FULL DRAFT TRANSCRIPT: HIT Policy Adoption/Certification Workgroup

These are the materials and rough draft transcript from the 7/14/2009 HIT Policy Committee Adoption/Certification Workgroup meeting: 

Meeting Materials:

 This is the audio from the morning session

This is the audio from the afternoon session

This is the rough draft transcript of the full meeting:

I am John Glaser, my best buddy Charles is keeping me out of the light, helping me here. I would like to welcome all of you to the meeting of the work group on certification and adoption of the healthcare IT policy committee. I have a couple opening comment and will turn it over to the chairs. Paul Egerman and Marc Probst.

I thank you all here in the audience and on the phone, I appreciate your devoting time and intellect to this important undertaking.

In the high tech legislation, there are a few key attributes, but at the center, in order to receive the financial incentives, providers must engage in meaningful use providing certified every EHRs. The adoption work group, chaired by the colleagues at my left and around the table, the committee asked them to spend time looking at the certification process, not an immediate focus on criteria; that will come out on of the standards work going on, but the process by which electronic records are certified for the high tech law and payment meek mechanism. An examination of, understanding of how the process might work, such as open-source software or internally developed software. We ask them to do that, they had some I rememberings and are scheduling today for overall thoughts.

We want to encourage you to evaluate all processes, but we want to make sure we thoroughly examine, look at a wide range of possibilities and potentials, and want you all to feel free to explore innovative ideas, new approaches. We want you to feel free, where appropriate, to be complementary, and to be critical, we would like to hear that. We look forward to a candid, wide-open, thoughtful and constructive discussion, and again, it thank you all for taking the time to be here.

I want to get introductions of the work group members.


From the Robert Wood Johnson foundation.

I am [indiscernible] practicing gynecologist in Massachusetts, immediate past chair of the AMA.

I am John — office of the national coordinator.

My colleague and friend, Charles Kennedy with WellPoint.

I am Paul Egerman, software entrepreneur and co-chair.

Marc Probst with [indiscernible] healthcare.

Adam Clark, the Lance Armstrong strong foundation.

Any work group members on the telephone?

Good morning, I am still Paul Egerman. We have a few work group members on the phone, Terry [indiscernible] is going to be calling in, the chief information officer of the State of California, which is a state on the West Coast of the United States. Happy to have her, it’s very early in the morning she is. As John said, this is a meeting of the certification adoption work group. At this meeting we are only talking about certification, not adoption. Adoption is critically important and there are a lot of issues, but that’s not the focus of the meeting today, and we are not talking about meaningful use, only about certification. We are talking about that because, as John says, it’s something that is critically important. We do have an exciting group of speakers, and some very interesting panels. We have been meeting pretty much every week for about the last two months, gathering information. The purpose of today and tomorrow’s meeting is really information gathering. We are trying to learn upon more information about what is needed for certification, and what we are trying to do with many of our panels is to put people forward who have differing point of view on a lot of these subjects. We realize they are controversial, there are always controversies, related CCI it, what purchasers need, verpdz vendors, we are trying to have discussions about some of those differences. The purposes of the public comment period, at the end of the day today and tomorrow morning, for you to tell us whether or not we have gotten the right information. If somehow we go through this, we do not know what people are going to say, and it’s possible not every viewpoint has been expressed. If there’s a viewpoint that has not, we want to hear that. That’s the purpose of the public comment period.

The work group will be meeting in closed session, executive session this evening, and also tomorrow afternoon, and we are hopeful that we will have some consensus for recommendation on Thursday at the HIT policy committee meeting. If we are able to come to some consensus for what I would call preliminary recommendation, it will be printed in the Federal Register several days later and there will be another public comment period. There will be ample time for people to make comments. Any recommendation we make would be preliminary based on receiving additional feedback.

Those are the things we are trying to accomplish. As we went around the room, the people in the HHS staff did not really identify themselves. I want to thank the people in the HHS staff who have been very supportive, helpful, besides John Glaser, the lead, but Judy — the contract office, am I saying that right? Something like that, she’s a chief honcho at HHS, we very much appreciate your help, and Jodie’s, and we also thank HHS, who has given us autonomy to make whatever decisions we want, so our first speaker is William Stead, will be talking about a study performed at the national research council. So, Bill William Stead.

William Stead: From 2007 to 2008 I was privileged to chair an NRC commit assess the gap between healthcare IT as deployed in the best places it’s being deployed today, the gap between that and what is required to support the Upon institute of Medicine’s vision for quality healthcare. Today I want to share the observations and conclusions of that committee, and then to add my interpretation of what it means for the task of this working group.

The ideas that I am going to talk about challenge the status quo, so I will go through the presentation relatively quickly, so we have about half of our time together to let you explore the pieces of it that are most interesting to you.

These are the central conclusions of the report. The first was that if we continue our current efforts without change we will not solve the healthcare problem that’s underpinning reform, and we actually could make it worse. That, as I will try to make clear as we go ahead, does not mean we could not and should not act quickly. We can, we just have to be careful about how we we do it.

In particular, success will require much more attention to helping people think about what is in fact going on. In essence, we are interested in information technology, because the healthcare world is faced by an insurmount able cognitive problem now. That is actually the root cause of a lot of our overuse, underuse and misuse. That’s what we have to pay attention to. What the committee saw in the places using this technology a lot, is the patient is actually being lost in a sea of transaction-level detail.

Therefore, our recommendation of how one can move forward quickly, is to manage the effort, to focus on measurable improvement in healthcare. If we do that, and we don’t focus solely on the tool, then we will be able to adapt role, process, and our use of the tool to get the outcomes we want. It’s not possible if we simply are driven by the tool.

This is the committee that we put together. You will see there are bridge people like myself, that bridge biomedical informatics and medicine, we ID a, others bridge to computer science, Peter Solowe vitz, and — experts on bioinformatics, human factors, databases, on data spaces, embedded sensors and large-scale distributed architectures. That’s the group that looked at this.

What we did was to start with the IOMs quality [indiscernible] recommendations. We basically said, what are the information-intensive capabilities that would be necessary to support a system that was, say, effective, patient-centered, timely and equitable. This slide summarizes them. The first is that we have to have comprehensive data about patients across lo kales.

The second is the idea of support for people thinking about problems. I will give examples of that. Tools to manage populations, rapid integration of technologies, and empowerment of patients and their families.

The places we visited are listed here, a mixture of government, for profit, academic, can community and places with commercial systems and home-grown systems.

They were picked because they are amongst the leaders in use among this technology to improve quality, and we ob served that. We saw many successes. But we also saw challenges. They are summarized on this slide. I gave you appendix C of the NRC report that spells them out in more detail. The computer right now is increasing fragmentation. We made rounds, and saw five different sub-teams of the care team, each with computers on wheels, standing in a circle, facing their machines, talking to each other, with the only integration taking place in the conversation, and none of them being able to see whether they were collectively looking at all the important pieces of the record.

There’s no consistent way, even with insights in which people go look for information, systems are often used after the fact. We think about check lists as important, but if you look where checklists work, it’s where roles have been changed so you have a pilot and copilot, used use real-time, if you don’t do it that way, it does absolutely no good. Most of what we saw was in fact, after the fact.

Very little support for evidence-based medicine.

The best of places are working four to six major improvement projects at a time, each taking six to 24 months, very important work, but a small fraction of what we’ve got to do. Centralization is the primary method of standardization, and yet everywhere we found innovation, it was local, every single time.

The timelines are glacial. If you look at the time it takes people that have achieved “level six” it’s over a decade. There were places where we saw as four generations of systems running in parallel while people were still running level one have some other while developing level four.

What we came away with, maybe healthcare is doing 5% of what it needs to do to improve — four to times times more better than the average, and yet the gap between that and what we actually need is simply insurmountable by current techniques. It’s like trying to get into outer space with a jet airplane, instead of a rocket. It just gets to a point that you can’t get there.

Now, there were a couple of key epiphanies along the way of looking at this. The first was that there are four primary domains of computational techniques. Marc point ed this out. Automation is a technique that works when you want to do a well-defined process over and over the same way. Other techniques, connectivity, connecting people to each other in systems; data mining, discovering relationships between disparate non-regularized data sources; and decision support, helping people make choices. Those are quite different computational techniques. They work in the face of complex adaptive systems, which is what healthcare is; and they cost on order of magnitude less, and take an order of magnitude less time than automation techniques. When we look at other industries, we discover other industries balance their portfolio amongst techniques. Healthcare is almost always automation and when current vendors use other approaches they bolt them on to an automation core, so that becomes the rate-limiting step of are ability to handle complexity.

The second epiphany is the step in how clinician’s heads work and the [indiscernible] of IT. Today’s healthcare — people trained like I am, I am a nee frol gist by background. As a new piece of data comes in, we compare against the model F it fits, we keep the model, understand what that piece of data tells us. If it doesn’t fit, whoops, maybe the model is wrong, back up, re-think what’s going. Well, healthcare IT today doesn’t let us work that way. It focuses on transaction-level data. The results and the orders. What little decision-support today’s healthcare provides, it provides at that transaction level data.

What physicians would like to be able to do, and nurse practitioners, other people that are really responsible for understanding the patient; they would like support in working with an abstraction of what is going on with the patient. As new data comes in, they would actually like to see how it fits or not fits, or help with that, so they know what to worry about and not to worry about.

If you have a person who is infected, have a low white count, that means you are being overwhelmed by the infection. If you have a person infected and they have a high white count, that means the immune response is — we don’t have that basic level of support in most of today’s system.

To carry out the rest of the model, what will be needed, we need the way to deal with raw research data, biological observations, research protocols that build the data, the resulting medical knowledge; then we need to generalize that medical knowledge into medical logic, and then we need to make it specific to the patient context with decision support. That’s actually the set of components we will sometimes have, the support the kind of healthcare we are talking about, even if approximate we got full adoption of the best of what we got today, we would have about two-eighths of what we need. The message is to be extraordinarily careful that we move in way that’s do not lock us in concrete.

The committee came up with a set of are recommendations to support evolutionary change in the short term, and a set of recommendations to support radical change for the longer term, because what we are talking about in healthcare reform is radical change. Today’s healthcare process cannot deliver the results we want. We are not talking about healthcare IT, but connecting today’s healthcare process, but to radically reengineer the process. Improvements in care, so that if we focus on outcomes our deployment of technology will be self-correcting and will not end up letting us go far down the path of unin10ed consequences. A statement was made yesterday, beginning to get on the first rung of the escalator. There’s got to be a way of making progress incrementally. A key idea that I think is lost in today’s healthcare IT, that is quite do-able with today’s technology is to simply record all the data in all the form — whatever form it is. At Vanderbilt we keep — what is working, not working, people understand, don’t understand, users, et cetera.

In terms of principles for radical change, this idea of architecting systems so they can accommodate disruptive change. Anybody that has one of today’s IT systems and feels that it accelerates their ability to rapidly change work flow, raise your hand.

That’s what we’re talking about. It takes a different approach to the architecture. We should only employ automation at the component level, where we have a process perfectly designed to do what we want to do. When that process becomes obsolete we swap out the process, component technology, roles, plug in something new. We can do that at component level, can’t do that if it’s the complete neurologic system of our healthcare system.

Managed data separately from applications. I will come back at that, back at that and back at that. That is a key thing, frankly, if we only certified one thing, that’s what we certify. The technology let us manage the data separately from the applications. Then it will tolerate change in those applications as healthcare changes.

So that’s all I am going to say about the committee report. We can come back to it in questions. As I have thought about this, worked with other groups since that report came out at beginning of January, an idea emerged, in the standards working group, board of regents of the national — in January. The first idea is we need to redefine interoperability. Instead of interoperability being one version of truth that can be explicit, always the same, in all systems, which we believe simply does not reflect the nature of biological data. What we are talking about is we might are redefine interoperability as data that can always be correctly interpreted. In the light of today’s knowledge or in the light of tomorrow’s knowledge. How do we manage data if we want to handle the transition from 1979, two types of diabetes, 1997, where there were four and genomics, greater than 20 and know it’s going to go higher. How do we handle an archived data that lets us tolerate those kind of dramatic changes in our understanding of how to interpret it. separatability, and the decision support content, and finally, narrowly limit our use of standard data, by which I mean data that can have only one interpretation, whose meaning is stable over time, such as [indiscernible] ingredients. If man builds it, I believe we can define it with standard data. If the creator builds it, I believe we have to have more flexibility in how we will interpret the data across time. This is just another way of looking what the paradigm shift might be. This idea of moving from one integrated set the of data, the single source of truth, to ready access to all the sets of relevant data, multiple sources. This idea of capturing raw signal, annotating with standard terminology.

Within the Vanderbilt world, we collect information from any source, archive in its original source, may be raw output of monitor, we use parsers and — to attempt to interpret, show it to humans, let them annotate it, keep the human and machine interpretation, also the raw signal, so when knowledge changes, re-run the algorithm and it’s current again.

This really gets to where you are thinking of how we get a robust version of truth. Saying earlier, I was an intern, potassium was high, I would do a rhythm strip, would treat it, looking at getting robustness in the signal by getting two different sources.

The final piece of the paradigm shift is rebalancing our use of the computational techniques. We still should use automation, but in our hands, at least, tackling the electronic health record much more like a secure Google problem than a data processing problem has made it easy to get all the information together. We did this for the Memphis RIO, each hospital, different vendor, costs $2 per citizen per year and took 18 months. That’s a secure Google approach versus data processing approach. Similarly, our disease management desk would pull information from any system, don’t care if it’s a payer, clinical system, ancillary system, we do care that it shows the status of the patient in real-time. The are rest rest of that is probably self-evident.

What does this mean for certification? This is the challenge, trying to put together function, the use of the function, and the effect we want to achieve. The function takes a combination of software, patient data and decision support content. Truth be known, except for something like ability to keep the data separate, you cannot certify the software in a consistently performing way without the associated patient data and decision support. That’s the reason the leap frog tool that’s been used to let people access how, whether CCHIT, identified C POE blocks medication errors. Since the data is still in paper, press, I will say less than 50%, in the right range, not greater than 50%. That’s because we certified the software separate from these other things. That’s a mistake. We also have to recognize that the roles, process and training are an integral part of whether this will achieve meaningful use.

I think what that says is for certification we need to recognize that less is going to be more; we should only certify something where the definitions are precise. At all costs, we should avoid freezing work flow, content or technology, because of the magnitude of change that is still in front of us. That argues to me that we actually make this concept of liquidity the foundation of what we certify. That is not the way that we started. We started by what today’s — the certification process, I am in the middle of it, may be interpreting wrong, but my impression is it started largely with what the best of today’s systems could do. It did not necessarily start with what was, in fact, the essential ingredient that would allow a person who bought something to know it would work over time. And I believe liquidity is that piece, and it’s liquidity of data, decision-support content and the audit trails of how something got to be.

I think then we need to certify on a very granular basis, take E-prescribing. There are roughly nine decision points in E-prescribing, from the decision of what I want to do, task of formulating into a presubscription, translating, interacting with the pharmacist, to administering it, monitoring it, and refilling it. Each of those steps requires different decision support, different data requirements about the patient, it has different measures of what an effective completion of that step was, and has different dependencies.

I would argue we should certify a set of the absolute minimum number of functional building blocks, and building blocks necessary for effective use, and we should do it with all these pieces.

Then what I would do is add another idea. What is really an effective post-market surveillance. Think of the trouble we have gotten into with the drug industry, adding more and more stuff to the FDA pre-market approval process, because if stuff gets out through that process, we have very poor data about — takes us a long time to discover Vioxx, for example.

If in fact we had much better post-market surveillance, we could let things out — put a hold on it. We want to think that way about certification. What’s the absolute minimum we have to do at the front end, and then what would happen if both provider and their vendors were required to report, roll up on things like this. What’s the actual ease of learning, the set of function a role has to do, how long does it take to learn, and how long until they are at peak of efficiency.

Ease of use, what’s the time to complete an error rate of task, specificity of information retrieval. Content support, what percent of users with a deployed system, system, decision support content, patient data, what percent actually handle a piece of new information correctly?

Adaptation to time, from discovery of an urgent update to a drug interaction content, how long is it until that has been reflected in the decision support of all of a vendor’s deployed operational systems. Right now the answer is never. What should it be? Effectiveness, what percent? We have to give people the data to help them understand the process and fix it. What percent of alerts are overwritten, what percent of — follow an override, and absence of alert. If you put together a family of effective meaningful use as the goal, and we manage to that, a foundation of granular certification and a middle tier of robust reporting, not punitively, but to give people the information to fix the technology, to fix the process, I think we could really win this one and win it in the near term. Thank you.

Thank you very much, that was a fascinating presentation. Questions?

Thank you for that very interesting presentation. The question I have for you is, you are advocating a different approach, one that is less about automation and transactions, but more about knowledge support. My question, you mentioned we are flying a jet engine when we are trying to build a rocket. Can you evolve the jet into the rocket or do you need to literally scrap it and move in a different direction?


You can do that, but I would narrow down my use of automation, and set beside that my data mining tools, so instead of trying to scale up an automation system to do everything, shrink it down to its components, give it an information foundation that is data mining, and then use these decision-support and social networking and other tools up on top of it to let people work with it. I think what we have is actually a component of the rocket. Our trouble is we tried to make it the whole rocket. If we could narrow it down, put the other components on, I think we could get there, and do it now. This change could let us get to 2014, not stand in the way.

Thank you.

First of all, I didn’t want to be the only person in the room to raise my hand, but I actually think I am better off with my technology, than I was before. Let me just ask you about the — I am not quite sure what it is you are getting for $2 a citizen. What is in the center there? I am trying to understand what it is you are exchanging.

I guess I would say we are exchanging, we are having the six competing hospitals in the three-county region around Memphis, 22% of the population of Tennessee. Those systems, the two loops of safety networks, key reference labs, and one of the key payers, all export data into a regional data bank, which has facility-specific vaults. They can control the data, and yet, the region can then run algorithms across it that identify what person it relates to, what type of data it contains, and it constructs what looks like an electronic health record from a secure browser, and can —

Is it clinical data, like patient’s past history —

Yes, discharge, lab results.

Well, the lab results — but what I am trying to understand, without interfaces, somehow something is all getting dumped into one place, even though there are six different vendors or 10, whatever number of vendors there are, even though those vendors are storing things in different ways, somehow it all gets into the center and everybody can use it, I am just —

Yes, and the reason — I have been very careful about some words here. Said it’s not an exchange, it’s an aggregation, data mining and visualization capability, and that difference is important. We are not taking information from hospital A, mushing it around in a way to pump into hospital B. That would be my definition of an exchange. That would require us doing the end-to-end work [indiscernible] we have gotten to where we can do that for the less than 100 labs, a small fragment of what we are working with in Memphis. We have everybody publish the information, as a text report, tagged text report or as real data streams, doesn’t matter. Then we use parsers, simply semantic algorithms that recognize structure, can break something up into fragments and concept matching algorithms, use the knowledge of the national library’s medical thesaurus to construct something that looks and feels a lot like a electronic health record, the way Google crawls across all websites, lets you answer questions without the people that set up the website intending for you to be able to use it that way. Secure Google is the closest analog to what we are doing in Memphis that I can describe. Does that help?


Thank you very much for the presentation, and I should disclose, the Robert Wood Johnson foundation was a partial supporter of the study. I say that for disclosure, not credit. So much.


Steve Downs with the Robert Wood Johnson foundation. I think it’s easier for us to wrap our heads around certifying a system rather than a soup to nuts system providing a full range of functions. As you start talking about the componentized approach with this sort of base, and multiple functions layered on top of it, could you perhaps help us understand better what might be in the base, the foundational components, and also, if you could give an opinion on, do you think the certification should extend to the different apps that would run on top of that base or functions that would run on top of the base?

William Stead: I would like for the certification to be that the data is interpreted equally effectively outside of the system as within the system. We have got to change the incentives that have allowed the current industry compete on making the parts of their system work better together, which by definition means they work less well with other things. We’ve got to break that. The key is accept separatability —

Let me is stop you there, say it is a data recording and capturing, and function to make it available on equal basis to applications that can use them.

William Stead: Yes, we are trying to solve getting the information and putting it in front of each person that needs to know it, according to their need to know it, as they are making decisions about what to do next. That’s what’s going to solve the overuse and underuse problem in healthcare. The misuse part or part of that part that will solve, another part takes automation. Don’t misunderstand me. I am not against automation, I am very in favor of it at the component level; but that would be the base. It should come up above that, I would actually work out the key definitions of each of the components of what we have now lumped together as e-prescribing. When I had discussions with a very well-informed leader in Tennessee, very interested in these efforts, he was very surprised to discover that the e-of prescribing effort counted on — [indiscernible] drug interactions, for example. It could, if everything elsewhere there, but they were not counting the most essential thing for what they wanted to solve. That wasn’t obvious to him. For us to get really clear, this is the component. If you use component, this is the data you have to have. If we made that clear, people would know what choices they are making. Right now they don’t, because we lump it together. I think we have to be — if, in fact, you are a well-contained practice, and all of your patients are contained in your practice, all your data is in your practice, today’s monolithic systems work. That is a vanishingly small part of our problem. In 2000, the median care beneficiary saw two primary care, five specialists across four practices. Any approach to healthcare IT that doesn’t deal with that, reality isn’t going to get us there. We have to get that in at the start. So far we have left it as a to follow. That’s where we made the mistake, if we made a mistake.

