exchanging data over the Internet, and Time-sensitive access to medical data during a disaster.

    3. DEA has the ability to fine a clinician if they do not report an address change within 30 days as well. Has anyone ever been fined for not updating their DEA address?

    4. Has there ever been a fine issued by a state board for a physician that did not change their address?

    5. So if a physician maintains a NY license but has moved to Florida where they practice. How do you know which address/states the physician actually practices at?

    6. How many of state medical boards then verify address information?

    7. Do you maintain more than one address for a physician, for their group practice relationship?

    8. Do you maintain a cross-reference of license information to NPI?

    9. How often is the address, phone, fax information updated? Are these elements only taken from the license file or are they verified with the provider?

    10. As Jim Borland said there are very different pieces of maintaining a provider directory. Payment, authorization data is very different form the provider demographic data necessary for patient directed consent, quality reporting, public health needs and forever providing patient’s directions and contact for referrals. To date the provider directories are focused almost solely on transaction, payment and authorization only.

    11. Two parts to Accuracy - There is a different level of detail, security and information necessary for a healthcare payment to be made. The data demographics required for referrals, giving patient directions, Public health reporting, quality reporting and administering patient consent is much different than the authentication/payment transaction

    12. More oversight is clearly required. Today it appears a closed and not transparent set of activities and use of incentives.

    13. Additional directory services errors are the number one issue when you look at the information provided at the Surecripts workshops to all there participants, vendors, and partners.

    14. Do you supply provider data into the provider dictionary in a providers EMR system?

    15. This an excellent example of another potential service that is being inhibited to provide a competative alternative to surescrpts. The current market owners of surescrpts are a very limiting factor. again the cost being proposed for med reconciliation is not consistent amongst its members and is also leading to a potential diversion of Arra funds to cover this cost with the state based HIE's . This has become a visible issue with the current rfps being considered at the state level for e prescribing. This is unfair competitive practice and is a potential violation of the current by laws with the SS contracts. Examples would be Maryland which is in the process of awarding a contract as well as other states. The intent of the funds was not to pay the pharmacies and mail orders for the access to med history which is a critical data source to drive compliance.

    16. How does your data allow you to administer patient consent to the individual provider ant a specific location?

    17. What is the accuracy of the provider directory... first related to the unique provider identified? Secondly what is the accuracy of the demographics (address, phone, fax, and practice relationships)? How often does the primary address phone or fax change in your experience?

    18. If credentialing period is two years, does someone have to update the data in the interim?

    19. How often are they required to verify the data?

    20. Tighter oversight is required with the amount of government incentive being driven there way

    21. This could be significantly improved and they have created an approach. They have to dare not shared this improved efficiency as a fear of a completion. This is clear

    22. Thank you for recognizing the differences in how the directories are formatted across the spectrum of provider types. Question: the elements that were described to be included in the directory, how were these determined and are there still options to review and recommend any additional elements. Thank you.

    23. Two questions how is Surecripts addressing the significant potential and occurrence of errors in the directory download process? This is a very time consuming and inhibitor of proper workflow. Second question. How is a private entity operating a public service with very little oversight and with the potential to inhibit the intended success with potential inconsistent pricing of additional services like med history?

    24. Is there a presentation to support Ms. Mahan's testimony?

    25. Will the public be able to get copies of the slides?