Community-Based Collaborative Care Working Group Meeting

Back to CBCC Main Page

Attendees

• Jon Farmer
• Suzanne Gonzales-Webb CBCC Co-chair
• Mary Ann Juurlink Scribe
• Jim Kretz
• Ioana Singureanu
• Richard Thoreson CBCC Co-chair
• Serafina Versaggi
• Tony Weida

Agenda

1. (05 min) Roll call, approve minutes November 16th, call for additional agenda items & accept agenda
2. (55 min) Continue review of the Draft Semantic Health Information Performance and Privacy Standard Project Scope Statement Updated 11/16/2010

Minutes

1. Action Items

• Complete - Walter Suarez shared the NCVHS Letter of Recommendations Regarding Sensitive Health Information mentioned when the concept of "data segmentation" was first raised in the context of the SHIPPS project during the Nov. 2nd CBCC WG Meeting.
  • In this letter, recently posted on the HHS website, NCVHS defines the categories of sensitive health information recommended for use by HHS as a basis for research, technical development, pilot testing, and potential future demonstration projects

• Serafina to circulate CBCC scope statement to selected HL7 WGs to gauge level of interest and to solicit participation in the SHIPPS project. Approach:
  • Circulate to WG s (Security, PHER, SD, EHR) and to Dr. Floyd Eisenberg (NQF) and Walter Suarez (KP/NCVHS)
  • Comments to CBCC list welcomed
  • Continue discussion next week

2. Resolution

November 16, 2010 minutes approved

Motion: CBCC approves to circulate the scope statement to other potential interested parties. Vote: 7/0/0

3. Updates/Discussion

In discussing the intersection between privacy, performance and the SHIPPs project we are looking at the way clinical and other related data are captured in the electronic record. Other related support data includes e.g. privacy data, monitoring treatment process data, and all public health and safety issues data. As much as possible we need to have reusability of the information that is in the record. These support areas have separate reporting activities that require effort not normally part of the clinical service delivery. This means time savings, cost savings and quality of information need to be looked at, for example; any time we have a separate reporting process from the clinical process there is a chance the meaning of the data will be distorted.

4.a. Project Scope

Performance issues include quality of care for public health reporting and safety. They also involve cost containment issues e.g., the value of services delivered and/or problems of the underserved. Concerning clinical decision support you have to have the right information in the record so the automated reports work properly. We need to be able to make use of the information e.g. case managers being able to do their job. We need to be able to do waste monitoring and abuse monitoring.

The term ‘identify metadata and data quality’ – it’s not additional meta-data, it’s the quality of data stored in the electronic record itself that makes it possible to measure outcomes. If you don’t encode diagnosis, if you are using free text for diagnosis – the data is there but not at the right level of quality and encoding. One thing we were considering is to define the levels of quality data e.g. a Maturity Model.

• Narrative unstructured data to structured data. If you are using narrative unstructured data there is only so much quality measurement you can derive automatically.
• If you are using structured data with local codes then you have to support some sort of mapping and additional processing before the data can be used to automate real time quality measures

If you encode data using standards and standard-based terminologies, you can automate real time quality measurements So this project doesn’t intend to define additional metadata, we want to define that the data itself is at a certain level of quality in terms of structure and encoding

• This includes structure and vocabulary
• Completeness e.g. the meta data required to do real time performance evaluation (NQF measures e.g. patients who have had an episode of depression and are receiving certain medications or percentage of people who have seen a primary care physician who receive medication)
  • Completeness as it refers to a set of quality measures that are in scope for behavioral health is part of SHIPPS. In other words the information that is required to automate that quality measurement
  • Completeness from the definition of the data/information required is not in scope for SHIPPS

The metadata associated with the quality measure should be in the data itself or else the quality measure cannot be automated

Richard – We need to have a notion of the scope of information that is collected somewhere

Ioana – Ideally there will be a lot of data collected some of which is structured, a subset of the data will be required to be complete in order to evaluate certain aspects of quality. However whether all the different diagnosis codes, which physicians care about are included is less important than those diagnostic codes referred to in the quality measures that are included. Maybe clinically there is other information that the physician needs and they may think the data set is not complete but for the SHIPPS project we need the subset that is relevant to performance e.g. quality of care.

Richard - Reference of quality of care maybe be outdated

Ioana – That’s what the quality of measure is for but if there are best practices that exceed what the quality of measure is interested in that’s fine. It’s complete if it covers everything that helps people to do their job, even if it is more than the quality of measure. The quality measure looks for specific facts that determine quality. We as non-clinical people can’t aspire completeness. That will come from the detailed domain model work that says: this is what physicians care about and how it should be encoded. We are looking at aspects of that data that are relevant for policy makers, outcome measurements and management. This is more refined than the whole universe of data.

Richard – Using a standard’s placeholder for the purposes of a problem diagnosis there should be some insertion of specific quality measures to assess quality of service. We don’t do this but the access control service or system that is used to extract information or some policy is not something we want to do by hand. The request that is made for information from the EHR e.g the quality of cardiac care in some facility could go in with the structure we are talking about in terms of automated segmentation or filtering of data and we would know exactly what to extract. This could be done with various levels of identification.