I wonder if you would comment a little about — Larry with Kindred Healthcare. Thank you for the challenge to how we are think being this. Would you comment on the apparent paradox, focus on data, ability to share, aggregate the data. But your example of bringing together systems that didn’t start with clean data definition, but able to create useful integration is not the right words, but something, useful bringing together of information.

William Stead: My only point is what are in those systems we brought stuff together from is actually unimportant, and therefore in theory shouldn’t need to be certified. Because what we did was mine it, regardless of form and source. You may want to certify that latter. Can you construct a dash board that shows all the management — plan against real-time. That is an important thing. That is unlikely to be in any system within one enterprise. Yes, they can do it within the enterprise if all the patients are in the enterprise, or if all of their automation data processing interfaces with everybody else are in place. But I am sorry, not by 2014.

Our challenge is how to certify something now that will get us to 2014.

My struggle is you create a overarching system when you brought this system together.

William Stead: Just like Google brought an overarching system when you —

Google did that built on HTML standards, HTTP, a set of core standards they built on, a huge variability in what’s there. Some from the ambiguity of English and other natural languages that when they bring things together, as the recent Bing ads point out, you get interesting cross-threading.

William Stead: Amen. And the fact we have gotten all the power of the Internet with three simple standards, how you locate, display and transport it without any standardization of content. Look what that has done. If we could have the same effect on healthcare between 2009 and 2014 that the web, those three simple standards had between 1994 and 2000, wouldn’t that be wonderful. I know it wouldn’t be where we want to land, but wouldn’t it be wonderful.

My sense is, to achieve that, we would back off on some of the more engineered aspects. Some decision support requires you have common semantics across those data sources.

William Stead: Well, I would have common semantics where common semantics are in fact biologically — drug interactions, we can have common semantics. Let’s nail that one. If we in fact got to where all of today’s commercially available systems used an enhanced R x norm, with adding in drug class from the VA system. We then made all systems tag whatever they did without reference standard, we would have solved a huge problem. We could solve that one — when I was a member of the systemic interoperability — we laid out a road map showing how that could be solve by today. In print, reindorsed by the — it’s do-able. I am not saying don’t do those things. I am saying focus them where that approach actually makes sense, giving the structure, nature of the information, and use very different approaches for this big C of constantly evolving new and different sources, genomics, proteiomics, things that will hit us much harder than what is —



As an example of changing understanding of classification schemes we are using.

Very much so.

Thank you.

Great, Charles, last question?

As you put together this vision of how this will work, as I am interpreting your comments it sounds like you are saying build something centrally held that a certain amount of transactional data is flowing, you want to build a component of something that fits, I will use the word centrally, algorithms, other things can run against. My question is, I agree the cognitive decision support is the most important thing we can achieve out of this. In thinking about certification standards, other than liquidity of data, is there anything else that comes to mind you would do to support cognitive decision support —

First, I am not talking about a central model. I am talking about breaking the problem up into pieces, having algorithming to aggregate, interpret whichever of those pieces you have the governance okay to do, and you need for the task. It is very much of a breaking the problem up, instead of trying to make it holistic. That clarification.

I think the — we need to start measuring, really the reason I put the things on this slide. We need to start measuring the cognitive, the ability of our systems to in fact enhance decision making. We have, today, the best of today’s systems actually work by get key information at the right point in the work flow. That’s key, that’s important, but it is much less global than really making sure we understand what’s going on with the patient, which is going to be necessary for care coordination across the continuum. It’s going to be necessary for saying let’s not just give the patients — make sure each drug, there’s evidence for, but given the evidence, the patient’s problems, what are the top X drugs that are the highest priority. We can’t take all the ones for which we have evidence. They can’t pay for them. We are so green there I can almost suggest we need to start measuring. I really did struggle. That list wasn’t a casual thought. It was a good day and a half when I was asked to make this presentation. That’s where I would start.

This has been a terrific presentation. I want to say thank you very much, Dr. Sted, for coming.

Thank you very much.

[Applause ]

Moving right along, trying to run this meeting on time, I will have to tell you, as former software vendor, doing anything on time is a very new concept, but I am doing my best. The next presentation is from the national constitute of standards and — I believe Gordon Gillerman also, and will present information about compliance testing, certification process they use for other products, and related topics. If you through the legislation, you know NIST is our partner in this process, funded as part of the process. We are very much looking forward to your presentation, thank you very much.

I like the term on-target, in-target, good phrase.

I want to thank you for the opportunity to talk about NIST and what we do. We are one institute, the National Institute of —

I apologize.

I thought you were more than one, you are so good.

We appreciate the complement. I wanted to give you a few minutes of an oversight of NIST, there may be people in the room not as familiar with our activities, then turn it over Gordon Gillerman, the lead — capabilities at NIST.

I want to remind people of our overall mission. We really work to support the U.S. innovation and industrial competitiveness. We call this the what, how and why slide. We are focused within the Department of Commerce on the economic strength of the United States, that is our mission.

We do this through measurement, science, standards and technology, and that’s what we are here to talk about today. The breadth, to enhance security, and improve life. Anything NIST touches you are aware of, not necessarily because of us. The browser standards we talked about earlier, when you get that little lock on your browser telling you that you are secure, that’s one of our standards we dealt with many years ago, a key management capability.

When you get your time, synchronizing your computers and atomic clocks, that’s reaching our signal. You pump your gas tank, you rely on the standard the states put on the gas pumps, they are referencing back to our standards. You weigh your groceries at the store, the states are references back to our standards. We provide reference materials, reference data, standard development and complementary conformance testing. One thing Gordon will do, go through examples of various ways we touch. But I wanted to give you the breadth of what NIST is. We were speaking to people yesterday, thought we were one slice of what we do. We are very broad, appreciate the anticipation there are several of us, but we touch a lot of things, in very accurate, precise measurement standard ways. Let me go to the next slide.

I want to touch on our responsibilities in the ARRA. You all certainly have read these things we are specifically — the funding we are in line for is for continued work on advancing healthcare information integration, certainly the topics we are talking about today. It is ARRA also directs NIST to update the federal strategic plan, voluntary certification programs, consult on assistance and health IT implementation, provide pilot testing of implementation and testing, and grants program for health integration program centers. The one we are here today to discuss, provide understanding of Vol voluntary certification programs.

I want to turn it over to my colleague, Gordon Gillerman, he will give you — tell you how things can be structured for the future.

Gordon Gillerman: Good morning. What we do at NIST, help federal agencies and industry understand how certification programs work, how they can be adapted to fit certain national needs, and how they can be implemented to be effective and efficient. We provide agencies, federal agencies with assistance and policies related to development of standards and general conformity assessment systems, administrative infrastructures, and also help design the programs themselves. Usually that is our role, to help build the understanding with the agencies, design programs, implement the programs, but not to run and operate the programs within NIST itself.

In this particular area we have been directed specifically to look at certification, with an eye toward making the program work and having a program that’s effective and functional and efficient. Our role in this is defined by the national [indiscernible] advancement act, to coordinate federal, state, local activities to reduce redundancy and effectiveness for the nation’s good. One role we play is trying to help organization and federal agencies developing conformity assessment programs to do so, so they are efficient, other programs working in similar areas to integrate programs to reduce redundancy.

You notice I use the term conformity assessment, and not certification. A term defined in international standards, the term covers the broad umbrella of tasks, systems, relative to demonstrating a product, service, process, meets requirements. General conformity assessment. A lot of activities can be used. Certification is one, not only one. Certification has a specific meaning in the international norms for conformity assessment. You will notice the refers to ISO, ISE, the international standard which has definitions for conformity assessment terminology. This series of standards produced by the ISO — group, really defining the way conformity assessment is carried out, both in industry, globally and more and more in governments across the world.

In conform assessment activities it’s important to — the parties in the process, classical business definitions, the first party for seller or manufacturer, second party for purchaser or user, and third party is very special party, an independent organization with no interest in the transaction between the seller and buyer. The concept is that third parties can give a high confidence objective opinion about the conformity of certain objects that the first party or second party could not convey with the same level of confidence. Those organization have a vested interest in making the transaction happen.

In conformity assessment in this particular area there are several things to look at when making a decision. One is testing. It looks inevitable some of these products will have to be tested in order to demonstrate compliance with certain requirements. There are other activities, like supplier’s declaration of conformity, certification, accreditation we will talk about in more detail. You notice on the slide where the definition of terms come up, we define clearly which party can perform the conformity assessment. On this slide we define the testing can be performed by the first, second or third party, depending on what the system needs and expectations are. Testing used when characteristics to be evaluated can be measured under specified conditions, describes what a test is. A special kind of test set in conformity, carried out on samples of products intended to represent the production. In software that can be a challenge because there’s usually a lot of ongoing changes to software over time. The challenge that you often have is understanding how the tests that have been conducted can be representative of software after the software has gone through a couple of revisions.

Testing can be an elements of both a system that uses supplier’s declaration or certification program. The laboratories which conduct testing have a standard to meet in the system, defined as ISOICE, for operating the management system and driving technical competency in the laboratory environment.

Supplier’s declaration, this is first party conformity assessment, used when the risk assessment for compliance are reasonable, penalties in the marketplace for removing non-compliant products and mechanisms for removing noncompliance products from the marketplace. What is the likelihood of noncompliant products being brought to the marketplace, standards for [indiscernible] associated with supplier’s declarations of conformity, enumerated on the slide. Supplier’s declar rageses come in two forms, formal, standards, requirements the first party is attesting conformity too, population of products, and very informal processes like that used on a box of 35 MM film where you may have a number in the corner saying 200. Well, the 200 number is really in this case the film manufacturer’s attestation that this role of film meets a certain ISO standard for film speed sensitivity. The manufacturer is telling you I declare this product you are about to purchase meets the ISO 28,000 standard rating for film speed 200.

We see a couple different flavors, generally speaking about 80% of transactions in the marketplace, in the United States, based on some form of a supplier’s declaration of certification.

Only third parties conduct certification activities. Certification is typically used when the risks associated with nonconformity are moderate or high. It includes several steps which are well-defined, evaluation of the evidence, some may be in the form of laboratory test data, but there are other forms of evidence, inspection of products, evaluation of people.

There’s a compliance decision based on an evaluation of that evidence, versus requirements for certification. Then there’s a public attestation of conformity by the third party certification organization. The last step is surveillance or follow-up. This is to give the third party confidence in ongoing conformity. So the laboratory tested a product, you end up with a snapshot in time this product has a certain set of test data associated, for the product tested in the laboratory, complying with a set of requirements. Now the vendor is going to manufacture 10,000 units for the marketplace starting tomorrow. The third party needs confidence every single one of those conforms to the requirements. The surveillance is the third party’s mechanism of obtaining that confidence. There are standards for everything, for certification, and it’s ISO 65, currently being revised. The new name will be IOS 17-065. I brought a couple examples of certifications, ubiquitous in the marketplace. Certifications take place for many reasons.

[Captioner transition]









This is a program to give the market and the Idaho potato industry that all of the potatoes in the back with that seal come from Idaho and not somewhere else. The potato industry once you to be confident and part of that process is an industry certification program. In another example has to do with motor oil. In this case we have another industry driven certification program and is the petroleum industry and the American Petroleum Society has a certification program for the motor oil according to a set of standards produced by another organization that was formally called the Society of Automotive Engineers, SAE and 10W30 . So you buy this motor oil and if the motor oil is one you could end up with a $10,000 paper wheat. So you assume a lot of risk when you introduce new motor oil in your vehicle and they want to give you confidence that it’s accurate so you are willing to take the risk. It comes to a lot of forms and favors for a lot of different reasons. Accreditation is the conformity assessment of conformity assessment organizations and their programs. So in many ways this is who is watching the watchers. It’s used to give us confidence that laboratory certification bodies and other conformity assessment organizations do their jobs according to the international standards, and with integrity and technical confidence. We have some examples one is operated by the National Laboratory accreditation program that accredits laboratories to ISO ICE 1725. And you notice there is the standard for the creditors to operate under as well which is 17011 so laboratories in seven fires have the standards and the job of the credit for — and certifiers have their standards. And there is also private organizations. There is a private body that also provide some services for accreditation and the American National Standards institute has a suite of accreditation services which covers both laboratories and product certification. As he said surveillance is a key part in many of these programs. Both in accreditation and certification there are some of the surveillance functions. And it’s a vacation is to give the certification organization ongoing confidence that all of the products continue to meet those requirements. For accreditation organizations, is there to make sure that the accredited laboratories and prior certification bodies continue to do their job in accordance with the standards and operate with competence and integrity. So it sets up a system or a hierarchy in conformity assessment. Where we have accreditation bodies assessing certification organization and laboratories. And those organizations initially of solve the compliance of products and other areas with requirements and the certification bodies can certify based on those test results and their surveillance activities. So it sets up the hierarchy that we can use and depend on in order to have a system that can be functional. A couple different models that we have seen used to put the government’s role in place in the certification program. We will go through. Here we have one that is the limited government will. We have health care and NEC products and new requirements from the selective standards — and IT products and these are two characteristics of this product that need to be assessed. We have laboratories and certifiers conforming to ISO ICE standards for certification in D.C. A-plus here that we may choose to develop sector — and you see a plus here that we may choose to develop sector specific requirements. So we may want to create some additional requirements that focus on the technical, and sees necessary to do the kind of testing that the Health Care IT standards will require. And you may find additional requirements beyond those would be necessary to have a system that we could have enough confidence in and operate appropriately. The private sector can be running all of these levels, we have organizations and the products can come from private sector vendors. The government is over here participating cooperative Lee and in a coordinated fashion with the credit her body or bodies to make sure that their processes meet the needs. So this would be one potential model. It would limit the amount of government resources necessary to be deployed. One of the interesting things in conformity assessment is that it’s not necessary just to have funding for this. This would be an ongoing system and it needs to be sustained and it needs to be sustained well. Generally speaking the systems are designed so that the private sectors are paying for the services from the organizations that they apply for so that the products from the vendors will pay for testing and certification, and the laboratories and certification organizations would paid for this and health sustain this overtime without a long-term funding. A more significant role would be very similar but now we have some form of agreement. Be it a memorandum of understanding or contractual agreement between the government and the creditors to make their role in the open stronger in the process. These are other ways of doing this but these are two examples that could be deployed in an area like this. We have designed programs like this in other sectors. And using that experience to guide what kind of models that we see working over the long-term. One of the things that is valuable to consider as you look at this is how much conformity assessment do we really need? I have a lot of government agencies and private sector organizations that come to us and ask for assistance in developing certification. All lot of times what they really need is something else. We have developed things like this, tools to health us understand that what we need to do is look at the perceived risk associated with nonconformity. How bad will things be if these products do not meet the requirements? Can society tolerate the nonconformity? And over here we have the independence and weaker of the performance assessment system itself and down here we have the we should do is nothing area. So if they do not meet these requirements we should not put any resources on conformity assessment. As we move but we moved up two systems were we can probably rely on first party separations of conformity and in here there is a lot of room for developing hybrid systems but maybe we would require third-party laboratory testing but not third-party certification. Although all the vendors, I’m sorry, to claim or declare compliance. So some different ways that we can use the system to adapt to different needs. Some of the things that will look at again is primarily wish to associate the amount of resources that we throw up these kinds of problems and at — and they should be proportional and this risk base model tends to drive a lot of rethinking as we develop these systems. If we do too much will ask cost — we will add cost and burden to the system. If we do not meet the company’s needs and we just fail. So we have to find the sweet spot between over the sign and a design that makes the system function efficiently and effectively with the right cost burden for conformity assessment. As we said if there is significant penalties for noncompliance we can probably reduce the conformity assessment. There would be a tendency not to be motivated to bring these products into the marketplace. For other kinds of products if we have a functioning ecosystem, the automotive industry is a great example of the functional recall system and we can recall nonconforming products before the societal impact is intolerable. So we have some system examples of the ones that we have built for other applications. These are examples of other areas where NIST has provided assistance in developing the structure and the process of the conformity assessment program. This is a diagram of a system that is likely to be used for the rollout of the Internet protocol version six technology in the U.S. government is likely to be an early adopter. And we are concerned that the systems that we adopt this technology to continue to work and serve the public and government well. We have built the system that is primarily based on suppliers declaration of conformity and profits works like this and we have laboratories who test our products. They test it against requirements that have been determined. The labs are credited for this testing. So we have an accreditation program, third-party accreditation body to give us confidence that the laboratories were in the test and the test results are high integrity test results. The test results are returned to the vendors and they evaluate the test results and make a determination if these demonstrate that my product that I have submitted to testing meets the requirement. If that is true the vendor create a declaration of conformity. And the Declaration of conformity is used in the transaction as the vendors evidence that the product meets the requirements. In this case it specifically ties them back to the accredited testing laboratory and the test report for that product. And this is how the transaction happened with the NIST assessment system. Again this is not is a vacation program but a supplier’s declaration based on accredited results. And one that is likely to be used successfully since it has not been deployed yet in IT related system. And to be timely here is a system that we’re hoping the industry built for the safety of [ Indiscernible ]. Everybody remembers in 2007 there were highly publicized recalls of toys because of lead content it and in excess and others because there were design issues with small magnets used in toys for the standards for safety did not anticipate the features and characteristics of those products and did not have requirements for the hazards associated with them. So we have a certification model. We have an accredited certification organization. This is a much more complex system because we have the evidentiary inputs to the system. When this test results, initial tape testing and periodically testing from accredited laboratory. And we have a design has an analysis which is conducted by between manufacture themselves to look for emerging hunters — which is conducted by the manufacturers themselves to look at emerging hazards and the system to develop the quality of the production facilities in place. All three of these ingredients or pieces of evidence come to this accredited certification organization. The certification organization evaluates that evidence, makes a compliance decision, and issues a public attestation of the toys compliance with the system’s requirements. And win this system is rolled out that public attestation will be in the form of a mark on the product or the toy product package that will be on the store shelf. And this — state owned decertification mark they enter licensing agreements with the certification organization so that they can authorize use of the mark for toy manufacturers whose products have been determined to comply with all the requirements of the system. A very complicated system to address a very complicated process and issue. We have manufacture and allocations of certain products and we have decided those products and other locations. We had a myriad of different test requirements that have to be tested against and a lot of laboratory competency to be necessary to do the bulk of the testing necessary to demonstrate conformity with all the documents or standards for toy safety saw was a very large-scale certification be and that is the end of the presentation. Thank you.

Thank you, you did a great presentation. Any questions from the work group?

Do you have any examples of certification or the process where it has been driven by the government whether its reimbursements sitting out there and has to be certified for meaningful use to get that reimbursement paid a lot of examples that you showed us was edging toward a field of approval that this was okay. Do you do anything like that or have any examples?

There are several programs that we have been working with with a variety of different agencies which will get how a federal grant money is spent. I to a lot of work in the organization at NIST with the Justice Department and Department of plant security. One of the issues is the effective use of a grant money for first responders. And one example is body armor. There is a newly developed body armor testing and certification program set up by the Department of Justice and there is also a program which is a grant program and the grant money to state and local law-enforcement agencies to purchase body armor for their officers. We want to make sure that this is effective for its use we don’t want them spending federal grant dollars on an effective body armor. So we work with the Department of Justice to test and certify body armor in an accredited laboratory and the Department of justice in this case operates as the certification organization itself. And based on that certification and the manufacturer’s name and model of body armor of. On a specific list that the Justice Department maintained that is with a grant recipient can go out and evaluate which models are example for them to purchase for their officers — are acceptable for them to purchase for their officers. So maybe not exactly a similar.

With that a case where a certification program existed prior to that or was there nothing to test that function?

The program itself was built before the industry have any program. The program was. Focus on the grant money and making sure it was used effectively. The regional program put in place was a testing program and not a certification program. Over time that turned out not to meet the Justice Department needs and what we did over a period of time was basically re-engineer that into a full-scale certification program.

Adam Clark, Lance Armstrong Foundation and we will be hearing later today about the best practices for adoption of HIT and this is critical in my world of cancer will people will be going to their primary care doctor a specialist and HIT can enable coordinated care. Looking at some of these logically, though, is there a risk that the certification will cost too much or required to much work that may be smaller practices may choose that it’s not worth my time, it’s not worth my at effort to become certified so you create a division between small practices in cancer care centers, etc.

Is a risk, yes, there is always that risk. As you saw in the presentation and a lot of the thinking in design the system is geared toward finding the balance between cost and confidence. And the issue that you run it is that confidence is not free.

I thought you were asking is whether the physicians could be certified.

What I am concerned about is the smaller practices, if it becomes a cost. For smaller practices for the certifiers to adopt that.

The products being sold, it’s just that they are paying for the project. Not the providers been certified. That is what I thought I heard you say.

I guess a clarification. The certification that you are discussing, is a certification of the position in the practice or that he is buying and implementing for the practice?

A smaller sized practice adopting a certified Project. If the product, the certification product is expensive to actually get certified. Will there be a barrier?

There is always a cost a sissy with conformity assessment. There is no question about that. There are costs for running a test. If all you need to do is test a product and you get to market 1 million of them based on one test than the vendors get to divide the cost of the testing across the total copy population that they sell. So I cannot answer the question straight out because I do not know all of the factors involved. There has not been in the development here, but part of that design is the balance between cost and confidence. So we always look at what is the competency of the stakeholders.

Helmets cost is meeting them adding to the systems — versus the cause that is needed them adding to the systems and what the system looks like and how it gets implemented.

Bill Heiman. I wanted to make sure I understand what NIST’s rule is in this particular process. The way I am thinking about this is the office of the national coordinator will describe what needs to be certified. And then NIST will design the process. Is that what I’m hearing?

I think we will assist in the design of the process and help ONC make a more informed decision. I think that is the way it’s going to work.

ARRA actually calls on a voluntary certification programs. So we are here to help.

This is currently a certification organization already for health information technology. So what your role be dealing with the Office of the national coordinator or the current certification organization or both?

We have been doing both.


Would you play a direct accreditation Rolfe either as the contract or would you more accept the terms for what an accommodation is a vacation will look like?

And certification right now we do not have a certification or accreditation role. NIST operates the National voluntary laboratory accreditation Program and in some cases it is a good solution. We work closely with other organizations who are in the business of running accreditation programs for product certification. And that probably would be the primary role. We do not anticipate developing a product certification organization as part of our role.

To follow up on that, let state ONC wanted an accrediting organization or perhaps certification organization, ONC might have a contract for different accrediting organizations to bid on.

You could have several models, there was actually a formal agreement between ONC and the accreditor and then a different model word ONC played a role in the accreditation body and kind of the structure and policy and all of that stuff. I really did not have an agreement. So there’s a lot of opportunities for developing that relationship and see how it works.

Does NIST do any of those roles? Do you monitor their work? Was that something you don’t want to do or do not do?

I think that answer is there are very narrow areas where NIST does those activities and similar things. We have generally found that working with organizations would to this as part of their daily work — that do this as part of their daily work tend to be more efficient and effective. Not that it can never be done or it’s not a possibility but in our experience those generally are not the best solution.

We have an organization that already exists. What advice would you give us on how the organization should be monitored?

I think the important things that we need to look at is to understand what are the requirements for a confidant competent high integrity certification in this area. And we need to spell them out in the document. What we typically recommend is that those requirements are added into the international norms for certification programs and in this case ISO ICE Guide 65, and we would add those extra requirements to and work with them to make sure that it includes both of the requirements of the ISO ICE and these additional requirements. So that this particular sector did its job and met the needs for the sector.

Mark Perez. With new product certification you brought up the concept of surveillance. Is that done by the same third-party or cannot be done by a different party?

The certification body could contract out the tasks associated with it pits a let’s say that we are certified in toys and what we will use is post market surveillance. So we will go to the store shelf and retests them and they could contact a laboratory or several laboratories to test them and report the results back. But the decision to maintain the certification or not maintain the certification must be undertaken by the certification body according to the international standards. That seems to be an approach that works.

Larry Wolfe. You commented many different examples of certification testing. I sort of feel like the scope of what we’re looking at here is a lot broader than the examples you have used. So I wanted you to comment on the scope of what we’re trying to take on and models that might support that scope.

It’s interesting. If I look at the portfolio of the things that we are looking at with industry and government and different kinds of conformity assessment models. Right now from the technology perspective but the bottom end is toys and Walker efficient toilets and the top end is a shoulder fired rockets for commercial aircraft. So we are not bound by how technical or technologically sophisticated products are. We can assist in the design of a program that can meet the need across that spectrum. If we are talking about whether we give certifying a person or a product, or the implementation of a product on site, and those are very different things. There are conformity assessment process is to deal with all of that. But that begins to expand and broaden in many ways. So whether we are looking at individuals to will get did they have the right knowledge, skills, and abilities and have a demonstrated that to do this kind of practice. That is a different kind of conformity assessment exercise. A personnel certification versus certifying software or a integrated hardware software platform. They are all different applications but there are systems in place for the most part and there are international conform the assessments that addressed all of those.

I want to push a similar on industry examples. Two parts. Car there examples or models that were particularly in — are there examples or models that were particularly. So the electronic help records, he did not does put it out on a network. So examples on that. And we talked earlier about breaking systems into components and painted an image that you might have a system that comprises multiple independent vendors. Components that also worked together. So if I am giving a government grant to crunch numbers and they want my spreadsheet to work with that they want to certify both the spreadsheet and the computer on which the spreadsheet is wrong and they might be made by different vendors and how decertify the whole question?

I will certify the second one first. The the second is a supply chain issue. So if you look at information technology sitting in this room, laptops or the projector and has a plastic enclosure that is made of plastic material that is made in some raw form to somebody who molds the closure. It has printed wiring boards in there and sent to a different organization who puts the tracks on the printed wiring boards and maybe another organization with the components before it comes to the organization that rolls this thing into end device. And in the of local safety division the device itself is certified to a standard. So in this case there is a standard called UL60950 and that is the standard for the complete device and there are also safety standards for the printed wiring boards themselves and the critical components such as chords and connectors and capacitors. And the plastic material itself as Wallace the inclosure material. All of these things have their owns a — their own certification program and combine together by someone who makes the complete product and the complete product is submitted for certification. Instead having to reevaluate, is the printed wiring board good stuff? Of the certification body gets to look at the information from the certifications of the supply chain of the equipment and avoid a lot of redoing of work. Also provides the industry a lot of benefits because the manufacturer of that laptop or projector can alternate Resource printed wiring boards from a multitude of certified vendors who’ve been into the system. So conceivably you could make a system that has several tiers to it. You could have complement tiers and a tier for the compilation of the components into a system.

I went to make sure it because I think there might be a distinction in the example that I use. Because you are still talking about one vendor delivery in the final product of all of these components together. And I am thinking of all I by a Mac and I can load Excel or I can use Google docs. But the combination of the spreadsheet and the computer is sort of my own system that tie tailored for my own use.

You are looking for unique integration.

It could well be.

Probably the best analogy that we have put that is the built environment. So when you build a structure, there are building codes then gave you the rules for the structure. Right? The contractors bring in conduit, rebar, concrete and assemble its on-site to a structure that needs the code and they say that they have to meet the conduit standards and have to be certified to the conduit standard. So the people who come in and verify that in that integration of certified stocks of that they got it right. That is a model that could be applied to something like this. The difficulty that we get into is that you have to do one of these conformity assessment exercises, and the inspection every integration of the component to give you confidence that this integration was appropriate. But yes, there are models that can do it.

Joe Heiman again. Are there any accrediting organizations at the present time that could accredit a certifying certification for Health Information Technology?

As long as they have the right set of requirements. As I mentioned all accrediting organizations who are operating on a large-scale moving to or have adopted ISO ICE guide 65 as their standard of operation. So if we define what in addition to this general operating certification program we needed in order to have a good Health Care IT certification program than they could take those requirements and deploy them effectively paid so the answer is yes, but we have to make sure that we develop what the requirement for that particular application of certification is.

And we gave some examples. One of the examples right now, actually two of them, these both are in the business of accrediting businesses that do product certification pits of yes, there is a lease was up there for us to drive John Glasser. Also the ease of learning and ease of use and adaptation to change. What is your experience has been in the industry to get your hands around both measuring and perhaps certification of those areas or areas like that?

I guess when I looked at that question I was — I thought about it a lot. I think the difference is, what he was really talking about was monotremes the effectiveness of the products that have been put in place. So if we assume that all of the products meet the requirements and we are looking at the effectiveness of the system. What we should be doing is looking for data and information to help us to enhance the requirements over time. What we are learning is not worth the requirements that we put into the conformity assessment system the right set and are they working for us? And if they are not we should be enhancing them. In the world of standards we do not write standards and walk away. We continually improve them. So what we want to do is build products that meet standards and put them into the appropriate use environment and monitor the effectiveness of those products. And go backward we have issues or see opportunities for improvement and improve the technical requirements for the product, and take those new and revised standards and put them in assessment systems of the next generation are better piece of this is an evolutionary issue.

And some examples of what we have been working on in the same areas. And usability for instance. That is one of the things that we have been designing tests and augmenting standards and working with the standards community for several years. We have applied in the biometrics world and in the voting systems and what they have to reach. Declared an effective and useful. And we have also been working with ONC and tests that determine whether the systems actually meet the standards. So we can put prototypes’ together to see if we meet the standards and then the test can be adopted by other certifying bodies. So the experience in many of the things that Dr. Steve mentioned I was saying yes, because there is an understanding of separating he says and understanding how they need to be affective together and being able to design the test and things like usability is not soft at all. It’s testable and there are ways that you can come to agreement with international standards and test those against the standard.

One of the things I think will be very helpful is to departmental lies a little bit the technical requirements of the product and the conformity with those requirements. That is what conformity assessment is. So we can use what we learn in the marketplace to improve the or we can say that maybe the products are not conforming to the standard. So we have to fix the conformity assessment process and improve the standard and implement them to conformity assessment.

Getting back to CCHIT, when we started we wanted to be in the vendor community and raised the bar to a three year roadmap. But have been seen that type of approach worked effectively in other industries or have you seen challenges associated with it’s a moving target and vendors are challenged to create a moving target. What are your thoughts on that evolutionary strategy?

I will start with the system. That is in my world, too. That is an effort that we are providing the government testing capability or the Government Systems. So working with vendors and setting the bar. But the standard is there and the bar is the standard. So being able to demonstrate that systems are meeting that standard is what we have been working with the vendors. So the vendors are actually supporting that laboratory that is doing the testing. They are paying for that. But it’s a constant interaction with us in the community.

Did that standard stayed the same or did the bar race over time?

The standard has been set for almost 20 years.

That is the point I’m getting at, is there a need to raise the bar?

I think that concept is a valuable one and it works in a lot of areas very well. In the world of safety is continually monitoring and are the standards that we put in place achieving implementation and products in the marketplace that are safe enough for our society? We have a lot of wriggle Tory agencies that help us understand what is happening. regulatory agencies and an excellent example is electrical Safety centers have improved over the years and the cycle works pretty well. Where the cycle is difficult when you have interoperability issues because interoperability you have to be careful as you are improving the standards that you do not lose the initial interoperability or maybe find a way to enhance that.

So great care has to be taken in interoperability issues.

Larry Wilkes. One of the issues that have been used as success in safety is airlines. And I assume there are a lot of interacting components that make that safety. Could you comment on how the standards process, certification process how that works in that industry and is that they could analogue for Russ? Especially over the decade — analog for us, especially over the decade.

I do not have enough interaction or exposure with the system.

Adam Clark. One of the issue is obviously with health IT is insuring that there is security behind it and is surveiling going to be a part of that? Will you look at that to see is it through these systems that we are able to actually — are there beaches of security so to speak in the patient identification? And if so what is the recourse if these systems are out there and we find out that there are ways to obtain this information.

That is something again that I struggle with all the time because we have the responsibility of setting the standards for the federal government on cyber security issues. So the balance is always in the game now with the standards the to be and how the testing can be augmented to make sure that the appropriate things are being tested before these products are deployed. I am pleased that you bring it up because it is certainly one of the most critical pieces that we’ll need to be paying attention to.

[ Captioners Transitioning ]

Is there a typical time to get that done?

Standards can take a while, the way the United States does it, and Gordon can amplify. Believing the standards process should be driven by the private sector. We do not dictate, as some other countries do, say the standards will be thus and so employ it’s a consensus based, voluntary process that can take longer than anybody want its to take. It can also move more expeditiously when the right people are in the room, and the [indiscernible] is there. We have seen both extremes. It gets a lot of bad press because the process is so thorough, and good, but can be accelerated by, again, providing the right kinds of testing tools, the tight loop between the results of testing and where the standards are developed early on, so cliert clarity of this works, this doesn’t. You can really accelerate the results, but can get a bad press because it can take a while to get consensus. The job we have in this space is to move as quickly as we can.

Terrific. Thank you for a terrific presentation and making sure we stay according to the schedule, and Dr. Fall — we appreciate your presentation .d the work group will now have a 15 minute break, we will resume at 11:15:00 a.m.

[Recess until 11:15:00 a.m.]

I will ask you to resume your seats. Dr. Joe — will be our next — sees patients every day. Could everybody find their seats and we can get started. We have five representatives from the vendor community here. The first thing I want to make sure everybody understands, the fact these particular five vendors are here has nothing to do with the government iny doersing any of them, in any special way, only that they want to give us some information.

We have allotted about 15 minutes for each of the four vendors. And we hope will you not only keep within the 15 minutes time, but if you can shorten it a little so we have more time for questions, that’s even better.

Without further ado we will start off with Sheldon

— Quality systems is an IP vendor, significant player in the IT space. We have fiscal year revenues of 245 million, over 1200 employees, publicly traded on NASDAQ, we are ambulatory HIT provider, and over 45,000 physician licenses.

The products we provide are electronic practice management, along with ERH. We do revenue cycle management and also do community health systems. Probability one of the key features is integrated solutions for the healthcare community we serve. One question we were asked to talk about is what has been our experience with the certification process, and I would like to comment that we have been certified in years 2006, 2007, 2008, and for the pilot in 2009, I think relevant for this group here, our experience with the certification has been a very positive one. It has allowed us to do — the physician groups we service, made us follow standards, it’s made us as a company, most significantly R & D, and we can continually improve, ensure our future certification. We consider this investment in R & D a very good thing for IT, and very good for the community we service.

Another question we had was who should perform the certification, there be more are than one group or other groups involved. We believe as one of the vendors, that C CCHIT should be the sole certifying body. You might ask why we believe that. We think they have had the experience, been doing it four years, they are up to speed, and we believe the process is working. They are doing a good job. They have a broad base of stakeholders, physicians, health plans, health systems, hospital or physician groups. They include the IT vendors, pharmacists, public health, medical record and hospitals. And they have plans to expand into the specialties. My question would be why would we change a good functioning system? Also, on that same subject is developing criteria. We put a new entity, four years behind where we are now, I don’t think that’s a wise decision. The time required any new entity to have public comments, would also be large. One of the things we have — let me go back here — we strongly believe there should not be more than one certifying body. You might ask why that is our position. If you more than one certifying body, different criteria, this would confuse the market, and we don’t think that’s a good idea. We think on a going forward basis, the CCHIT should be the sole certifying entity. The core system should have a high bar, don’t think you should lower the standards, think you should continually, as one of the gentleman here mentioned, to continually raise the statement. We think that’s a very good idea. We think the specialties should be an add-on after the core is met, so that if you are doing certification down a specific specialty, they should meet the core, then after, on top of that, get additional certification, pick specialties they are involved in.

We think also that with respect to open-source, we think all those people should be included in the same certification process, should be no different. They have been able to certify system just as anyone else does.

Another question was should the certification be [indiscernible] specific, we think again they should be both. That in order to do it properly they should be broad based with a — and the top of the core for the specialties. We think an analogy would be if you had a medical degree, fine; you went and got boards certified in sub-specialty, that would be the analogy that we would support.

With respect to another question asked, should certification embody vendor fitness, we would like to weigh in on that subject, too. We think absolutely. We think the vendor should be financially sound, should have significant R & D programs, and why this is the case, we think, we want to be sure the business is going to be around to continually qualify and support its product. We think also this would avoid embarrassment to CCHIT for certifying somebody who is not around, and screening viability, you should examine recent profitability, cash, and balance sheets.

Next question was should certification be viewed as a seal of approval. Our position is no, and you might ask, that’s a weird answer, what’s your situation here? We think that we can certify the processes, such as vendor implementation and support, nor can we certify the physicians will use it properly. Because we can’t do the process here, we think it should not be met as a seal of approval.

With respect to — how should vendor systems be certified, and in-house systems and open-source systems. Again, we believe they have been certified in the same way as all the vendors are certified. Using the same standards, and open-source should be site certified.

How should criteria related to prisere as aspects of ARRA. We believe it should be an integral part, used to encompass a social history piece, privacy piece, obviously should be HIPAA compliant. We should be documenting any release of information or information access, and when we give out information because of privacy concerns, the record is incomplete, obviously should be a notice on that information going out that we have incomplete data. Another characteristic is we should have what I would call a life and death, break the glass feature. In which case [indiscernible] the patient is in dire need of help, we can break that privacy condition in terms of giving out life-saving information.

We believe the privacy issue should be driven by the patient or patient-advocate. The system can develop software to have features, but how they are finally used should be up to the patient and custodian. The healthcare IT should be provided with frameworks for these things, but the actual use of that should be in the hands of the patient and the custodian.

We would also, somebody mentioned earlier, in order for privacy to be maintained, we believe that there should be severe penalties associated with breaking that privacy.

With respect to security requirements that are also integral to this, we think they directly should be related to HR and be a function of the HR. Privacy shouldn’t be embedded in — elements of process should be left to the users. The security should be built in along with the privacy, how that is used should be a user ite .

With respect to summary comments, we feel strongly there should be one certifying body, we recommend that on the basis of clarity, clarity for the industry, that there is just one certifying body, we also believe the bar needs to be set high with respect to the core, and specialties should be added on top. Then, certification should not involve just checking the box. They should be verified, that the features are really functional, operating in a live site. To do otherwise is to invite what might have happened in another industry called real estate industry, where people had wire loans and lowered their standards, which collapsed the housing market. We are looking for a very robust growth in healthcare IT. We think the opposite should happen should continually keep a high bar, verify information. It should be verified by the CC hit certifying body and even to the extent 6 seeing, looking at live sites to make sure indeeds this information technology has been used properly in live sites.

Thank you.

Thank you.

Thank you very much. That was ambulatory EHR vendor. Now we will go to — hear from David McCallie, vice-president of medical informatics, and John John Traveis,

Thank you for the chance to present this testimony. John and I will do this in a tag team form. John has directly supervised all of our current certification efforts and has insight into the details. I will try to provide you an overview. I am relieved to see William Stead has left the room, I am proposing a considerably smaller in scope and more focused than the grand vision, and that’s doubly true because Dr. Sted was responsible for me taking this career, my first boss right after college. He would probably be disappointed in what I have to say here for failing to meet the high standards he tried to instill in me at that time.

We think the sharper the focus, the better. I agree with Sheldon there. The market needs clarity, and needs to move quickly. The timetable set by the statute is aggressive. Regardless bar set, it’s going to be a scramble. We think there are three areas that will come into focus. They all have something in common, which is they are really focused around the goal of achieving meaningful use. The first is interoperability, Dr. Stead and I would agree, interoperability is probably the most important thing to focus on in the short run. Second broad area would be functional behaviors. These systems are going to be purchased by providers who expect them to be able to do certain things well enough to qualify for meaningful use, and those functional behaviors should be what we certify against, and third, less tangible, equally important is pr product integrity. The purchasers expect them to be able to maintain intrinsic security, privacy, data validity. That’s not something easy for an end user to measure, should probably be part of the certification process.

This slide is more or less to repeat the point I tried to make at the beginning, which is we think meaningful use should be the sole target fiduciary taring for at least the next four or five years, in the short hand we have come to use, whatever is necessary to qualify for stimulus funding, and to avoid stimulus penalty in the future when the funding rewards expire. Focus certification on the stimulus, would be our recommendation, and the other existing certification efforts underway should be aligned as much as possible with the stimulus-driven funding, certification criteria, in particular the e-prescribing, Stark exemption, annual recertification effort, and the Neepa e-prescribing should be harmonized around the same criteria, cycle, to minimize confusion to vendors who build systems and the purchasers, who have to ensure they qualify for these particular bonuses and incentives.

We agree with the numerous suggestions that certification should switch from an all or none model to a modular approach. I am sure this will be talked about in great detail. We would simply suggest the definition of a module be based on sub-sets of meaningful use criteria. People could assemble a system if need be out of existing and piece parts, new parts, based on the pathway necessary to create something able to — someone may have an existing e-prescribing system, but need to buy a system that does CPOE, and a third that does quality reporting statistics. Put together a package that meansy sense to them for meaningful use.

We think [indiscernible] is problematic, at least at this stage of our industry and the products. After hearing Bill’s talk, I am beginning to believe maybe we should start all over. He really painted a an unsettling picture of the maturity of our industry, from a software point of view, though you and many of us in the room have spent our lives in the — evaluation of a system would be difficult, if not impossible to build into the certification process at this time. One reason for that is, I don’t think we know enough about what is the right way to solve some of the use ability problems to lock them into received wisdom at this point. That might stifle innovation. The other problem, in our experience with clients, much of the problems of usability have to do with improperly configured systems. Improper is whose definition, where the rub comes in. Our client choose how they wish to configure it. Sometimes those choices aren’t the best choices. It would be difficult to certify a system for usability absent an actual implementation at a site.

We think the certification criteria should be based on objective standards. The ideal, as we heard from the excellent presentation from the folks at NIST would be a machine-driven certification, where you have a harness, can hook up a system, run a test suite, get an answer. We think absent that, the criteria should be as objective as possible, and then absent that there should be an human, multi-person panel involved so we don’t run the risk of getting juror bias into the assessment of a system.

Then, continuous availability. This process is going to happen quickly, the long time tables of the current CCHIT style roadmap are probably too long for the next few years. We think that as much as possible there should be an ongoing process. You notice the second point there, if the test harnesses could be made available to the sites themselves, not just vendors, to perform continuous self-assessment and know they are maintaining themselves in a certified state, that would be a good idea.

Finally, watch out for hidden conflicts of interest. The certification should be based on the objective standard itself, not any particular network you have to hook up to, to test the standard, any network specific agreement should be separate from the certification process, to avoid inadvertently introducing essentially de facto requirements that are not really part of the standards process itself. We agree that an accreditation process, perhaps from NIST, makes sense, particularly if over time it’s necessary to support more than one certification body, if the process requires than one, accreditation is obviously necessary.