Jon – This could be very sophisticated rules driven or some heuristic so the implementations will vary in quality but hopefully quality will improve over time

Richard – This is a long term process

Ioana – SHIPPS will raise awareness in producing good quality data; hopefully help implementers by providing them with an idea of what the end game will look like

Richards – Segment the information for various reasons not just for privacy

Jon – We are going to create an analytic framework and implementers will use it as their capabilities grow

Richard – the pressure will be on implementers from the people that buy systems needing to report on NQF measures

Ioana – This will allow partners to know the data quality levels they are dealing with one. In order to exchange data in an automated meaningful way they may need to get to a Maturity Level of 2 or 3. This will provide a quantifiable cause and effect. Why can ‘xyz’ be done with the data? The data is not at the right level

Richard – Reimbursement rates may depend on it

Ioana – The common thread that ties data segmentation and real time quality measures is the underlying data we are operating on

Richard – This operation is not different from one purpose or another. The kinds of things I might want to protect because they are sensitive, is that the same kind of segmentation process that we have to do in order to extract useful information for quality measurement. There is a lot of overlap.

Jon – The segmentation makes protecting sensitive data possible

Mary Ann – Are we defining a framework applied to fit all domains or topics in healthcare?

Ioana - Initially we are defining those elements that are common across domains, an inherent level of maturity and the quality of data that you are collecting in your EHR system. This is the pre-condition for segmenting data or for using it for quality measures in real time. We are initially looking specifically at behavioral health to show how to apply it.

Data segmentation could be driven from a number of policies not necessarily privacy. Other policy measures supported by data segmentation could be cost, waste, public health reporting. The EHR will have to support policies in all these areas..

Ioana – We are aware of dual use of information e.g. for segmentation and for quality use. There may be other uses but segmentation and quality of use is the primary focus for the SHIPP’s project.  

Richard - Building bridges to other HL7 WGs e.g. Public Health and CDC they must be trying to have multiple uses of records of information because they have all these increasing public health and safety reporting requirements. The burden of reporting is serious.

Ioana – Bring the scope statement to these other WG and other interested parties so they can co-sponsor or influence the work. Ioana motions:

Motion: CBCC approves to circulate the scope statement to other potential interested partiesSerafina seconds motion; 7 yea/ none opposed / no abstentions - approved

Next Steps:

• Circulate scope statement to selected HL7 Work Groups to enlist Co-Sponsors and Interested Parties
• Once finalized, send scope statement to Steering Committee. Once approved by the Steering Division, send to the TSC for final approval

Richard – There are other WGs moving in a similar direction to what we are doing e.g. how to enable the functional model to have the capacity to implement consent and be able to manage the results of the information they have to produce

Ioana - From a functionally standpoint the EHR is going to have to support real time automated reporting of quality measures. This will have to be reflected in the functional model. Currently capturing the patient’s privacy consent directive is not called out specifically as a supporting function in the EHR Functional Model

Jim – The Direct Care Chapter support for consent

Serafina - The Direct Care functions of EHR-FM does address the mechanics of creating a health record and refer to the concepts of managing externally generated (including patient originated) health data. So this appears to be the area of the FM to address managing privacy consent directives.

Ioana – The Infrastructure section refers to supporting consent but it does not say anything about how to record consent

Serafina action item: outreach to possible co-sponsors for this project – figure out who is an interested party and who do they represent (e.g. KP),

• Reach out to Floyd Isenberg (NQF), Structured Documents, Security, Public Health and Emergency Response, EHRs WGs and to follow up with Walter Suarez to confirm his interest
• Richard to reach out to John Ritters
• Ioana to follow up with MITRE Corporation – open source. They’ve had a privacy project for a year covering much of the same territory we’re covering.

Summary from security

Tony – Rob McCLure was concerned with the use of the word ‘segmentation’ in the CBCC meeting notes from last week

• amenable to using segmentation as a verb e.g. an activity to identify information of interest for segregation
• staying clear of using segmentation as a noun to suggest portions of the patient record are actually separated out in some persistent way for privacy or other purposes

Richard – e.g. separate out substance abuse data before my record is forwarded Tony – filter out or a masking action opposed to moving aside or moving the data into a special area Ioana – These are implementation details e.g. how to accomplish that which may be exchanged vs not exchanged is outside the scope of SHIPP Jon – segmentation defined too narrowly to tagging data to delineate the segment Ioana – Using the word ‘tagging’ data implies implementation. We don’t want implementation to lead, focus on requirements Jon – That is Rob’s point Ioana – How we do it is a different issue – this is implementation Jon – Question – Will the structure and encoding be in content or expressed in the consent themselves Ioana – The consent will refer to the diagnosis of substance abuse and the data has to be able to trace back to diagnosis to substance abuse. Based on current policy if I express a reasonable consent, how will it be done in automated way - what sort of data do you need to be able to store in your EHR system to be able to automatically tease out which record is substance abuse related and which one is not. Jon- I think this is what Rob was objecting to e.g. deciding what you have to store in the EHR system but not the data Ioana – You have to store all the data, the question is what data can be exchanged. For records management you will store all the data you are producing, the question is when you disclose data most of the privacy policies kick in. For example if the patient meets certain criteria and the data happens to be substance abuse related consent is required