John, do you have other comments?

I think one last point on the — more than one certification body, I agree with the point made earlier that it’s very problematic as to the criteria development that may be put into place by those different bodies, in that underscores the need for oversight if that emerges. There’s an assuredness that those certifications hold equivalent meaning. At the same time if more than one emerges, vendors should be able to certify with one, have full standing for the purpose of the prerequisite requirements of meaningful use, not be compeeled to pursue certification by multiple authorities. Equivalent with each other, and oversight process assures validity and support market confidence.

I think we are ready for going to the next speaker.

Thank you very much

Now we will hear from two niche vendors, the first is Donald Deieso, chairman and CEO of PeriGen.

Thank you for allowing us to provide our comments today, and a special note for recognizing the importance of specialty solutions. We prefer specialty instead of niche, in that we track the therapeutic and clinical areas in which we serve. I would like to give a very brief presentation on the company, mostly as a representative of the many specialty solutions firms that are making such a significant contribution, and I wanted to highlight, too, advanced clinical decision support. Something that in the meaningful use definition today, as proposed, doesn’t really offer promise until 2013. I should like to give you evidence that it exists today, not only with us, but in many other companies and it’s functioning well.

We are a company based in Princeton, New Jersey; a U.S. corporation, we work exclusively in the area of OB/GYN. We have a prenatal system set up in the hospital systems we serve, to improve patient safety, clinical outcomes, through advanced clinical support. In short, we connect our system to any host of, or any group of ancillary systems in the hospital, and at the clinic, including any of the enterprise EMR systems as well. The system is distinct, of course, in that bed side for the mother and in-patient setting, there is a screen, clinicians interacting with the screen. The mother’s condition, data would suggest, give indication of her condition changing minute by minute in real-time, proper alerts, notifications are given far beyond that of a linear CPOE and drug-to-drug allergy. We, like many firms produce clinical and financial — our clients have saved or $6 million a year in medical malpractice claims as a result of the system.

Let’s talk a little about the specialty solution, and it’s role in the perspectives we offer today. First, there has not been a specialty certification from CCHIT. We are encouraged by several of the actions in recent months that suggest rei moving that way and we encourage that fashion. In the two categories of certification that exist, enterprise and ambulatory, the critical amount of function missing from the [indiscernible] or the specialty. We should also share with you the consequences, should the specialty solutions not be considered in the meaningful use and/or certification criteria.

First, we believe strongly that the real powerful transformative advances occur in the specialty firms. Evidence of this can be founds by simply studying the enterprising EMR companies to see how they have been created, by acquisition and merger of exactly those specialty firms over time.

Second, we believe that setting certification requirements based on the most common denominator of what’s available from the largest firms institutionalizes an average and discourages innovation. The most exciting opportunities, we believe, for driving improvements in healthcare reside at the fascinating intersection of clinical information and advanced in technology. It’s important that those advances be recognized and encouraged, not disincentivized through the measures you take here today. We also suggest that the incentive built into high tech is a powerful tool, not only it will be used to incentivize, drive this very important transformation of the U.S. healthcare industry, but may become a de facto standard with which medical malpractice claims are taken, beyond what we taking in this room. I can be confident plaintiff’s attorneys will use it to segregate those who are delivering care.

Meaningful use and the proposal offered today does not include entire populations, nor can it. We do suggest, however that women’s health, given the fact that 4 million births a year, and those 4 million new children introduced into the population of the United States, if not properly measured, may not be given the start needed well into their A adult hood. It’s a special population. The certification requirements for specialty solutions must be encouraged. I mention the encouraging early signs of CCHIT in this regard. We have encouraged them and we encourage this committee to be sure that we are not disenfranchised.

Defining the desired out come in summary, first, modularity, very, very important. Second, clear mechanisms for the dispersement of incentives for the specialty solution providers. For example, we have a number of hospitals that are regional, some rural, they don’t have enterprise EMRs, nor is one on their capital expense program, but they do have a system, such as ours, in OGEED, systems making huge contributions If the incentives are defined in a comprehensive way so it is hospital-only, much of those advances occurring today department by department will be lost.

We are not quick for a solution, but we are very clear that it is an issue you hold in your hands, and significantly changes the fate.

The vulnerable and protected populations, women’s health and pregnancy, one measure in meaningful use is associated with women’s health, percentage of women with mammograms over 50 years old, and the final bullet, one that is somewhat nebulous in its purpose, but quite important to us, that a national forum, a continuing forum that advances innovation, continues to share among those in HIT, what is actually occurring is very important, and we support it. Thank you for the opportunity to offer these thoughts.

Thank you very much, our next specialty presenter will be Do you Wilson from Varian medical systems, oncology, rather. Dow.

Waiting for the slides. Thank you. I am dow Wilson, executive vice-president, president of oncology at Varian Medical Systems. Very briefly, a little overview of what we do as a specialty provider, and talk a little about what we think the objectives of the initiative, application to oncology setting should be, things we are talking about. And last, make the case for specialty certification in the oncology setting, as opposed to certification requirements to specialty electronic health records.

Who are Varian medical system system a leading producer of radio therapy, surgery, proton, we have significant software business, do practice management, treatment planning, and oncology informatics. We work with many centers around the world and our oncology information systems interoperate with enterprise of-level EHRs to ensure access to cancer patient data anytime, anywhere in the healthcare systems.

We are installed in thousands of sites in the U.S., over 1000 internationally, and in addition we work collaboratively with the other oncology vendors, developing our view today, the principles for EMR certification, and I think I can say with some confidence our comments represent a very high percentage of the marketplace for oncology specific EMRs. Our product, called ar ya, designed to support the order, preparation and delivery of keepee therapy and radio therapy, encompassing a variety of work flow and decision support, charting, specifically provides a record and verify system for therapy treatments. Written over 1000 interfaces to exchange relevant patient information with that, information.

In terms of certification and healthcare objectives, Varian and our oncology vendor community, we fully support the concept of certification and meaningful use as a way to promote safety, efficiency in the delivery of care. Several organization have put forth recommendations to the federal government for the implementation of HIT certification, recommendations from the Institute of Medicine, national research council, and demonstrate the need for specialty focus certification for oncology. The goals are general, ambulatory and specialty certification can remain the same, the criteria for implementation somebody different.

In the few minutes I have, I would like to give a few examples. Recommendation one, electronic health record should contain comprehensive information relative to the patient’s condition, treatment plan, and outcomes. Electronic health records should meet this goal. However, oncology requires specific terminology, data collection to support physicians in the selection, planning, management of chemotherapy and radiation treatment. These are unique as mentioned by Don, very important to us, to develop practice guidelines, decision support, and many things we talked about before are germane to what we do in the electronic medical records setting for oncology. As a result, test cases for oncology, HRs should include oncology-specific elements.

Recommendation two, EHRs should have the capability to integrate evidence based practice guidelines and research results into systems. Oncology focused include practice guidelines, other specifically for the treatment of cancer, meeting this criteria. However, if a test case or certification designed with a general ambulatory system in mind, ong oncology-specific vendors would have to go back, patients may have to wait for oncology-specific — cancer staging, chemotherapy cycles, tumor respoons assessment. Compliance of general ambulatory criteria will delay developments by vendors and could offer less value to the oncology specialist.

Recommendation three, all EHRs should allow physicians to not only manage their own patients, problems specific to the individual, but when moves beyond the patient and impacting a larger population. Cancer measures, CMS’s — oncology-specific elements for data — quality care, oncology should permit aggregation, data mining and decision support elements to support good medicine and advance what we are trying to do in oncology.

Data relevant in oncology, particularly trials, toxicity grading, adverse events, necessary for quality — without specialty certification, it would be difficult to determine whether the EMR is capturing the appropriate information to support values relevant to oncology.

Certification of specialty, electronic medical records, Varian, other leading vendors believe the oncology department cannot be an information sileee if the — cancer care. Looking for options we believe it is essential loo separate, stand-alone certification must exist for oncology specific EMRs. Some are universeally relevant but — safety, efficiency, specialty disciplines, general criteria only provide part of the solution. If we agree that our objective is to improve the quality and efficiency of healthcare, and accept there are specific and unique needs required to achieve those objectives and the specialties, we must agree a sub-set of the general criteria, along with the specialty criteria would better serve the specialty community. A way to — baseline specifically for the oncology community.

Varian encourages the HIT community to continue open dialogue with the oncology professional associations. This interaction is essential loo the development of meaningful objectives for certification. It’s crucial a separate certification for oncology EMRs be ready for the recovery act implementation. Should this not be rolled out soon it would be ex2R50E78 treemly difficult for vendors to become compliant for general ambulatory system as justed discussed.

We want to ensure all providers, specialty or not are [indiscernible] forced into buying an EMR inappropriate for their practice, we offer our company as a resource for — to promote the best resource for the provider and patients they serve.

We are going to have questions now, if you don’t mind, I am going to ask mine first, because I have the microphone.

I have two questions. The first one is, in my community, we have six different EMRs, we have been trying to set up health information exchange for about five years, six vendors, we have a connectivity vendor. Despite the fact they are all [indiscernible] certified, we are having a Hell of a time getting health information exchange started because they don’t talk to each other, in spite of the fact they are certified to do so.

I would like a comment on that. Then the second question is one of the possibilities would be to have two separate kinds of certification. One is a CMS certification that the products meet meaningful use standards. That might apply to any kind of vendor, and then there might be some other kind of elective certification that doesn’t have to do the stimulus package, that might be more similar to what CCHIT is doing now. I would like you to comment on both of those issues and whoever wants to come in first, that would be great.

I would like to comment on your disparate systems not talking to each other. Principally, because our company, our NextGene developed exactly what you need, Community Health Systems, the ability for systems to talk to each other, only requirement is they be using standards. There are systems to help you do exactly what you are trying to do.

Your second question referred to —

Having two separate kinds of certifications. One that’s CMS, you meet the requirements of meaningful use for the stimulus funds, and the separate one more similar to what CCHIT does now, a more elective certification for any particular entity that wants to be certified.

I would like to comment on that, too, we think also you hit the nail on the head with respect to certification for meaningful use, means one pot of money. Maybe all others in a different one. Yes, I think that’s a good idea.

Okay, other comments from anybody?

From the specialty point of view, I think the differentiated certification would make a lot of sense. You look at medical oncology, 40% of practices are digitized, 70, 75% of radiation oncology are digitized. One of the big barriers, the financial incentive to make that change. A lot of medical oncology practices are very differ fuse, small practices U outside the hospital, providing that incentive would be a big deal for those organization.

I would like to comment on both questions. First, on the interoperability. The current certification effort focuses on just a tiny part of the interoperability equation. It’s like the plugs, but not what you plug it into. Until some of those health information exchange standards are settledded, agreed upon, it’s difficult for the vendors to know exactly what they plug into. Of all the real requests we get requested to connect to, every one of them is different, that’s just not nailed down yet. You can’t stop with certifying one half of the process, the plug, you have to certify the circuit you plug it into. With E prescribing, that’s much further along. We see proportionately greater success, and connects disparate systems together.

Second question, certainly agree [indiscernible] further along —

Yes and no, may be further along because the standards bodies did a better job of rounding up all the stakeholders, the NC CDP process, plus a clearer business model driving from the retail pharmacy side where they had a clear benefit and reason to push it forward.

On the eligibility, the payer side, formulary, likewise, a clear business model for them to make that available. In the real model it’s still debatability, the long-sphainlt equation. The certification processes, certainly we were proposing the first of yours, meaningful use certification, so purchaser has high degree of confidence if they purchase, install properly they can qualify for — penalties after 2014. Elective certification I am less interested in. We feel pretty well engaged in the meaningful use issues.

Other questions from the committee?

John, you were in charge of certification for Sirna, is that what I heard?


What was The overall impact for your organization?

Your us, we looked, the acid test where there was an explicit — certification’s sake, for us it has to be more than a good housekeeping seal of approval, it has to hold meaning, both in its ability to enable requirements and [indiscernible] something they recognize, can have confidence in. We participated in three different certification programs over the last three years, with CCHIT, and I think we look at it as a very foundational element of what’s going on in the market. Early on there may have been vendor reaction of another thing we have to do, expensive, it’s ingrained. We know it’s there, have to deal with it. The comment was made by NextGen, driven to better embrace interoperability than they might on their own. That’s a value, definitely helped promote that objective and reinforce security, privacy standards. Which puts it in a new light, security, privacy, left to our own devices we would probably pay more attention to security and privacy within the four walls of our client. Those are real values.

Where we have tried to take great care in evaluating, just not default, saying go for every certification that comes out, has been is it an ongoing, continuous value. We mentioned in our presentation our concern about the relationship between certification requirements under the Stark safe harbor and under meaningful use. We are driven to an annual certification process with Stark, whatever we say about it, CCHIT certification periods have been effective for two years. Used to be three. Under meaningful use proposed to be two years. I think we need a better synchronization of the time period, effective across the federal regulatory requirements that point to certification. To me that’s a consistency that should be addressed. We recognize the value of it. I think it drives behavior that might not otherwise happen in the market, very positive for things that are the not function, feature, user-demanded requirements. It holds value around that.

This is a question targeted at — for the Nextgen and Sirna folks. When we talk about — are you communicating a narrowing versus a full CCHIT accreditation or is it in that comment a different emphasis, specific pieces of low-level functionality —

I will take the first, two things. We aren’t saying certification should only be meaningful use. Certifying bodies are free to develop what is appropriate. The comment from the specialty vendors, there’s great value in certification for specialties. The Medicaid programs, state HIT initiatives, like Minnesota, they are emphasizing specialty certifications. We are not meaning that. I would turn it around and say if a certification program is being represented as meaningful use, being geared, scoped for that, that’s what it should be. Shouldn’t be saddled with de facto requirements. We have experienced situations where bodies that are participating in certification that CCHIT has formed out certain requirements to have their own requirements that go beyond the certification requirements. Specifically for electronic prescribing where we have conformance requirements, connectivity to network, data collection requirements, provider participation in the networks; that are embedded into th certification we have to attain, subsidiary certification, we present evidence to CCHIT. We have to look at those things carefully. Our point on the impartiality, independence to certifying body, the certifications need to take great care not tho enable a business model or requirements to any that goes beyond meaningful use demands.

That’s the gist of that point.

I would like to comment, please Somewhat in agreement that you need to have your standards for your core EHR systems associated with meaningful use, and that be very clearly stated. Those requirements should be, that bar should be continually increased as we go on in time. The specialties should be on top of that as a kind of different, post-graduate degree on top of that certification. That’s how I will weigh in.

I would like to add one, maybe slightly dissenting opinion. I want to go back, from my notes, one of William Stead’s slides, touchstones, less is more, require precise definition, avoid freezing work flow content or technology, make data liquidity the foundation. I think that’s an incredibly important point. If we prematurely certify a particular work flow, way of doing things, we will suppress innovation, and we shouldn’t do that.

We are still a very immature industry. If we certified cell phones at, say, Blackberry, we wouldn’t have an I or whatever is coming next. We have to be carefully to not aggressively —

Do you worry about introducing any opportunity — the resulting system deployed might not be as coherent, any risk there?

Certainly there’s a risk. I think assembling a large-scale system to automate the processes of care across a hospital is an incredibly complicated and difficult process. It takes years to do it. Bill said 10 years. If you build a system out of component parts you have more work than if you buy a package system, one of the selling points in the marketplace for years, still, if you bought everything, you still have to assemble, nobody supplies the whole syste certification could make the problem an easier problem than today, by being aggressive on interoperability issues. Usability, work flow — I think to

We are on reality, especially for 2011, respective respect sayses, our clients have a variety of systems in use. Replacement strategy or mid-stream, they will look to vendors, to represent constituent, certifications, incentive requirements, they are not going to say to Sirna, I bought your catalog, will take me eight years to implement. I need something in 2011. A very delicate balancing problem will have to recognize organization have invested in whatever their production systems are. They are more likely, especially in 2011 to look to current vendors for updates to meaningful use, not engage in replacement strategies in 15 months. Modular certification is an enabler to those organization that have invested, for whatever reason, in the production portfolios they have. That’s their point of departure and it’s a rate limiting reality to what you do with certification. The bar needs to be set appropriately, but a lot of investment dollars have been spent, and they are what they are. Improvement should be made in systems as they are, not the only path is replacement, new plumbing. At my house, I am not building a new house for the sake of a new electrical system.


Adam Clark, Lance Armstrong Foundation. Oncology specific issues, certainly that’s near and dear to the heart at the Foundation. Throughout these months after this committee was formed I received lots of calls from the cancer community, continuing to emphasize the importance of research in meaningful use, certification, in all aspects of electronic medical records, particularly as we look at pediatric population where 55 to 65% of those patients are on a clinical trial, or we look beyond with just doing comparative effectiveness research. We don’t know in radiation, number of — that will work best, for prostate the procedures that will work best.

I was wondering if you could comment on, particularly in specialty areas, how clinical research and data collection can play in the certification process, things we need to be looking at, barriers to address to really try too help communities like the cancer community that rely on this information.

It is a complex question. The percentage of pediatric patients on research, if you look at academic community, large community hospital community, 30 to 40% of general cancer patients are on some kind of research protocol. There has to be some capability. I know that our system has capability for managing those protocols, other competitor system does, what the certification requirements of those research protocols might be. We really haven’t spent a lot of time, but would love to think about that with you, as I am sure [indiscernible] will be as well.

It is a capability that should somehow be there. It’s just such a large percentage of the cancer population.

[Captioner transition.]

That capability has to be reflected in the requirement.

SUPERFLUSHWe need to be more aggressive about Interoperability. Can you give us more specifics besides just been more aggressive? What should we do to fix this thing?

I can give you some opinions. Actually, John Glasser and I have exchanged some emails about this. One of the things that I am afraid of in the current timetable for specifying specific meaningfully as milestones is the potential of getting a of sync between the Interoperability file stunts community-based, health information exchange. So in particular, the states are aggressively pursuing the ARRA funds available to the states to build Rios and information exchange entities, they are not covered by certification timetables or the certification process and there is an indication Port, say, the 2011 milestone for the benders for that EHRs bought haven’t specified what the [indiscernible] is and going forward to try to build exchanges against an unspecified standard. So one thing would try to be to avoid the synchronization. So that we are Glen to have a 2011 Interoperability standard, let’s let it apply equally two everyone and get that kneeled right away. If it will be 2013, a [indiscernible] the vendors to whatever standard de pact, which may or may not be the ones that get blast in the long run. So that is just really a plea for speculation in the interest of flying across the communities.

As far as the actual technique to do the Interoperability, I think it will get pretty technical pretty quickly.

There are — and I probably should not go there, because I could spend the rest of the afternoon giving you opinions on exactly the right technology. I think there are standards out there that could be used fairly quickly based on the documents sharing model called XDS that could achieve a certain, the Interoperability. Whether those are the right standards are not should be debated quickly so we could settle or go forward full speed with an XDS based approach to Interoperability or come up with something different. The Model that Bill described in the that that’s where they are sharing a loss of textual documents and finding smart ways to search those is for an example, not a XDS bottle although it is a very powerful model and it is the is a better place to start than a very structured model. Some of that on the [indiscernible] vendor side make it hard for us to go and commit substantial resources until we know we are Glen to land.

I probably did not answer your question.

Well, it was helpful, but as you were talking, I guess one of the things I don’t understand, or maybe I to understand, is, what went wrong. Why do we find ourselves where we have nothing that can talk to each other? Why isn’t it working?

Well I think it is a bit of a misnomer to say that nothing talks to each other. Everyone of us benders has implemented thousands of interfaces and data flows, absolver systems. We have a whole crew of people at Turner who do nothing but talk to other systems. That is their job, to build these interfaces. The vast majority of these interfaces are going to start with an existing standard and start with a small amount of customization on the client side and that may take as little as a day or 2’s worth of work or it may be bored depending on how unusual the system and what we are interfacing with. They’re is a tremendous amount of data that flows today, is just not plug and play. For example present and and and HL 72.5 out of the box. We have thousands of them and they work quite well.

What is not present is the community level sharing and that is partly the lack of agreement upon the right standard of use but I would say it is more of lack of agreement for what it means to have documents and patients shared in the community. Does a regional based Schering model makes sense? Cure share is regional most of the time but when it isn’t, like if you go to that Mayo Clinic or the Cleveland Clinic, it is not a regional base model. Those arguments have been going on now represents the beginning of Dr. Brailer tenure at UNC and until they have been, this is the way we share data in the community and manage privacy and consent and charity rules across state lines etc. The vendors to have a lot of incentive to do the extra work to make that plug and play.

If you look at what was actually certified, and kind of get inside that for a moment, CCHIT certified three aspects of Interoperability as to the types of data, so we had a lab, the values being exchanged, electronic prescribing for most of what the regulatory regime now relates two as advanced E prescribing, Medicare part D requirements and communicative requirements nothing in it for a cure a summary as to a transcribed physicians document or anything of that nature, so you had a CCD with what would be in moderate concept. But as of yet, what would be addressed by CCHIT proposed in 2009 that they still be part of their comprehensive certification for advanced Upper ability is anything to test XDS. So there is truly as of yet no test as have the ability to go approach H. ITI, present and resolve what clinical documents request for that document and any specific instance of that document. So perhaps buy that fail to cure relied on certified Systems is that none of those systems were certified to connect to anything for the purpose of collecting clinical data for any patient for resolving the identity to deal with consent. I do know that you will hear from HITSBE later this afternoon and and a part of that and we have spent a lot of time on data the management and provider identity management and the consent and the things that facilitate that but they are in the future relative two certifications even with the developments we have had today.

Are there a standard mechanisms in place to pass trust from one system to another, but we haven’t agreed upon what do you trust in the first place. What is a properly arson ticketed provider? What is it properly authenticated patient who is requesting information from a system? As John said, these have not been settled so they are not in the products, therefore I do not get the plug and play that you would like to say.

So the standards have not been set yet, that is the problem?

Yes, in many cases they are not settled or the parts are not sufficient to build the and the two and system. The easy part’s have been done but the hard parts have not.

And therefore they are not yet in the certification.

And wanted to go back to David Macaulay ‘s comment, that the equity with an important point, and I wanted to see if I could take a step further and see if he’s got it made sense to make that a fundamental requirement of certification, in particular in the sense of the separation of applications from data?

I think it is it part of what I think we’re heading torrents. And so the proposed requirement of the patient being able to get a copy of their data in the form of a CCD document or whatever the standard turn out to be, that is the liquidity point right there. That and not the 100% of that data in the system but that is the liquidity data — have it adjusted appropriately. So to the point that we can identify the course structured data elements and make those transferable between systems I think is the first set. And I think they’re should be some control bought back I will admit I didn’t follow that. I think that that doctor has a list that I am sure that everyone has heard him say, what he thinks those elements are around medications problems allergies, it is it for the smallest and I think all of us on the vendor side would agree that we will take the bull capillaries with their limitations. ICD9 is [indiscernible] how do you describe an allergic reaction and his vocabulary will use for that because there is not the defacto standard. If we settle a few of those things we can interchange the structured data fairly readily. That the rest of the data that is in the database, the non summary data for the data that describes the status of patient in the middle of a multi phase chemotherapy protocol, if you want to transfer that to another system, that is not possible yet. The Clinton systems but across boundaries, it is too complicated and the standards are not there. So I don’t know that we need to go and solve the most complicated data transfer problem, I think we can make a lot of progress with just the summary data. Many clinicians with take that summary and reassess the patient anyway, that is what they are engaged for, they probably don’t mind having 100% of the data there, they are engaging and having a second opinion with the new provider to start with the is and data and then taken and find out what got missed before and what is seen differently.

We would be thrilled with a CCD that we could actually transfer the data from one practice to another practice. Right now, we can’t do it, even though all of the vendors are supposedly capable of creating a CCD.

And that is an example of where the full scope of all of the steps are not well specified enough, so we could put a CCD on its zip drive and had it to issue an D ticket to the other provider who may or may not be able to import that particular file system into the system. You could wrap it into a security Mill message but providers not use secure e-mail, because people don’t go through the trouble of getting securities certificates in their e-mail systems. So there is a variety of ad hoc ways to solve the problem but there is not a standards based way to close the loop. It is doable, IT test has not been done.

Mark approved. I agree — Mark probes to. The standards are now put out and define and given to you. What kind of level of effort is going to be put on to your clients to make these modifications? What kind of time frame do you see, what is the impact?

I think you have to factor in one more item [indiscernible] organizations to adopt in the Interoperability space. Not all of them, certainly, but a number of them to function relatively with and they’re full walls relative to their health records systems bought back we have had a lot of discussion within Cerna about, is part of it is you can connect to an information exchange, what kind of exchange is it that will satisfy many people use. Is it that that organization can connect to the medical staff in their offices with whatever system is in place which doesn’t apply that a big [indiscernible] facilitate that change and pragmatically, as you put it, that is probably what most of them are interested in. In exchange data with the primary care physicians in my community that represent most of the pigeon population I see. For the most part that will be either my Munich referral services or the medical staff. Especially in an academic center and I think that is where the demand will start, that the systems enable exchange to the care settings that refer patients in the and also, are the primary referral sources Post discharge. So that is going to be the first motivation they have and we are already hearing a lot of questions from them, will that be a proof point that will satisfy meaningful use at least early on? Do we actually have two physically connect to some kind of regional HIE that maybe in its infancy corporate planning stage in our geography? They’re stages where there are very functional information exchanges but there are also places in the country that that is not true. But they are all held to the same standard and same burden of proof, so we have to take great care about what is the task early and what promotes growth over that period of time dropper ability point as to what they are connecting two and when they are asked for the burden of proof for that meaningful used, what is that measurement that they are going to require really going to mean?

I am thinking about the time fringe around two edification, he talked about two years or whatever. Might be, and I am looking at Cerna or whoever, we have the standards out there and we can write Release 6.8 that now has those standards in that and practically, someone has to accept that. I don’t think it is just as simple as a plane that code in the hospital or the physicians office or whatever it might be, but I am trying to get an idea of what you might think that level of effort might be?

From our experience, we really is an update to our software about twice a year that we consider a major update. Absent any of your decision, most vendors practice to certify a pretty contemporary version of their software. They are not certified exempting the released three years ago. It might take code back and certify their immediate prior release.

Our client base we try to encourage to an upgrade about every two years on an individual basis, to what is that currently available release. So historically they are on a cycle of the upgrades about every 18 to 24 months and each of those efforts probably is inside of itself a six month effort at any rate to taken up date — take an update. And they are fully converted from what they are from us and it will go through that process. Some less, probably not a lot more. So if they sit here today and they go out and certify her next generally available release, that we just put out and the version which took thrown our own CCHIT certifications earlier this year is a version that is generally available just as we speak right now. So for argument’s sake, if that is what we had pork meaningful use, which should be able to take that code right now barring the decision to take anything back or make it available on any basis, if there is a cap around meaningful use, and there could be, I think especially for some of the measurements that are expected to be EHR based, I think our client will expect whether or not that measurement content and reporting is enabled by as so it can be reliably collected. They may choose not to use it, they the right to something on there but they expect that capability there. So there will probably be some were to be done to make that available. So they are looking at between now and at the hospital starting fiscal year 2011 to take what it might be just now putting out as general availability. And I think that somewhere between a very and the 40% of that time would be spent doing nothing but the upgrade process. You have deepened begun to consider how they are already using our software compared two meaningful yes. Had they implemented CP 0E? Or intimated prescribing? So they are called up right now and that is an exercise, especially with our clients, I think it was NexGen that said it. Well, we’re trying to help our clients planned but we got a what we are planning against. So it is hard to set the bar if it is not reflective of something that is barely within reach. If there reusing the software for everything today, they would still face the upgrade to take them about, arguably, to that end of the year to get in position using our current software. If there is any competition on top of that at new development requirements, adoption on their part, and commit modules, that is additional work. So I think we can all look at what an entity that has and implemented CPOE, there are lots of studies that will take us there.

I would like to weigh in on that. With the expense to the company, you have to bifurcate into two areas. A product out and the other is how to kick it to the clients, two separate issues. And the timeframe that was mentioned by John is pretty typical [indiscernible] as well. So we have similar time frames as he quoted but it is important to bifurcate the two.

A relative to the expense, if you are improving our product, which you should be all the time, it is something you are doing anyway. Tell it is almost not an expense on acidification piece of it, it is minor compared to the product development which you are doing anyway. So that incentive for everybody to get that, the people that already have in our system but don’t have the latest version is the meaningful use piece. They want to be in on the meaningful use and the money associated with it.

I am interested in this question for the specialty vendors. I understand from your comments that the current certification process bills soared up over specifies in the sense that it includes records that are not relative to your specialties, and it also under specifies because it does not include things that are very relevant. I am wondering if the offer specification problem can be dealt with by ratcheting back the requirements to it. Course that of characteristics that are maybe applicable across a wide range, and in terms of under specification, can that be handled more in the medical use area brothers and certification?

I think the first proposal opinionated is the proposal CCHIT has proposed in the modular, and that is, rather than have the specialty folks who are advancing that technology and so many deep Ways and to their area of other than forcing them to come back and replicate the based enterprise, there could be a certain core, and we agree with that concept. As to the question that now whether the certification can acknowledge the advancements that the specialty firms, that clearly is not on the table today, the meaningful use definition a very wealthy. What concerns us, and I think John describes it as classic best of breed and enterprise approach, is prior to the recovery Act, and we were prepared to go head-to-head in the marketplace as a best of breed technology. But the client decides situation, to recovery Act creates that will change in the entire equilibrium, that ecosystem that is so threatening at least to the specialty species.

— John’s point about managing the development team to the various releases of the software. I would be interested in your comments on the certification process or the bar is raised every few years purses may be giving you the criteria of a way through 2015, is that a significant value to you in terms of planning, or is that of marginal value?

I actually think that is of great value to us to know where we are headed beyond the year. But one of the things that I think CCHIT has done well is there three your roadmap. Now without judging what is on it or in it, we have tended to look at doing our cap assessment on the two your ruling basis against that road map. Three years is hiing variability and greatly subject to change, but within the two year period, especially with their criteria definition settled, we have tended to lock in on the second draft. Once that is published and to public comment, as it. Meaningful point to go down to brass tacks about what it is that we need to do. If we wait long prison that, it is too late for our current development year and there is such a high degree of change CCHIT, honestly, we would have to hold our fire until we see the evolution of public comment way in, but that rortmack thing is very appreciated, because we are typically working with detail planning on a 1 to to your horizon and more objective level planning on 82 to 5 year. But that helps inform prioritization. And I like that most organizations would be it that way and they are not just looking inside what will get them through that element there.

I would like to echo Johns statement, and all of the information he would give us an advance is very helpful. “the market permission and the faster you get it to us is all very helpful.

One question, and Cerna ‘s presentation we had this concept of the test harness, which was interesting. Could you tell us more about that?

Yes, I believe that the current CCHIT process applies to test breaks for the vendors to use to test the software before the formal certification, and the idea was to simply extend that to the implementations, so our clients, the provider groups that are implementing systems could use those same test harnesses to certify that not only the software out of the box was capable of working, but the implemented version that they are actually running could also passed the test Parnis process. So it is the simple idea to extend it deeper into the delivery cycle.

Is it difficult to use these tests harnesses? Copay two prison medical group to this?

I think it certainly could be designed such that it would be trivial to use, it is probably not the case that it yesterday. It should not be any more complicated in an ideal world, and if you use sky, which is one of those pre Internet protocols, the voice over IP, which is what I used to communicate with my kids overseas. All he to install it and it plays a message back to you and you know it is working properly. For Interoperability testing, we ought to be able to achieve that after nearly down some specifications.

Whose responsibility it is it to develop these?

I would think [indiscernible] it could be NIST, although from what I heard this morning it is not likely to be them although they could help guide it to set one of those up.

I would offer the comment that in CCHIT, a delight at the test tool that they used to validate performance and Interoperability specifications, part of it was to render a few to the and the user — a view to the and the user, and I now know if that is specifically [indiscernible] to DR practice is implementing it to ensure that something they receive is workable, but those tools were developed for cert. And I don’t know that they’re useless limited to certification, but they were open sores and tended to be available prior to any certification. And think what we’re suggesting is passing passion open not availability up two anybody that has the appetite or desire to make use of them for there and the deployments. Now whether or not they are fit for a fairly basic level obscure or technical savvy out of bed and the user is a step beyond where they are today. But the development of those or part and parcel to the certification process because that was the means by which Interoperability was certified, so it may be a matter of taking it a step further to help validate use.

Well, I’d think we are ready for lunch.

What is a thank you for that vendor panel, I tell that some of you came great distances, from Laguna Beach and one case, and Kansas, and that could be even further away, but I wanted to say thank you to all of the vendors.

We will break for lunch until 1:15 p.m. Thank you very much.


(The HIT event is on lunch break until approximately 1:15 p.m. ET.)

For those community members that are on the phone, please remember to unmute your phones during the speaking presentation. — you and your opponent during the speaking presentation. — MUTE your phones during the speaking presentation. Thank-you.

Okay, Judy is telling me we have to get going, and we are a little bit behind time. So we would like to get going. Anyone that can sit down, go ahead and sit down and we will go ahead and get started.

And this afternoon we will talk about the users of systems and talk about CCHIT as well and I would like to introduce our panel that we have today to talk to us on 84 purchasers and some of the things we are looking at, and the challenges desertification might bring to them, and what desertification mean to you as users [indiscernible] within the organizations. And some around the processes. [indiscernible] as much of it discussions so if we could get through your material in 15 or so minutes each, that would be great. And we have Doctor Keith Michael, there representing practitioner at one end at a bought back [indiscernible] in Texas, where well-respected in that neck of the words, and we have Stephanie real.

And we look forward to hearing from each of you and I said, and we are done will get into some discussion.

Thank you very much, Mark. As Mark pointed out, I am one of the rare breeds, about 30 miles from rural Vermont, a 99 bed hospital. And I decided to lead a hospital employe practice in 1998, and when I left, I noticed that my group was very slow to adopt an electronic medical record that I recommended to them. I really felt strongly committed to having and EMR were better patient care, and I bought a very inexpensive software that is still in existence, and it costs about $1,000 to get a site license. I developed and NT client server system that probably cost me about $13,000. And in the last 11 years I have been using extensive use of the faxes and scanning. I was really emphasizing his ability and having records on hand and at using EMR for patient records and I would give patience is a list of their medications and problems and act on it was interesting instrumental in keeping in touch with my colleagues. And I have no transcription costs over the last 11 years. I really needed a system that had very — was very inexpensive, I had a very thin profit margins that I had to borrow to by this system. I had separate practice management and EMR systems over the years until I get the CCHIT system which I just have plummeted. I have had four different management practice systems. Along the way, I decided that a new EMR system would be good, and I spent about $7,000 to buy it but I never implemented it, because when I looked at it, the compelling features I saw in demonstration or just not that obvious when we were using it. Along the way I have been entering a number of positions Bolton so the practice and group practice at EMR. I have also been using group administration but e-mail patients and I did plain old e-mail about eight or nine years ago, and then I developed a hippa compliant web portal through a national bender about three years ago. I have been using electronic backed servers through a web based service in the last few years, and one of my consistent problems is, I have been unable to import lab data into my EMR over the last 11 years, necessitating a lot of manual data entry as I tried to maintain blab flow sheets, and there have been problems with baffles system. I have been pretty diligent about doing backups myself, I have and the doctor of chief information officer, I can tell you about the and ask and he H. CP and TCP IP conflicts and the system, and that is really not as quite as and lightning and enjoyable as being an internist, but it is a necessity. And even though now we have more networking support people, it is still necessary on short notice to spring into action as a techie.

I have been using a patient counseling and tracking program for doing and Clyde relation Management, sort of module system, and I have about 100 patients in my anti quite elation patient clinic and I have a questionnaire I can send people like e-mail or in the office and have them complete a pretty good medical history when they come in to see me. Unfortunately, it is a little difficult to use in practice, I would say maybe five or 10 percent of my patients is it. My office has been part of an experimental immunization registry, and that is a freestanding process that has an interface with my current EMR.

About four years ago, our area become part of a statewide chronic disease management program that is sponsored by the state government and Department of Health called the Vermont blueprint for health. It has been a paid for performance system that has involved using a separate Web based electronic registry, the way to incorporate data from my current EMR into that and a lot of duplicate data entry has been necessary for that.

Back in 2007, our hospital decided to find as grants EMR for primary care offices for the promulgation of the EHR systems. And I was in the task force that helped develop recommendations for that.

We have required that people that use this grant be part of a shared community health record system, and part of the precept was, physicians have 15 percent ownership of the EMR and that the grant covers 85 percent of that EMR. I don’t think I would have done a new EMR had I not had this grant, because it was a substantial amount of money.

(CAPTIONERS TRANSITIONING). Part of the requirement is this system be able to interface with state agencies, the mountainization registry, the blueprint, role RIO technology officer, I received a grant of $40,000, paid 15% of that, and the cost — any of the hardware costs, networking costs, I had to assume. We completed an extensive interviewing tool, readiness assessments, toured by the regional — the cost of the implementation for about two years, we are a little over a year into it right now.

There has been a very long transition. We looked four or five months at different vendors, trained last summer in the practice management component of our vendor, we went live with the practice management side in 2008. We began training on the EMR part last November, and again, just went live last week. It’s what we have found in doing this, and this is very important for doctors in small groups, implementing this, even though CCHIT standards call for a two-way system, exchange doesn’t happen unless you have parties willing to negotiate with your vendors, and your value-added retailers, they are going to build custom portals. We found out in order to develop interfaces, be they lab portals — you have to pay a couple thousand, $3000 along the way, it’s not clear, despite having RIOs, who exactly is going to pay that, and it may take quite a while.

For example, right now my web portal is not able toy directly interchange data. I use a lot of copy-and-paste to, to it into electronic record. The vendor who promised electronic prescribing isn’t really certified right now to get E-prescribing bonuses for people who have their module.

What has been nice, though, I can integrate practice management, scheduling and EMR, there’s big improvement in usability. I think it has a very robust database, which is really important. Part of the C HIT requirements are electronic order registry, primary care office, very challenging when you have 10 or 15-minute visits with complicated internal medicine patients. I counted in one case 20 different mouse clicks to see a diabetic last week, tell my laboratory staff what labs to order, set up a future visit, including what labs to order and what kind of x-rays were needed to be done. It’s really not clear to me yet, although I am a new user, exactly how the information is going to exchange, how I am going to be using clinical pathways that the vendor uses to take care of my patients. It’s a challenging job, and I am concerned at the loss of productivity I will be facing, probably for the N six months, even though the vendor talks about a registry feature that allows me to get PQRI assessments. In talking to the vendor, it really doesn’t exist. They are CMF certified as being able to provide data in a registry format, but there’s no off the shelf product doctors in a small practice can use.

What I have found is most physicians right now who don’t have a strong preexisting commitment to EMR are going to have trouble implementing without a strong member, super user in their practice to do this. We have to really work hard on pinning down people and at who is going to cover people, interchange. I am very concerned about implementation of software on a broad scale without some sort of incentive dollars out front. I mean, 2011, when you are a small practice looking some type of repayment is kind of a nebulous promise. Many practics are going to require loans from — or help to adopt this.

I am concerned as I listen to testimony about the need to set the bar high, but I also see a need to rewards early adopters, those who have been on the leading edge of technology need something to keep us going. Right now there are major concerns about the future of primary care, about lack of man power. Many of my colleagues are concerned about EMRs being one of the factors, if overly promoted and underfunded, will push primary care to the brink. That’s, those are my remarks.

Thank you, first of all, for inviting me to come join you and share thoughts about certification and EHR adoption in rural community hospitals. By way of level setting, [indiscernible] healthcare system, we are a non-federal, not for profit health system. By the numbers we look to have a pretty decent critical mass, 17 hospitals, just over 1200 staffed beds, 75 to 80 out-patient locations and a huge trauma program. We employ about 150 physicians, mostly in the primary care space. More importantly, we have a very strong commitment to our 750 independent medical staff members who comprise, and — we have a fair amount of critical mass.

Over the years, we have been focused primarily on the delivery of care to patients in the community they live. It’s important to us, the CEO and boards believe people get better quickly when they get care in the community where they have family, support systems, and [indiscernible] dropping quickly from the 20-and 30-bed rural hospitals, would have a difficult time on their own. In fact a number of years ago, as identified as one of the fastest growing health systems, one of the key drivers to growth, ly related to hospitals was IT, providers couldn’t afford to do it on their own, take on those types of investments. Interestingly enough, the then and still poor state of IT interoperability dictated a strategy for us that’s been very slow and expensive. As hospitals joined the system, we had to throw out what they had, start over, couldn’t make what they had work with us. To do referral network, moving patients back and forth, couldn’t make that patient-focused, patient data focused view work. We had to take this slow, expensive approach to IT strategy.

While we are organized as integrated delivery network, under the covers we are still a collection of rural community providers, with all the challenges. A quick minute on that, the hospitals are often the largest employer, vitally employer to the economic, some of the highest paid employees in the markets we serve, relatively long tenures with us, very stable workforce. But we are vital to the success of those communities as a key economic driver. We also serve an interesting patient population, largely static, high incidence of chronic disease, relatively low levels of healthcare literacy, not stellar lifestyle choice ins some cases. A lot of asthma, chronic heart disease, borne of a lot of chicken fried stake. It’s an issue we see. Because they are chronic, we see patients moving in and out of referral centers, frequent, constant, and the continuity of care ff us is vital, is critical. To all the referral centers around us. Physicians that work with us on medical staff there, have more established practices, been in the community a long time, and very, very loyal to the organization and to the local communities. Some more change resistant than others, doing things the same way a long time.

We talk all the time that employees wear multiple hats. I tell the story, not kidding, it is the truth. The same employee will be the business office manager, IT director, admissions, admitting patients on any given day. I tell the story of one hospital administrator, in Trinity, Texas, 25 beds. In the summer, his only admitter goes on a well-deserved vacation, no in-patients in the hospital, cancels his lawn care contract and he and his son are out there mowing the grass because that $1000 a month is material. The leadership focus, capital, is relentless, it is a constant battle to stay afloat, literally. As I said, growth of system driven by the fact we had capital to help.

A couple things about IT in rural community hospitals, they have been the slowest to adopt and will continue to be because of the challenges I just said. Primarily the availability of resources to help them get it in, people, capital, it is a particularly challenging environment. Many of the vendors serving that market aren’t currently certified, equally more challenging. One of my biggest concerns is the potential for unintended constituency consequences. As vendors scramble to update products, meet newer, changing certification cycles, might that result in more frequent release cycles, furthering the churn in hospitals already resource strapped. That’s a concern.