• We have to store all the data, the question is what information needs to be exchange?
• We need to guide implementations through best practices
• We could consider maturity levels – MITA does this effectively

Richard - Security framework – what is the relationship between security and privacy. Security is responsible for enforcing privacy at implementation. There is a level of access control service that enables the appropriate exchange of information and potential sharing of information within an enterprise. Access control includes exchange and what is going on within the enterprise. John - There do not have to be security artifacts or privacy formalism in the security models Jon – Based on the Ioana’s clarification of segmentation Rob should be ok e.g. he objected to the notion that we would mandate new segment structures that would get introduced into things like documents e.g. segmentation in CDA Richard - We need to more rigorously define segmentation – in my mind segmentation is the process by which the access control service actually implements different policies Jon – referring to the scope statement - change ‘manage’ to ‘control sharing of health information for policy reporting purposes’ Serafina - Review letter NCVHS. The term segmentation is defined as the ability to protect specific and sensitive IIHI within the electronic record from disclosure. The NCVHS recommendation includes definitions of specific categories of information and the context in which that data occurs. Jon – it does not include Richard’s point e.g. segmentation is the process by which the access control service actually implements different policies, it needs to include exchange and what is going on within the enterprise Richard - Circulate scope statement as is and get people’s attention. This is an emerging / evolving subject. Jon – I would like to see use change the word ‘manage’ to protect certain. Manage means too many things Richard – I am going in the other direction, from a policy view you want to incorporate a lot of different requirements Jon – How about ‘control sharing’ so it is not just one way. Possible change for future: The ability to control sharing of health information for privacy and policy related to reporting.

Meeting was adjourned at 3:05 PM Eastern

== Summary from security == Tony – Rob McCLure was concerned with the use of the word ‘segmentation’ in the CBCC meeting notes from last week

• amenable to using segmentation as a verb e.g. an activity to identify information of interest for segregation
• staying clear of using segmentation as a noun to suggest portions of the patient record are actually separated out in some persistent way for privacy or other purposes

Richard – e.g. separate out substance abuse data before my record is forwarded Tony – filter out or a masking action opposed to moving aside or moving the data into a special area Ioana – These are implementation details e.g. how to accomplish that which may be exchanged vs not exchanged is outside the scope of SHIPP Jon – segmentation defined too narrowly to tagging data to delineate the segment Ioana – Using the word ‘tagging’ data implies implementation. We don’t want implementation to lead, focus on requirements Jon – That is Rob’s point Ioana – How we do it is a different issue – this is implementation Jon – Question – Will the structure and encoding be in content or expressed in the consent themselves Ioana – The consent will refer to the diagnosis of substance abuse and the data has to be able to trace back to diagnosis to substance abuse. Based on current policy if I express a reasonable consent, how will it be done in automated way - what sort of data do you need to be able to store in your EHR system to be able to automatically tease out which record is substance abuse related and which one is not. Jon- I think this is what Rob was objecting to e.g. deciding what you have to store in the EHR system but not the data Ioana – You have to store all the data, the question is what data can be exchanged. For records management you will store all the data you are producing, the question is when you disclose data most of the privacy policies kick in. For example if the patient meets certain criteria and the data happens to be substance abuse related consent is required

• We have to store all the data, the question is what information needs to be exchange?
• We need to guide implementations through best practices
• We could consider maturity levels – MITA does this effectively

Richard - Security framework – what is the relationship between security and privacy. Security is responsible for enforcing privacy at implementation. There is a level of access control service that enables the appropriate exchange of information and potential sharing of information within an enterprise. Access control includes exchange and what is going on within the enterprise. John - There do not have to be security artifacts or privacy formalism in the security models Jon – Based on the Ioana’s clarification of segmentation Rob should be ok e.g. he objected to the notion that we would mandate new segment structures that would get introduced into things like documents e.g. segmentation in CDA Richard - We need to more rigorously define segmentation – in my mind segmentation is the process by which the access control service actually implements different policies Jon – referring to the scope statement - change ‘manage’ to ‘control sharing of health information for policy reporting purposes’ Serafina - Review letter NCVHS. The term segmentation is defined as the ability to protect specific and sensitive IIHI within the electronic record from disclosure. The NCVHS recommendation includes definitions of specific categories of information and the context in which that data occurs. Jon – it does not include Richard’s point e.g. segmentation is the process by which the access control service actually implements different policies, it needs to include exchange and what is going on within the enterprise Richard - Circulate scope statement as is and get people’s attention. This is an emerging / evolving subject. Jon – I would like to see use change the word ‘manage’ to protect certain. Manage means too many things Richard – I am going in the other direction, from a policy view you want to incorporate a lot of different requirements Jon – How about ‘control sharing’ so it is not just one way. Possible change for future: The ability to control sharing of health information for privacy and policy related to reporting.

Meeting was adjourned at 3:05 PM Eastern