My other big one, now that money is tied to demonstration of meaningful use, I am very concerned about inadvertent focus on features and function, unfortunate bi-product at end of a state of objectives, a real consequence that could be unintended. Rushing is the other thing. I am not the first CIO who has, after months of frustration after a project that went on forever, drew a line on the sand and said this is going live on such a date, always bad news. In the rush there are usually reasons systems are slow to go in.

Ownership by the — whatever, always reasons systems take a while to put in. When you blast through those, whatever the motive is, there’s usually pretty ugly consequences. The truth is, technologies suggested under AARA, the benefits might be most readily realized, always struggling to do less, efficiency is a vital enabler for them to be successful in the future. It’s an interesting dichotomy between the challenges in front of us, small community providers and the benefits they can afford.

As I think about purchasing EHRs, what are things I think about? 15 years being a CIO in a group of small hospitals, I am nothing if not pragmatic. Cost, that’s the easy one, but complexity in terms of scalability is huge. All of our eyes are bigger than our bellies. We look at demonstrations of vendor products, feature, function, we glaze over with the opportunities, possibilities, they are extraordinary. Our ability to operationalize some of that is far less than the opportunity would offer. In that disparity comes this day after cognitive dissonance. It’s because some of the systems are too complex for the benefit they could drive to your organization, to be worth that type of money, and resource intensity, scalability is huge for us. Usability is huge, and when I say that, I don’t mean not reinventing the wheel, having prebuilt is important, but we have seen systems go into similar environments and be successful in some, not successful in others. I will give an example on one of our ambulatory deployments of EHR, installed now in probably 60 of our 150, maybe 70 of primary care physicians. From the outside, similar practices, number of physicians, patient population, same technology, templates, implementation methodology, wildly different success factors. One group of docs loves it, embrace the full suite of products, features, functions. Just down the road, physicians are miserable, office staff is miserable, it is intangible, in leadership, focus, in the motivation of the clinic managers, nurses. It’s in so many things that had nothing to do with the product or even its usability if you are able to define something we can certify against. It is very difficult to quantify in any objective measure how you achieve success in that regards.

Frankly, and it’s come up, the fellow fell sirenner made this point. Achieving success, the [indiscernible] that just came out, said 59% of hospitals they surveyed even started down the CPOE path. Whether or not CPOE, hospitals have correlated function, core of functionality we don’t want to throw out. I am very concerned as to the state of the certification standards that will allow us to leverage that technology without having to spend a lot of money replacing and starting all over again. We don’t have the time or money to start over again. Interoperability is fundamentally vital or we will have to start over again. Not just the custom interfaces we talk about. They are extensive, fragile, have to be tested to Nth degrees, every vendor, highly unusable in the community hospital arena.

Frankly, until recently, the past few months, certification hasn’t been that big a consideration. Not that it didn’t have value, it most certainly did, but largely had value in vendor accountability, like RFPs did for us in the day. We would be sure to contractually bind our vendor partners to certain deliverabilities and certification helps in that regard. Hasn’t been a major determination as to whether or not a certain system would be selected, largely so focused on fit, implement ability, adoptability, raughty than feature and function. Those are tough.

So U by my relatively simple way of looking at it, while I see certification as an objective measure of functional requirements, I recognize it will leverage powerful market forces on vendors, based on compliance, a number of mine are currently adding things they probably wouldn’t otherwise do if it weren’t for CCHIT, drives consistency standard, however, meaningful use is all about adoption, almost entirely qualitative measure, and that is dependent on things hard to certify, hard to achieve regardless of certification strategy, the ambulatory system that worked so well in one practice and so poorly in the one down the street. It’s the standard in my opinion that drives meaningful use, significant change, not certification. That’s an underpinning that’s important. My biggest concern is not letting the tail wag the dog. The dog is meaningful use, caring for patients, intelligent use of data and evidence-based medicine. The challenges, and what keeps me up at night, frankly, will the vendors’ focus on — over time I believe market factors will deal with poorly configured — but hospitals can’t afford the wrong choice. Before the market comes to bear on poorly architected solutions hospitals could spend a lot of time and money on poor choices. Timing concerns me immensely. Some of my largest vendors don’t intend to bring to release certified products until mid-2010. It’s going to be pretty difficult for us to implement those products and demonstrate meaningful use muse if we are already using — timing concerns me greatly. I support the notion of modularization of a certification process. At the end of the day the patient has to be the center of our universe. As they move within our enterprise, across the enterprises that represent the continuum of healthcare, will it do it at all? I am not so sure I have any real confidence at this point that it will. Ultimately my question is will it drive meaningful use or does it drive a baseline for functionality that offer assurances, but have little to do with meaningful use at this point.

On the other hand, clearly focusing, this has come up a number of times, and focusing certification requirements in line with ARRA incentive payments can be vital. Clear requirements for true interoperability. So, to the example I heard someone use earlier today, last year I had to make the otherwise crazy decision to throw out one very expensive CCHIT hospital system because it couldn’t move data to another credit check hospital system. It wasn’t about will, those vendors tried like crazy, 15 months, major players in the market, and both very dear partners of mine. They work their tails off, it was about the architecture. A way to move that was sustainable, robust, safe. This interoperability thing is, to me, the single most important thing we can talk about. Again, timelines, they don’t interfere, certification timelines don’t interfere with the provider’s ability to achieve meanerringful use. As we develop time lines for vendor compliance, then the providers have enough time to implements and move into production. That same survey suggested for hospitals that know, implementing CPO oh, a minimum of three years are required, for those already in the middle of doing it. That’s from the moment they start. Assuming the systems are certified, installed, and implementation cycle ready to begin. I think that’s probably aggressive, too. I do. Remember, community hospitals, dealing with independent physicians, incentives, while generally aligned, aren’t the same.

We have to work, do a lot of consensus building and a lot of time in the consensus building toward the adoption of technology like this, which is disruptive, and interferes with current practice cycles. We all agree it’s for the betterment of care, but it’s painful in the journey. The last thought I will leave you with, certified systems can — the possibility of success, real success is truly about the intangibles, and those are very difficult, impossible to certify. Thank you.

Thank you. Stephanie

First, I guess I would like to say thanks to all of you, not just for inviting us, but for the work you are doing, it’s terribly important. Thank you very much.

We are big, complicated, took us more than three years to get in CP, oh. I am very proud to be in Hopkins, but every night I drive home, I have been beat up by the best of the best. Makes it worth it at the end of the day. Fun place to be, a lot of challenges and opportunities.

One thing that, as we think about certification I guess the worry I have for us and for you is that we need to make sure we know what we are certifying, and it seems to me, no matter, you get off an airplane you hear the same challenges, issues. We are from different places, but dealing with the same challenges. I guess the important message hopefully, throughout the brief presentation, it’s more than technology, what we are really about, our mission, what makes us who we are, I think, keeps us honest, it’s more than health IT. It’s how we interact, make decisions, exploit the amazing talent of our care team, involve patients in the decisions as well. I hope we remember the reason we chose this profession is because we care about the people who are being served by our health centers and systems.

I think meaningful use is a critical and important component, it involves all the things we do, the people with whom we interact to contribute to this lifecycle, and I hope we can remember to keep that in mind as we go through this, not just about the technology. One thing we learned on our journey, comes as no surprise, but takes program clinician leadership to manage the change process we need to embrace. Dr. Michael talked to you about how his practice is affected by our decisions. Paula’s hospitals as well. As we have a high degree of autonomy, collaboration, some consolidation to achieve what we are hoping to achieve, in fact until these systems are accepted, and later I will use the term infused into the culture, I don’t think we get the benefit at all. How you determine your mechanism for certifying for that will be a challenge.

We have engaged our physicians in ways that have been incredibly meaningful to me and us, we have been able to embed clinical decision support because of the good work of our faculty. I would say to a lesser degree because of the good work of our vendor, although clearly that vendor and partner relationship that we do have has been critical to whatever success we have achieved. Again, remembering that this is about the patient and the patient’s family, the way we manage the delivery of care is what matters.

As I think about the work we have done and the work you must do, how we measure whether or not we are making a difference, it really strikes me that we’ve missed something along the way about measuring what matters. I say that to my staff all the time, that back in the day we would measure how many minutes of downtime a system had in a month, or how many hits on a particular site, how fast the network was. But really, none of that matters so much. What matters is if we have a surgical site infection, a patient given a medication with which they had an allergy. If we aren’t measuring patient outcomes we are missing the point. To figure out how we figure out what we measure and continue to measure the impact of these information systems.

In conversations with my staff any our financial systems, I say please don’t tell me how many days we were up or if the system can improve that, the challenge ahead for clinical collision support, comparative decision support. It isn’t what we have, it’s what we do with what we have that matters so much.

All that having been said, your work is important, and the work of the certification organization is important. It will, we hope, stabilize the industry a bit, begin to help us understand how standards adoption can make a difference in interoperability. What Paula describes is true for all of us, two CCHIT systems don’t necessarily talk to each other, or at least not inexpensively. Can we make it happen, undoubtedly, at some cost. I would be embarrassed to tell you what we have spent to enable interoperability at Johnson interoperate Johns Hopkins.

I think certification can help us focus. My concern is it my help us focus on things that will not promote the out comes we are all hoping to achieve, if our vendors are distracted, maybe it’s not a fair word. If they are distracted by certification, unable to innovate, we haven’t done a service to our patients and their families. Physicians run the risk of acquiring a system that cannot meet their expectations, but at this moment that doesn’t seem to be helping us realize that. With some clarity, I know you are hoping and soon to provide, I know this will get better.

It also might level the playing field a bit. We may weed out some of the vendors who really aren’t able to meet the needs of an evolving healthcare system, particularly in the light of reform and may raise the bar. We will have to see if we can do that fairly in the environment in which we work.

There are some risks, though, and I think we all have to recognize that certification could unfortunately introduce some further building on top of mediocrity, our industry is immature, the products are not yet what they should be. But if our vendors are so concerned of meeting the needs of a certification body, dedicated resources to certification rather than innovation, I think we have not done a service to patients and families, or providers either. I worry that things like usability, interoperatessability will become secondary to the concept of function and feature. That is a genuine worry.

I also don’t want vendors to become completely risk-avoiding. This is an amazing country, and the reason we are such an amazing country, because we are willing to take risks, innovate. If we do such a job with certification that we eliminate that risk taking or innovation, because vendors can afford it, we will have done a great disservice, for many of them it’s any financial performance and how they play to the street. We need to be, I think, especially cautious about our use of scarce resources. It may also create barriers to entry in that — at the end of the day the market will prevail, but there will be a short-term cost that could be incredibly unfortunate if we are not careful.

We can’t afford to do it twice. Many institutions in our case are getting by on small margins. Places like Johns Hopkins are blessed in multiple ways, but we can’t afford to use scarce capital in ways that are unwise either.

I do hope we are careful. My humble advice to you who probably know much more about this than I do, be sure we don’t get caught up in these grand scale measures of certification, but that we focus on making incremental progress. Let’s focus on the basics at first. I think our vendors will differentiate themselves based on usability, quality, and the added committedment they make to the market, but I hope we don’t get so caught up in certification that we lose sight of why we are really here.

I think we also need to figure out a way to ensure that technology is infused into our environment. It’s more than adoption. It’s really changing the way we deliver care, based on the use of information technology. It’s workforce development, as opposed to training, how technology improves the experience for both the care provider and for the patient at the sharp end of things.

As you heard many speakers say already today, let’s measure performance, outcome, leverage the best practices that are in this wonderful country we all love and make sure we are using the best practices elsewhere, and sharing them collaboratively. I think there must be some way you can help us do that by building a system that allows for sharing and learning and leveraging of best practices with the use of information technology. We do it ourselves within the vendor supplied solutions we have, and I think more of that will only serve us better.

I think our colleagues from NIST did a terrific job this morning explaining their role, and they have an important role to play in certification. One area where I think they could make a huge difference is in the area of privacy and security. We know we need their help. In this particular area I ask you to be sensitive to the fact that those of us who do research as part of our responsibilities, worry a great deal about limiting access to information in meaningful ways that could promote science in this country, which is another thing that makes us very special.

Just a few more recommendations. I hope we focus on interoperability. I thought Dr. Stead’s comments were terrific this morning. It’s about data, data sharing, and many of you already agree. But ensuring data becomes reusable, data fluidity is the term used, I think, to free the data. We need a way to make sure we all have access to it. A lesson we have learned, it isn’t so were the functionality you get, but the flexibility that comes with functionality to be innovative, creative in what we do going forward. Keep your work open, welcome, encourage dissent. I think it’s important to hear from folks that may not agree with everything you have to say.

In summary, I think it’s important to remember it isn’t about what you have, it’s about what you do with what you have. So help us understand ways we can prove it to you, or to CMS, that we are in fact using what we have incredibly well.

Start with some of the basics, let’s get problems, allergies, immunizations shareable. If we can achieve that we will make a huge difference for patients and their families.

Usability matters, let’s look at tools we have, and some of the other industries, ensure that in domains like ours, where life and death really do matter, let’s make sure we have tools that are useable. Maybe basically let’s create a channel where we can begin to share information, like building a real road, airports, let the market step up and do what it needs to do.

I am reminded of something Arthur Ash seeds many years ago, suggestion was to achieve grateness, start where you are, use what you have and do what you can, that’s a responsibility we all have.

It’s absolutely a pleasure to be able to be here, an honor to serve in any way I can. Thank you very much, I know we are all happy to answer questions interest participate in the discussion.

Stephanie, Paula, Dr. Michael, thank you very much, terrific comments and we appreciate you taking your time to share some of this with us.

We do want to go to questions. I think, thematically I heard, but I will ask the question. Assuming meaningful use will be defined here in the near future, and the standards are then defined to support that so we can get to some level of clarity, certification would become an assurance that meaningful use could be met — or certification could be that. If certification were an assurance that meaningful use could be met with the systems you purchased or deployed, or infused, is certification of value?

It is. If it’s narrowly defined. We heard more comments. Defined along those meaningful use objectives, I think it is. One caution, I have seen a lot of printed claims about the certification status of various products. I don’t know if there’s any governance regarding future certified or specificity regarding certification representation in writing or verbally. I suggest that if it’s to be of value regarding achievement of meaningful use there has to be pretty tight rules about how products are referenced as being certified, to what standard, what portion of the products.

Other thoughts?

I think it’s critically important the vendor of the software tell the purchaser, okay, we’re CCHIT certified. Out of the box you will be able to use it, or you are going to have to spend a certain amount to make it operable that way. I use the analogy of PQRI and registry functions. That’s an important incentive, as is e-prescribing. We need to know as we make a purchase what the data interchange will cost us. A lot of us in practice were not used to looking at software specifications. We often find out the hard way, look a lot at how systems are working, functioning, but that certification, it’s imperative the certification process also certify to the purchaser what the implementation costs are going to be. It’s incredibly important thing to have, I am glad I went with CCHIT certified software vendor, it’s just the number of gotchas out there is pretty incredible for a small practice that’s invested 30,000 plus in just the software side of the thing.

If it makes you feel better, it’s tough for the big guys too.

I am reminded a little of the Joint Commission when they come visit every three years. They don’t much care what we have. They really do care a great deal about what we do with what we have, how we share information, how we ensure that every tidbit of detail is managed along the continuum of care. I think there’s value in certification, so long as we understand what it means. What it doesn’t mean. There is a role beyond certification, if we are going to be making investments in technology, organization like the Joint Commission will come in, take a look at how we are using tools. Understanding where the boundary is between the acquisition of a certified system, and the deployment of a useable solution. Questions? Steve?

Thank you very much for your presentation. The last panel, Joe floated the notification of a two-tier, narrow, meaningful use, or more market based, functions — from a purchaser perspective, what would having two different certifications mean?

From our perspective, we would do our own due diligence on the second level you describe. The first is consistent with what I was lobbying for a bit, to say there needs to be some fundamental, could be benefit from some level of fundamental certification at the federal level saying these systems meet the objective. As Mark said, it’s tough for the big guys to know what’s embedded in the application. The second level, voluntary part has value, undoubtedly. Those who can afford to do it will do a degree of due diligence on our own as well.

I agree, for independent hospitals or physician practices, that second level might be a differentiator among those serving the markets. I agree, but I think for me and most of my colleagues that first one is the one most interested in, and I believe appropriate, given the focus of what the stimulus package is aiming us toward.

The driving core functionality is imperative. I don’t make a statement on the optional, it’s too nebulous for me to get my hands around.

Charles Kennedy. Thank you for coming and sharing expertise exper with us. My question is for Paula, you talked about two certifications, not a function of vendor cooperation, but technical. Can you expand on that a little bit. The second question, we heard Dr. Stead talk about the notion of liquidity, separating data from apps from decision support. Is that valuable in that particular challenge?

I heard him say that, such a great term, I will take it back, credit him. It would have resolved the issues. This issue, two major players in the hospital vendor market, top tier vendors and top tier CCHIT certified products, but at the end of the day we couldn’t move, particularly meds related data, the core of what we need to move between systems and relates to patient safety. We couldn’t move those data between those systems in a way that was sustainable.

Let me be clear. We could have, if we had spent another area and built an unbelievably hairy interface. It would have been horrific and expensive to — and frankly, dangerous. In that complexity is a built-in fragility. I wasn’t going to take the risk with my patient’s med-related data, for an interoperability concern. Architect, stored in the systems, in a way to move between the two products effectively.

The other thing I would say — we talked quite a bit about interoperability, exchanges between providers. My circumstance was one provider, the challenge — between providers, still within the four walls of an individual hospital.

A follow-up, say the comments you made about interoperability were all fascinating. Saying you couldn’t even get laboratory data, what’s the solution? Says in the PowerPoint slides we needs to do more, but can you be more specific? What do we need to do to fix this thing?

Well, I will start quickly and let my colleagues take over. Again, data standards, standards are at the core of most of this. They truly are. Certification not withstanding, the standards by which data are shared, managed, stored, and identified. The Mechanisms by which patients are identified. We are out of thin air — far more important than certification. Certification has a very distinct role in the relatively narrow sub-set of the meaningful use definitions. I just — my fear is certification will become the tail wagging the dog, become more important than the underlying standards, which are really what are driving the problems. I would hate to see that happen. A focus on the raw standards by which data are stored, identified, and managed, is crucial to me. That drives interoperability. The patient process, I would love to see, true interoperability tested, demonstrable.

To understand what you said, data standards, not talking about data exchange standards, but the standards about the data itself?


The laboratory results should look like — is that —

Both. Really, ultimately about the movement of data, whatever needs to be done at the core level of structure needs to be identified as well. One reason, I share the same frustration as Dr. Michael, the ambulatory — you can pull reference data and hospital lab data, but we have a host of physician practices with individual machines in practice, don’t want to put whole laboratory information systems in place, no way to directly get those easily, no way to do it. Go into a lab system, a lot of overhead and expense for four machines in a two-person practice. As an example of where, same thing coming from other clinical modalities, patient monitors, other things, where the mechanism by which data are grabbed, identified, put into EHRs, populating EHRs is largely undefined.

I would like to see it demonstrated that these are road-tested interoperability standards. They can go into an area, for example, with a data interchange. Vermont information technology is a data repository for about four different hospital laboratory systems right now. I need to have these organization come back and say we can take these data, populate your EMR on a very low-cost basis, without reinventing the wheel each and every time. I don’t know if that’s part of the mandate of CCHIT, but when I look at the big picture as to has 2 it all been worth it.

In the prior discussion, one of the panelists suggested there be some sort of test harness that users could use to find out if their system works. Is that of value to you?

Very definitely.

The question isn’t whether small groups can use it, but solo practitioners have more practical experience than most of us —

It’s easier to buy an equation, only convince one person.

Steve — Stephanie, you made a statement that was fascinating, flexibility is probably more important than functionality. Can you spin that out a little, explain what you mean, and in my mind jumping ahead to how you measure that, identify it or certify it. Really try to get more detail on that.

Not so sure it’s certifiable, although some of us will feel certifiable when we finish. I think it’s perhaps consistent with what Bill said this morning, that science is driverring the way we deliver care, for example diabetes used this morning, not two diseases, but four, or 24, and understanding the use of data.

What I feel almost every day is that our systems are certainly capability of providing good functionality, but the science is driving us to think differently about the way care is delivered. Using example of more empowered patient, perhaps, the ability of a patient to contribute to a clinical repository is compelling, something I would like us to be more thoughtful about. I am sorry Dr. Hayman is not here, the great work he did was an example of empowering the patient through the use of a personal health record. I think our systems needs to be able to react, respond to those changes in a way not previously expected to do. Referring physicians may be another example. I would like for not just the attending physician to be instrumental in the use of tron health record, but the referring physician from the community the patient came, the family, to all participate in the aggregation of meaningful data, and in some cases the interpretation, verification of that data. The system, ones we deployed don’t seem to yet be able to respond. That missing elements of the empowered patient seem to be missing. That’s just one example. We talk about ingesting data from labs, values are different or analyzers have different criteria. I think having systems that can react to those changes is important.

When I look at the Lance Armstrong Foundation, the great the oncologists are doing, being able to measure impact, the interventions, systems are not able to do it, at least not with the rapidity we need. We are up against some challenges that together we can solve if we take our time, focus on getting there. It’s a job.

Thank you, I will follow-up. I heard in part there’s the notion of the applications being separate, flexible, but I heard flexibility in the data model itself, ability to incorporate different data types that may not [indiscernible]

Correct. The architecture becomes the significant challenge with existing systems at least. They aren’t sufficient malyabl Maliable. The applications need to be flexible. If I might, I would say some of this could be funded more readily if we could also focus, not the purpose of this committee today, but focus on administrative — get that out of the way to focus on the things that do matter. That’s key to the way we are thinking about this.


Yes, quick question, colleagues. The comments, couple of questions on the core meaningful use oriented certification which is pretty much “yes” or “no.” Also linked to the payment, notion of optional or on top of — features unrelated to me, do your own due diligence, but to assessment of — realizing the hard numbers, evaluation might be rough. You could come up with principles, things to look for, which are j. judgmental, would that — doesn’t preclude numbers. Would that assessment or judgment be useful? Different from feature/function under meaningful use?

When you look at the class ratings as an example, there are always those data that are somewhat binary. There’s also a qualitative evaluation, insight as to product, market, I am not lobby for any particular — to say the system does or does not do the following, and in addition to that, some qualitative comments that the same certification groups could contribute that would be informative. How you do that without being pejorative I am not sure, but if there’s a way to be qualitative and objective at the same time I think there would be value. As a purchaser I would want to know what the certification group thinks about the flexibility, Mali ability components.

I agree. If it’s something that can be identified, measured by a certification body, that would be very interesting, to have the second tier be more qualitative, focused, about data structure, architecture, usability.

One thing I heard you talk about is problem of having a system in place, doesn’t meet the needs of another system, or system not quite right, didn’t install, few years later bought a new system, did install. Given core issues around data interoperability, what are your thoughts on we create this certification criteria, we can get great in-the-lab testing saying they can share information back and forth. Then we turn to you, providers, say it’s been done do it, you say haunt, I have an existing installed base. How are you thinking about addressing that?

We were hoping you would address that.


Excellent question. One of the speakers earlier today made the comment the same product deployed three or four places will have three or four entirely different outs comes, we have seen it among the people at this table. It’s a significant challenge. I don’t know. When you think about the RIO world, creation of extension centers mentioned in the high tech act. It’s an example of having some level of expertise that can ensure deployment is possible, but we are an immature industry, working in institutions that are dramatically different in the way they tackle these problems. I am I not sure.

On behalf of the 3000 not for profit hospitals, this is the biggest concern they have, how to get from where they are to how to get to meaningful use without spending an incredible amount of money and still have the risk on the interoperability level. It’s the single biggest concern.

For me it was imperative to get out from doing a quilt, patch work of different free independent softwares, looking more toward data integration. I am already doing chronic disease management database, involving a lot of extra steps for me and my staff. It was worth it for me to convert an entire EMR for one, manually key into another, just to have a common platform, database, one vendor, tightly integrated practice management schedule, clinical clin alert system. I think that having that common function in one desktop to look at in primary care is essentially —

We pretty much managed to the time we had, I want to thank you all for being here, the great insight you brought to us. It’s clear certification isn’t going to guarantee success. But hopefully with what we are putting together, certification had help provide the value we need. Thank you to our panelists.

[Applause ]

We will move on to talk about —

Can you, mark —

Good afternoon, everyone we have a very press tiges panel. From CCHIT, the chair 3457B of the certification commit eye, Mark Leavitt. Bryan Klepper, healthcare analyst, to provide evaluation of strengths interest weaknesses of CCHIT. John Halamka, runs, the chair of HITSP, and Steven Waldron. Mark?

Thank you very much. Let’s see if my slides are up. Great. Let me begin by offering my utmost ut congratulations. You have been given four days to do what I have been trying to do in four years. You have my ultimate sympathy. I would like to share where we are at. We haven’t solved all the problems, but have made a lot of progress. We hope you will be able to leverage that.

To give you a quick overview for those not familiar with us. We are four years old, we were created as part of the strategic plan the first national coordinator created, David Baylor. And we are now a non-profit 501 C 3, to accelerate the adoption of health IT. The strengths of what we have done, and we will talk about the challenges in a moment. We actually, you are talking about it, but we have been doing it, for four years, developing criteria, basing them on standards. Every interoperability standard we can get our hand on we attempt to use. In many cases there is not one, but we drive [indiscernible] have a broad volume of stakeholders in the volunteers, and a development based process, such as NIST described earlier and come up with criteria. We have had very strong engagement, on a volunteer basis, the participants almost doubled in the past years. I will fly back Chicago, over 260 volunteers, we get twice as many apply as we can fit. There’s huge engagement. You don’t have to worry they are apathetic. They care very passionately.

Very few people know, vendors know, but everyone else doesn’t. Our inspection process, firewalled off from the criteria development process, per formed by staff not allowed to have conflicts of interest with any vendor, even owning stock in vendors, demonstrated scalability, 45 apply in one month, got then through, handle the ups and downs of volume, never had the fairness of that question we used multiple — three juror panels, robust appeals process, retest process, been certifying for the past four years.

If — one question I get, what’s been the real impact of certification. Ron Reagan asked if you are better off three years ago than now — the progress, the bill, EHR technology is in there, and the words certified before it, no other examples of certified EHR technology, we believe we added something to deliver on goals wanted. If you want to look at other factors besides Congress, the largest physician organization have endorsed the work, the American Academy of family physicians, American Heart Association association, American Association, even the AMA. They grumble when — have come onboard, usually the first year, all the areas we certified, we get half in the first year, and by the second 75%. 80% of the marketplace has become certified. Defining as we will in a moment and how that needs to change.

change. That the certification might driveway out innovation, the facts don’t support it. 25% — last year 39% of the companies that came for certification were new.

Perhaps paradoxically, certification has created a level playing field, they can compete with the big boys. The competence of payers, purchasers, recognized for purposes of the Stark safe harbor, health programs for EHRs, many require certification by CCHIT, practice discounts for having EHRs, and bridges to excellence use CCHIT certification.

But, [indiscernible] changed everything. Before, certification was pretty much voluntary, you could come for the extra mark of approval. Rely on it if you need to, didn’t effect payment. With ARA, everyone with Medicare, Medicaid practices wants the incentive. That is one of the biggest drivers of change.

Before we were only attempting to serve provider and hospitals who wanted extra assurance when investing in a new comprehensive EHR. That’s different now. Medicare, Medicaid providers at all stages of EHR adoption. Some have invested in pieces, modules, incremental steps, and they all the want to participate in AHR and — special attention to innovation, small practices that are capable of building stuff, assembling stuff themselves but are still struggling. The goal is to go beyond functionality, interoperability — we can’t ensure the practice or hospital is a champion site, we can make sure the software won’t be what holding them back.

Let’s make that clear. We are not certifying the implementation, HHS rewards through the evidence of meaningful use. We are operating at the technology level. Saying this technology, for the sake of provider, can do what you want, not some fraudulent thing somebody through together to get the meaningful use money.

As soon as the bill passed it became clear we needed a change, developed over the past month, presented in a series of town calls and other venues. We had a one-lane road, now we want a three-lane highway. Three paths to certification. EHR C, comhencive; modular, interest technology in place at a site or doctor’s office or hospital, that’s EHR S. All three qualify for ARA. The requirements are different. EHR-C looks like current program but because of separate integrity out from the basic program, M, we can step up as many here have suggested, measure, rate usability. We will require more than just the minimum. We will verify actual use at multiple sites in the types of ways required for meaningful use. We can make that deliver, rigorous certification, not everyone has to go that way.

Vendors that can deliver that want to different themselves. EHR-M is not just for modules, but module certification, just the federal standards, it’s flexible. You can bring to us any prescribing system, registry system, patient engagement, physician/patient communication system, get verification for those meaningful use objectives, and we will specify which this system supports.

Providers that want to integrate from multiple sources, don’t want to throw out what they have, can avail threms of those products.

If the site wants to develop themselves, we will offer site certification. Because we won’t need to support as a commercial certification that’s protecting others, it can be very light weight, low cost, I will give you parameters here. The C program is like current, but more robust, will rate usability, require more live-site verification, interoperability testing, costing what it does now, 50 to 30,000 dollars. You need inspectors, need to maintain testing framework. These figures assume no federal support. Just being self-sustaining. The federal government decides this is an appropriate function to support it, the cost can be much lower.

The M system would involve a demonstration, inspection of documentation, as well as technical interoperability testing, but going module by module, making sure it’s capable of supporting meaningful use. The lite version people are talking about, low as $5000, as much as 30, depending how many modules are being certified at once.

In the HIE domain, we think it would be appropriate in this domain, if the system is supplied to federally qualified clin igs, serving under served populations, to decrease the cost of certification, make sure it doesn’t raise the price of products.

The site, doctor’s office, small, large hospital, doesn’t have to be a single physical site, any system using the same — the road way for the next Thomas Edison, inventing EHR in their clinic, garage, not prevented for doing that, we can certify, whatever, if it’s on an iPhone, something we haven’t the seen before, they will have a route to certification, and will want to roll it out to others, get other types of certification. We can do this at low cost because we developed virtual inspection methodology, we have jurors watching demonstration by web conference, the tool is self-service until it’s time to do the test, we witness it. We can take the cost lower because we won’t have to have the juror online. You can capture, get the cost down, review offline, makes it very cost effective, fraction of a percent of the insensitives they would be receiving for clinic.

Certified products can go any way they want. We think they will want C, existing criteria EHRs can fit in — don’t do everything in a comprehensive system, small Avs, light weight, the route a. HIEs, this is interesting, may start delivering EHR and PH R functionality. The M program lets them do that, get certified. Unconventional source, it can fit in the program.

We are making one other change to accommodate open-source better, doing version lock-down, certify a version, then verify its use, vendor has to notify of change. If there’s a major change we have to re-test, vendors aren’t taking functionality identity. We believe we can allow future versions to inherit the certification, that removes a major objection of open-sources, the product depends on the fact it’s being developed, changed, strawnchest critsics, CMS program, turned around, think this can solve the problem, interested in details. You will hear from Ed billings, let me finish up with a couple of things. I want to emphasize, we are not certifying meaningful use, worried, how you do it, we are not doing that. We are certifying the technology. HHS is requiring meaningful use, send something to HHS, intermediary, report file to qualify, not going through us. We will given vendors a code, when certified, give the M vendors codes, and sites codes when they submit application and that proves they have a certified product.

When we announce this new concept we had two town halls, had about 400 on each call. We were able to use real-time polling technology. Those colors don’t show up very well. 20% are very favorable, 51% are, 21% neutral, unfavorable are 1 1 percent. That pointed out when we look at the controversies, criticisms, the volume of the community representative, not proportion to volume of noise.

I need to keep that in mind, when you are trying to do the greatest good for the greatest number of people you can’t let a small but well-spoken minority deny them progress or benefit. That’s what we have seen o. we think timing is of the essence, we need products on the street this fall. The latest people could start to buy, adopt, implement, have meaningful use by twents 2011. We will launch a program this fall, based on what you are — implement in January after HHS implemented interim final rule. That would be valid 2012 and in future years, we can talk about later, it’s a two-year timing model to match your model. I look forward to your questions, will turn it over to Bryan.

I didn’t A announce, but we want time for questions,

— I will be brief. A little about my backgrounds, probably the only person who will present today who is not a technology first. I am a healthcare analyst. I advise a lot of very large companies, starts-ups as well, in technology and other sectors of healthcare. I run an on-site indigent care company that offers home grown EHRs, clinical group ware technology to run those clinics, very comprehensive. While I have a big interest in this area, this is not my primary area, I am not as deep into it as everybody else here is.

When I was asked to present, I wanted to present the most obvious issues that made sense. So with that, the principles, should represent the public rather than special interests. It’s clear that CCHIT is compromised in that way, it projects special interest conflict, the executive director came from hims, the chairman of the board is president of hims and is dominated by a vendor mentality.

I only got here just before lunch, but the testimony I heard since I arrived is all about how we’re still in this place where we do not yet have interoperability. The place I work is about power and money. I think these are expressions of how corporations exert their influence in the marketplace. If we still do not have interoperability in this day and age after all of these efforts, it says something about who is controlling the process.

The second principle is that we should have broadly aligned HIT policy that supports the larger reform goals, the rapid distribution of technology, usability of technology, and lower cost all through innovation. Currently, in the physician practice EHR space, CCHIT has focused on features and functions, rather than on standards, security, those kinds of issues. We have very, very high cost for entry, and as a result of that, currently, a very small minority of physician practices have health IT deployed. Another very large percentage of physician practices, that do have it deployed, have turned off many of the features and functions. If anything speaks to meaningful use, if somebody turns something off, that says that it’s not.

The third policy is that HIT policy should look forward, not back. This is the issue that says there is a virtual explosion of new technologies in the marketplace, web-based technologies, all kinds of new registries, ways to move data, ways to do analytics, bring that to practice, all kinds of wonderful functions, and for us not to pay attention to those, but to focus on very narrow conceptions of what health IT ought to be is doing ourselves a significant disservice. It’s cementing in old technologies and setting us back a generation, in my view.

So we should think very — on my work on health 20, healthcare technologies, the things I see are remarkability. Practice management, identification of risk, management of risk, chronic disease, and all kinds of other areas, all of which are focus on what it takes doctor, clinicians to do their job in different settings. More and more functionality, ultimately spreading out in ways we never thought through in very good ways.

This doesn’t come through, translate either, so well, but, again, I agree that interoperability, which we have heard echoed over and over, does not exist out in the marketplace. It’s a priority for everything, for coordination of care, data aggregation, pricing, performance transparency, for comparative effectiveness research, decision support, patient engagement, all these issues depend critically on the ability of one system to be able to talk seamlessly with another. Those standards have not yet been developed adequately so they are in the marketplace in a significant way. That is holding our entire system back, hostage.

We have to focus on that in a very, very big way. CCHIT has dragged its feet on this. We are only at level one, text-only exchange within CCHIT. We could be doing so much more. It’s important to note, critical to note that a lot of organization are simply just ignoring credit CCHIT. Beth Israel — New York Presbyterian, all these organization are busy exchanging data, going outside of CCHIT. So, while we are busy establishing guidelines or criteria, the market is going to do what it needs to do to get things done and move forward. That is an important point. When the market begins to ignore what you are doing because what you are doing isn’t keeping up, that means you are not current.

So, the question is, what do we do? My argument would be as it is currently constituted, CCHIT gives HIT legacy vendors — threatens to facilitate an approach falling short of healthcare reform’s goals. I would argue two things. One is whether or not it is actually conflicted, it certainly gives the appearance of being conflicted in a way that would not be tolerated throughout most of the private sector.

If I sat on the boards of a corporation, I had the appearances of conflict, I would not be allowed to remain on the board of that corporation. That’s the way the world works. The CCHIT executive team leadership should be at a minimum, if it’s going to remain in place, CCHIT, should be replaced.

Secondly, you could reduce its role in defining the certification rules. Go down path. Other organization could be designated to perform these functions. There have been articles in the Post about the extraordinary exertion of influence over policy, and this is too critical to the future of healthcare reform to allow this to go on. At a minimum, I would hope this panel give consideration to these issues, and I thank you very much for your time.

Well, thanks very much. I am happy to be here, talk about standards, harmonization, and the way it’s articulated, other organization. A quick comment, of course you guys live in all this committee structure, but everybody who is a stakeholder should know, HITSP fits in the following way, the policy committee gives us the priorities, the standards committee makes sure the transactions that meet priorities are well-described, HITSP has been the 70-member organization, open, transpiration parent process that gets to the bit expws bytes of figuring out the standards that meet the needs.

To tell you about what we have done, how we have recently changed and going forward in thor a of ARA will be well aligned CCHIT. If all the other stakeholder organization, figuring out the hundreds of standards that are the most appropriate. We have readiness criteria. Was the standard developed in an open, transparent process, not by some person in a garage. Is it going to be supported going forward. We want to make sure standards are there for today and tomorrow. Implementation guidance. We have this challenge sometimes, we are asked to create harmony where standards barely exist. We do our best to look to the marketplace, nationally, internationally, find standards well-described, tested, and where necessary, look sometimes out of the healthcare domain, grab standards that are emerging. This provided an interesting challenge as we worked through the credit check be CCHIT standards — level of maturity, 1 through 4 on each standard, so you can get an understanding, widely deprovide, ployed or so —

Several of you participated in the use case study. These were specific actors, actions, events. They weren’t transactions or meaningful use. Such things as if you are a doctor,ment to receive a lab result from a laboratory, here’s a specific use case, set of transactions that need to be supported. You are a hospital, want to submit to CDC, here’s the set of actions — the challenge, the comment you made about the modular or homegrown approach, you say actually, doing a very complicated transaction, patients here, providers there, surveillance, public health, the use case approach didn’t allow you to take pieces, parts of standards and mix them in an innovative way. You will see how we evolved that. The areas covered, still useful, if the use case is what you want to make sure you have interoperability around, the lab use case, submitting by surveillance data, specifically submitting problem list, medication, allergy, lab, registration data, to a PH R from an EHR. How you ensure a first responder in mass casualty event would retrieve data — how you transport data a network, mixed media, from a USB stick, DVD, how you document quality metrics, and work closely with the NQF, national quality forum. How you define the quality measure itself, because the challenge with a lot of quality measures, they weren’t created with EHRs in minds, and so they will have data elements that might be manual paper processes or chart abstractions. Figuring out how to define the metric, show its discreet measure per patient, over a population.

All the medication management standards for e-prescribing, potentialized healthcare, the genome and family history, examples of cutting edge. So new that HL 7’s work groups came up with them this year. As we declare for the purposes of meaningful use, what is appropriate, we will list, but this is a more forward-looking standard, 2013 or 15.

Standards of care, lifetime record, images, EKGs, all radiology tests. Lifetime immunization records, how you deliver a vaccine in a case there was a pandemic, match supply, demand. Public reporting of specific identified infection diagnosis, reportable diseases, how doctors, patients interact securely use egg web framework, and how in the home you have a hub such that you could take a scale of — to a PH R, EHR, the Microsoft folks, Googles, other PH Rs are embracing.

Now, we are in the post ARA era, how do you think of things differently. We got together some tiger teams to take the use cases, repurpose, repackage. Over the last 60 days, we — taking the standards accepted or recognized by the Secretary and packaging in a context of web service type approach, we would call a capability, such that any EHR or PH R, anything Mark described, complete, modular, self-built, can take this capability, integrate the set of standards without having to refer to a use case.

We do this in a paper based and electronic publishing format, how you do not only the data content, vocabulary, but secure transmission and supported a whole set of value sets such as gender, marital status, variety of things folks need standardized.

This is the list of the 31 HITSBE — if you want to do administrative transactions, here’s how you do benefits eligibility, referral — clinical operations, if you want to communicate an ambulatory e-prescription, hospital based, how you do it. How you handle structured and unstructured documentation.

I know, because I build she’s systems over day, it would be fabulous if every doctor woke up thinking about SNOMED, great for decision support, but alas, not all systems support, not all doctors have EHR implementation, quite the ease of use to control vocabularies. The how I take a note, a pdf, transfer from stakeholder to stakeholder, as well as the more highly structured medication list, that type of thing. As you folks think of meaningful use use, 11, 13, 15 T may be unrealistic to suggest every aspect is highly codified in 2011. We have given you both options. If it’s there, absolutely use it. For 2011, unstructured may be a start. A whole population of health measures, as you look, public health submission, quality reporting, all of the basic capabilities are there.

All of that work was handed off to the HIT standards committee, and the committee, which I co-chair, has clinical operations, clinical quality and privacy and security work groups. Their charge is to deliver to the HIT policy committee next Tuesday. We have one week left, a complete matrix that takes all the meaningful use and the eight desired statutory criteria, put every standard named next to every one of those and it’s level of maturity grade, giving the guidance to 2011, 2013 and 2015 capabilities might be.

A quick comment on the taxonomy. A category one is widely deployed in the industry, we know what it costs. HL 7 interface, costs $500, we have done that.

It’s pretty early, but to Mark’s point, you could push the vendors, David Blumenthal suggested it’s worth pushing a bit, not quite deployable, a work in progress, standard vented yesterday, no idea, haven’t begun the [indiscernible] process yet.

Example of showing how for e-prescribing. Some very well — the data, we haven’t figured out controls substances, DEA hasn’t figured out — fingerprints, that’s a later effort.

Quality work group will be feeding back to you folks all of the data types necessary for measuring quality. Over 38 data types, and categories, we will describe with those the same sort of nomenclature on the level of maturity on getting a lab value, problem list value, various time-date stamps to measure quality and as described earlier, the transaction to transmit the quality measure to a public health or other reporting entity. You will get all those.

This is an example of how you start thinking about quality measures in terms of post ARA data elements instead of veer verbiage.

Every single transaction you would need to protect privacy, security, authorization, how you handle — some of the standards are very well described, and some are so new you will see the — some may fall easily into 2013 or 2015. Highly desirable for privacy and security, but maybe you start with secure transmission of data from place to place with basics of auditing and layered on top of that as you go forward.

Some examples. We think about security as three things: Can the product do it? Web-based transmission using certificates. What infrastructure should be deployed, and what’s the best practice? If you have a certified EHR with web-based standards to exchange data, and everybody gets the same user name and password, that’s probably not secure enough.

So, the timing on all this is very fast. We have had our first meeting of the standards committee in May. Second meeting, divided into work groups in June. Finishing up meaningful use matrix, maturity, will deliver on the 21st and continue to support all the activities of the HIT policy committee over the course of the writing of the final rule. Final statement, I hope that all of the work we have done to support the HIT policy committee, standards committee is now helpful to the certification process, because everything, to your point, actually is written in terms of meaningful use. Mark was given use cases in the past. He now will be given a set of meaningful use standards and interchanges which should be easy to test and certify.

Definitely a pleasure to be here. I am Keith Walter, a family physician, and inform at sift. I wanted to do, from the perspective of the American Academy of Family Physicians, very small practices in rural America, trying to take care of patients, get good quality care and care continuity.

As you are acutely aware, at a critical point relative to health IT and healthcare, decisions made today will have a lot of impact making this a smooth path to healthcare reform, or make things more complicated.

Information technology needs primary care practices and a reformed healthcare system, dramatically different than much of the technology deployed today.

Although we have idea of what those needs will be, there’s a lots of uncertainty about the specific needs of those physicians in that reformed healthcare system.

We suspect some of the low rates of adoption of technology today is partly due to that mismatch between the needs of those physician and products and services available today. Decisions around certification must limit the unintended consequences, embrace innovation and ensure meaningful use can be achieved. For these reasons we think certification should be simple, flexible, focused on interoperability standards and safety issues.

Although we are talking today about certification, I will talk a lot more about interoperability standards. Standards are not sufficient, necessary, but not sufficient. We really need to align the business models. About six years ago a group similar to yours, the American Health [indiscernible] community said we need a break through in two years to replace the clip boards, very basic demographic information on paimps, medication list, interoperability across the healthcare system. We are six years from then. I argue we don’t have that widely available.

We have done a lot of things in six years to try to drive selection of standards, harmonization, certification, but if we don’t align the business models we won’t get — it’s important to distinguish three separate activities when we talk about certification, efforts and discussion around that: Validation, evaluation and certification.

Validation is the testing of appropriate use of system. That’s what’s going to have to be required to determine if a physician or hospital is meaningful use, what Mark Leavitt talked about. CCHIT is not here to do that, not a plan to do that. Don’t thank should be part of the certification process.

Secondly, evaluation of testing, performance of a system or how well does it work in a particular environment, there’s really different ways to pass that evaluation. We heard earlier, for me meaningful use may be different than me as family physician. Certification is the testing of the required at beauts of a system. To limit unintended, and focus on certification, not evaluation, and validation, allow other processes to take care of those concepts.

[Captioner transition.] >



Not using the technology that is certified, the system now becomes involuntary. And for this reason we think certification of all Bye systems should focus solely on hand parents of of its systems in ARRA — bought reporting and we think it should also look at those issues around security and safety.

This of course does not preclude the market from treating other certification process is that go way beyond the scope of the ARRA or just above the scope of the ARRA.

We need a health ITI certification which focuses on safety and standing certification plants. — When you buy a lamp, you all have major that is not going to harm you or your family if used appropriately, and also make sure that the light bulbs and electrical plug are interoperable with other light bulbs and the actual plugs.

So we need to certify Health ITI so it does not cause harm to patients or providers accuser. Appropriately. [indiscernible] as the performance evaluations on the lamp or [indiscernible] three ways which are at an appropriately opaque shades or if this might style is appealing or not. … bought back class and that was mentioned earlier and many others are providing some of those evaluations based on Health IT products and features and functions. [indiscernible] basic safety. We have a concern that if we step away from Interoperability with Interoperability being so difficult, we will quickly start focusing on features and functions and the great things we know we will have and will get up to six years and will get the true opera ability that we need.

And [indiscernible] decrease the cost, competition can Help Drive down the cost of certification and allow for further innovation and certification. The National Park Institute of Standards and Technology and the opposite the national coordinator could set the criteria that is required to have the ARRA qualifications and allow that to be uniform across the different entities. For the perspective of the physicians in small practices, certification will be most effective if it allows us to lower that age are technologies that are required and provides a pathway to the incremental adoption components that are determined to confer status on doctors and practices.

Finally one of the points we want to make sure we emphasize, the changes in information technology last several years, really involved in the health-care system involves technology infrastructure that is not based on my elastic, predetermined or pre defined products, but more on the general purpose platform that collects simple applications that to its and will pass well and reliably. Certification must allow and encourage decoration of modular platforms and applications which allowed a clinical practice to put together and integrate a combination of applications that allow them to be successful in their local anti environment. The certification must also increase the standard based options that are available two physicians to make sure they can — Health IT the infrastructure in both design and delivery. It as a pleasure to talk with you today and an accord to the questions.

Thank you very much. We have about 25 more minutes for questions and have liked to go ahead and start. And I think we should narrow the criteria were certification to just meaningful use, because [indiscernible] to a detailed and functional in nature.

We have heard other things Princetons, some of the innovations you have mentioned, but I am not aware that google or Microsoft or any of those things have any impact and was the cost or quality whatsoever. So it would appear that there are some balances that we need to achieve. Does the ESR M [indiscernible] — but they were a bad thing?

Well, or example, [indiscernible] certified modules, data and have a comprehensive peace and with the focus of federal standards which are Interoperability, security, and some key operational abilities to support me please. One is to gauge patients and families, and requires some Interoperability and assumption nullity. That is what we’re talking about focusing on. In most cases where people talk about it later when it certification, I think the key to program speed to that and that is the intent of it. In the requisition that we define the only certifiable EHR to be the only EHR, we keep out innovation. [indiscernible] [indiscernible] so basically I don’t think you could, but they think will certification model or a single set of criteria that would satisfy those diverse needs, and we have already had a diversion in the need to and bottles and will continue to do that, and we are prepared two offered different sizes and styles of the can meet the needs of the committee and have certified projects and as fast as you can get and there have [indiscernible]

If it focuses on Interoperability, we would have to decide [indiscernible] modular approach, I will focus on Interoperability and many bullions. And monolithic [speaker/audio faint and unclear] if we say it has to be a moralistic single Vander EMR, we have excluded that other piece on the marketplace. And as we move toward health care reform I am hopeful that the technologies that by members put in will be more about how I take care of my diabetic and I get my EMR coding done correctly.

As a backup, how do we insure that the problem that Paula described in the previous panel is nothing institutionalized with this approach?

Which one, she had a lot of them?

[indiscernible] the Hut is for one out. Between the operations you have to standardize the data [indiscernible] and HITSP agreed upon, we don’t have that, and it would require threw out the nation’s entire historic investment and Health IT systems which would be 100 or $200 billion, it is a $20 billion a year industry, so that is a couple hundred billion dollars in investment in have to replace to put the mall on the standard data model. And if we did not answer and cells with the internal data model, so we can export ourselves in a data model, [indiscernible] [indiscernible] and HITSP harmonized that to CCD and two contradict something the Prince said, [indiscernible] Anna CCD Borba. What is missing? The HIE that were promised. That program didn’t go anywhere. So that would be hooked to a halt information exchange that was the hub and that would go to the other a chart. We did our part and nature that the H.R. Escobar able to import and export that format but whenever stepped up and created the business model for HIEs whether it was private or public models supported and if you have seen when you have seen them all. There are no standardized. And none of them are receiving are sending the standard format that the committee approved. So I think that is where you should look rather than bring to be it on a jar.

One quick point, with the 2,008 criteria for the CCD or the continuity of care a document, there is a high level [indiscernible] [indiscernible] [indiscernible] Can people and if we talk at [indiscernible] looking forward thinking [indiscernible] for the market is the question as it would focus on Interoperability and keep it focused because maybe push Interoperability because we don’t have 400 different the nationalities that we are trying to push on.

And as to your point Mr. Kennedy, that google and [indiscernible]. But the charges in quite fair. The buyers Health Care action group [indiscernible] Carlson, they have now demanded that all health plans in Napa region handled with the data, and it is dropping into health bald, so that any patient can [indiscernible] the drop in all the historical claims data, we to all of the blood draws and we handled the risk and in a handle on the risk, so we go after the comics that are 70 percent of the money, the pair them with an in-house Paris and we go after 66%, and we can accept data anywhere, can’t send data anywhere, but the fact that will — in a major health Systems is saying that we had to forego our investment in a major ITI platform. Because we could not make that work and it was dangerous. That is unacceptable at this point, and that is pervasive throughout the system. So, if we can agree on nothing else, which should be able to agree that Interoperability is absolutely Joplin at this point. There is no excuse for not being able to get that done.

Okay, thank you.

In question Port stephen Waldron, it talked about three division and the platform applications along along the lines of what was said this morning and he said certification should not forestall that vision. So simply just not certified on monolithic systems, that meets the requirements or [indiscernible] other things, and that certifies the platform and the applications or just the platform?

It is really the B module [indiscernible] is it [indiscernible] at this point where we are at today, it is important to understand that we’re talking about certification and what we are going to certify in 2011, but also saying where is the market going to go and 2011 and 2020? If you say it will be a monolithic system, but you talk to the dock today, and say applied EMR but I don’t want to deal with the companies or in pieces, but I don’t blame them, but we don’t allow the market to create a prop for the Mac platform that is interoperable or plug and Play, being able to and what they want, and I think we have the ability to certify the different modules, but I think where we are at today in 2011, I note that there will be modules or a platform that will be individual modules, it will have to be certified.

If we have two organizations that want to exchange, and we have Paulist within our organizational walls, let’s for a moment the excellent about it goes through HIE or doesn’t. In that context, two organizations want to exchange, and we have the category of one set of deliverables which we will see some time next week and we certify those category one how much progress we have made in addressing the broader away bought back in the ability of providers to exchange?

Let me start with that, and one of the things that we recently did in its recent work, we ought Mike we could have EHR, or HIE two between 20 or what everyone, and we were constrained enough that right with the [indiscernible] to the standards [indiscernible] like a USB from epic deserter? Now. Is it so constrained that it throws out the system? No. So bought back $1,000 interfacing problem, yes, so ideally with my ticket to a petition chitons, [indiscernible] 102,100 eventually it just Works, but now it is constrained a whole lot better than it was.

Okay, so we will drop the cost of the participants wanting to do this. In what categories of data will be able to drop the cost? Because it would be taxonomy of 1 to 4.

Let’s just go through those. The laboratory results reporting has been standardize on a single version of HL7 with a simple set of vocabulary, and some of those Paquette theories are. Widely deployed and some maybe more forward-looking but I think you should be able to interfacing nightmares of the Lockerbie problem. Now bought back described at 30% through his best efforts, they could get back into pieces [indiscernible] that problem should get a whole lot better and costs should go down. And it today because prescribing transactions are premature, some are for work looking like filling of the medication refill at a pharmacy, we constrained those polled pollen, how do we get the benefits eligibility and the initial Phill and refilled and formulary drug-drug interaction and it should be widely deployable across payers and interactions and pharmacies. But the clinical summaries exchanges, [indiscernible] I [indiscernible] it is a stern but we do provide enough detail and if he wanted a that this [indiscernible] is one way to do it, and on the quality side, the reduced cost, [indiscernible] require a grain delivery of data that that stocks don’t get record, so we will just say, some quality will be easy to report.

That particular point is one that is important. And providers will have the incentive to take the extra time and effort to define that snow medico Dorothy correct ICD nine code, will be able to get it either.

[indiscernible] make the systems capable of exchanging, but if this health system would go back to Portland, hometown, [indiscernible] the CIO [indiscernible] if I share the data you will benefit from investment, so bought back. [indiscernible] came right out in Portland and that is what killed the butting HIE. It had to have the two motivation and incentive to do it. You can get that by paying part that the exchange but ultimately it to pay for depth better outcome, and it’s on is that better than [indiscernible] participants [indiscernible] technology to be the limiting factor, but right now, except in cases — Paulus example where she lapmack the data, it wasn’t burgee [indiscernible] but I think in many more cases where patients see another doctor or go to another hospital, if we wanted to make that happen and we found a way to do it, died of wait we have found a way to get the claims submitted electronically and swiftly because they don’t get paid for it. They don’t get paid for avoiding areas yet. So I think that technology problem will take care of itself. So that will take care of [indiscernible] [indiscernible] and by the way, that was one of the biggest problem [indiscernible] going on in the standards area. And by the way, demand when the harmonized it.

A couple of questions. We had [indiscernible] talked about difficulty or nonstandard its and the use of exchanges by HIE and HealthCare exchanges, so my question is, should these organizations or systems that send data to — or receive data from electronic health records, chateaus be specified against Interoperability specifications?

This is one of the debates we actually had in at the standards committee and the call this the ecosystem’s problem. If we had three fax machines of the world, that is not helpful, in need to. So will of the data sources be able to send data to the receivers well all of the receivers are able to incorporate it? You really have to think about Paul sites of the equation and and pick everyone has been talking about incentives, and that is, one would assume that if meaningful use and reimbursement which only happens if you are using a HL7 251 message, everyone in the country with the highly consented to picture they are sending at in that simpler format. Subpart this will the customer given, but certainly given it some thought to, if you are not MacKay lab or radiology center, there needs to be at least some oversight.

What about the HIE set up in different states? Can’t they just be the same standards and this is what you do?

Well if you look at the incentive side of things and the regulatory side, the incentives of believe has $3 million on the HIE side, and will reduce the sentence to Tuesday’s recognizing interests and the [indiscernible] 2009, he would think that given the economics and given that regulations, these HIE as come would adopt the standard formats.

Okay. Mark, he said something about, you all ascend HIEs were going to be there, and it made the hair on the back stand up, and I ask all of you, are there any and that it assumptions like Apple, that we step back and look at it critically?

Yes, that was one, that the architecture but the HIE and [indiscernible] as opposed to peer to peer kind of thing. And another huge issue this data ownership. We don’t know yet what happens when you mix together the system that was described in Tennessee, I guess Bill said it describe it when they bring all the data together, what happens for their reliability standpoint when you start to see in your [indiscernible] when the you see that would need a Pap smear, and you [indiscernible] your mind the girl to go back to the oncologist and on and on, so we haven’t wrestled with liability issues or turf issues, which will come up as you said to start to reformat the American health care in this different model in different homes and longitudinal care, and it could go on and on, but it will never finish if you tackle that. He will have whatever it is impacting can within the context of health care or as it stands with reform.

There is something that is so obvious to us now because we have all decided that is the way it is going to be. And that is not clear in the and if that is really going to be the way it is.

[speaker/audio faint and unclear] does not make architectural assumptions, so let’s imagine that you want to push data from hospital to a provider, well, there has to be a provider in the company that tells you how to get it from here to there. [indiscernible] or in another way, suppose I have visited an emergency room and I have ever been in hospital before handing want to create there are records about me, that would probably require Ida so we can use the standards for that. We don’t require it, but if you want to do a poll, you need to have been attacked.

And it was awesome it the assumption that the standards of this petitions that we put together can be deployed, and will work. But I need it is an interesting that you said, would like the fact that in CCHIT, an author never to do about [indiscernible] Sure scripts certification is all about how the connection with a piece of data from Point A two-point B at the cabin, with his petitions we have treated, but her two attempt to make sure we have everything but have we really depleted and world world, but with all the other different issues, we talk about how we have to tweak this or to become that and I think that the HITSP will have to have more work to make it out there.

That is exactly right and that is why we have asked [indiscernible] workgroup perspective, bought HITSP, but actually put, you guys, real-world declarations of the play ~ So that you as a policy committee will be able to assess 2011 and 2013 and based on an lot of Industry output.


I am dead and McGraw, I marked the Center for Democracy — Devon McGraw, and I am on a couple of other work groups and also on the policy committee, so thank you for letting me ask a question.

There has been a bit of discussion about the role of health information exchanges and I am glad to here the feedback on creating standards that are in essentially architecturally neutral, because while there have been some pillars of HIEs around the country, they are actually doing quite well, and there is a substantial amount of money that can go to all the states that can invest in infrastructure so we can’t really isn’t that they will all go away. So this question is directed at you, Doctor Buffet competition and with respect to Interoperability is suggested the breakdown was actually with HIE, which leads me to ask what are you actually certify HIE today?

We have not certified in any HIE yet but we graded criteria for them and it certifies that we can send and receive the same transactions that [indiscernible] had said. So they can pass a CCD but is what the HIE can send and receive. But we have the program on hold waiting to hear what the HIE are actually going to look like and what the updated standards are going to be after HITSP gets on with this phase of the work.

This is a question that has been bothering me for a couple of weeks. How do we know that the person that presents at CCHIT with a product and demonstrates that product and shows that the product works spectacularly and shows it does all the things it is supposed to do, how do we know that when they go and turn around and purchase the product, it is exactly the same project, a product that was given to you?

That is sort of the paper where program. And under the past programs, all the programs today, rejected the versioning of the product was the same as the documentation of the product that did not change during the course of the [indiscernible]. So that we have to verify that that version was in use at at least one live side. So at least one site is using it.

Yes, but isn’t it possible for some vendors to make changes in acres and to make it possible for it to pass, even though it has the version number on it, even though it doesn’t appear in the roll world and it is something that someone used some of their fine engineers on two change, just so it will look good?

Well that would be subpoenaed in fraudulent application and we had some safety mechanisms for that and it is basically a customer complaint process. So if someone is using his trip by product and it does not have the functionality to meet the [indiscernible], we have two [indiscernible] if they can’t can’t satisfaction from the vendor, we have a complete process and it can go on with aptitude polling that enters certification. It hasn’t gone that far but it has caused us to do is some extra testing, so we have some 60 vendors for life that bought and paid them all offer some two my pad, but it right to be reasonable you are not talking to other sites and making your own reference checks, are not equipped to buy in the EHR or you are equipped to buy as a brand new customer and we know that. If we require 10 new sites on all [speaker/audio faint and unclear] provisional certification that is labeled as such. Once you have applied site in the future program, that is more like 10 sites and it is the full certification.

Thank you very much. I will say the key to the panel.

Before we leave, Brandt made some interesting comments about sands and conflict of interest in terms of fairness, and bought a Wiki the intent, if you could do it very briefly, to respond.

Okay, Deborah and number of statements that were not actual correct. CCHIT was founded by an equal partnership of three organizations. The health and permission management professionals, and both [indiscernible] and an American Hospital Association, so two provider group and one that is half providers and half vendors. Under the contract we were required to be independent by the end of the contract and we have completed that. So we are an independent Pfizer one C three project with Bell Pac two content. And is working there before I worked for CCHIT and since then I have worked for CCHIT full time. Bright with the question about who is paying me, in the contract, all of the staff, since it was a contract organization, all of this step was contacted to one of the founding organizations were contacted on the open marketplace. We were all contractors and CCHIT would pay teeten by salary and and so it would come. HIMS. So over the span of the contract, we had to get her own space, we had to set up our own peril system, and set up our own health benefits. And one of the reasons I am so for health-care reform, had a hard time. And those [indiscernible] switch over as quickly as people look like, I [speaker/audio faint and unclear] Tri-State on the HIMS program but there is no management or resigned or bonus program, just a pastor of the money. That is done, we have health benefits full-time at CCHIT. The jumper testes and Parma of our commission is to report vendors and the formula for our trustees is two of of 9BB tenders. We have the vendor and Steve Lieber ahead of him who he we have classified as a vendor because many people say that it’s a bender. That we raise the point, if you exclude vendors, if many people [indiscernible] many vendors to participate in your program or be on board, that is like saying, what’s Creek as system test cars and attacked anyone who has ever design or build cars on the board. No one knows about cars. If you exclude the vendors, you probably exclude to three to court reports of the people and Health IT. So to me, it isn’t in the people have created to question her question ability. And I say often, for yielding stock we have, the only stock we have is our credibility. So the smartest way to bought that down to be to attack her credibility. But I stand by what I just told you, and awesome, I have been in health-care over 25 years, health care 235 years in Health IT, and I think those thence it on public stage and [indiscernible] an additional should at least talk to that person. We all have had a track record and —

Thank you very much.

The purpose of all here, no one has subpoenaed anyone personally. That is the second time you have made that charge. R unfortunately, Mark, inconsequential and not part of the discussion. What matters is there is $119 million of federal money on the table and that the eligibility criteria will be used in some way to steer that money. And so it is. Very important, as I said, whether the conflict exists or not, the appearance of the conflict cannot exist. And anyone who has difficulty seeing that would have difficulty working with the clients that I had. And it would not be allowed. We are talking about a major issue at a time in America where we are in severe crisis. The record that we have had heard described, in many instances today, all of that plays into it and it doesn’t have anything to do with a personal agenda. It depends on if this is good public policy or not.

Given to the $19 million that is the people’s money to that is time for the public comment. But let me say, and thank you for that panel.

Now we will start the public comment. There are two people who actually already asked to speak so I will call them to the microphone. A first is the representative from AMIA. Is that person here somewhere?

Okay, moving on to the next person is Kathleen Conard from Microsoft. Are you the Microsoft person?

I had to stand, do you want to speak?

[speaker/audio faint and unclear]

Could you come to the microphone?

Answer, stay right there, it will be next.

I just wanted to correct the record on what backers sought is supporting a lot of the HITSP standards and at this juncture, we do support HITSP but that is not a particular HITSP specification [speaker/audio faint and unclear] funding efforts specification. And that we also support the cc R.

This is the public comment phase, so people may live up here at the record on two make comments and also there is a process by which they can phone in comments also.


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: