According to RTI, the purpose of the contract is to: assess variations in organization-level business practices, policies and state laws that affect health information exchange; identify and propose practical solutions, while preserving the privacy and security requirements in applicable federal and state laws; and develop detailed plans to implement solutions.
Groups formed by the governors of 33 participating states and Puerto Rico subcontracted with RTI and have been holding state or territory meetings on privacy issues. According to RTI, another phase of the process calls for participating states and Puerto Rico to send delegates to regional and national meetings to identify common themes and note areas both of consensus and disagreement. The 17 states not participating in the HISPC have been invited to the regional meetings.
A series of 10 regional meetings began Oct. 23 in Kansas City, according to an RTI schedule. A meeting set for Friday in Indianapolis is for HISPC-participating states of Indiana, Illinois, Michigan, Kentucky and Ohio. Roland Gamache is director of the state health data center at the Indiana State Department of Health in Indianapolis and the HISPC project lead and contact person in Indiana, according to RTI's Web site. Linda Dimitropoulos, is project director, privacy and security solutions, for RTI and the head of the HISPC effort for the institute. In response to an e-mailed request for the time and precise location of the Indianapolis meeting, Gamache replied by e-mail that he was referring the request to RTI, which he said was "hosting" the meeting. Dimitropoulos acknowledged she'd received the request for meeting information from Gamache and confirmed that RTI was "hosting" the regional meetings for HISPC, adding, "These are working meetings that are being held by RTI and as such are not open to the public."
Calls and e-mails to AHRQ and ONCHIT, including ones to Robert Kolodner, the new interim head of ONCHIT, asking why the meetings would be closed prompted an e-mail response from spokesman Raymond Sass with the Office of the Assistant Secretary for Public Affairs, which Sass asked to be attributed to another HHS spokeswoman, Christina Pearson.
"This is a deliberative, working meeting of the contractor and its subcontractors about work plans and other logistical issues associated with the contract," the e-mail said. "Federal Advisory Committee Act (FACA) rules do not require this meeting to be open to the public, and the department believes this meeting is being conducted in an appropriate fashion."
Language in H.R. 4157, a federal IT bill that passed this summer but is locked in a conference committee with the Senate, called for a similar study of state privacy law differences as is currently being conducted under HHS contract by RTI. Throughout most of its legislative life, H.R. 4157 also called for giving authority to Congress or the HHS secretary to pre-empt any state privacy laws reported as barriers by the study. The study provision remains in H.R. 4157 before the conference committee, but the pre-emption language was stripped from the bill at the eleventh hour before it passed the House on July 27.
The Health Insurance Portability and Accountability Act created a uniform floor of privacy regulation across all states, but added that states could enact more stringent privacy provisions. Many states have tighter privacy controls than HIPAA in the use of healthcare information involving HIV/AIDS, mental health and drug and alcohol treatment.
In an April interview, then outgoing ONCHIT head David Brailer said there were two problems with the HIPAA scheme that allowed state variability. State privacy laws, he said, "didn't anticipate the digital era, and they didn't anticipate portability."
Brailer said federal legislation pre-empting state laws was not the only answer.
"The main thing that matters is, if states get together and get consensus, Congress will follow; and if they don't, the states will know what to do," Brailer said.
Paul Feldman is deputy director of the Health Privacy Project, a not-for-profit corporation whose aim is to raise public awareness of health privacy. Feldman also serves as co-chairman of the confidentiality, privacy and security work group of the American Health Information Community, a federal advisory panel created last year by HHS Secretary Michael Leavitt.
Feldman was not ready to criticize RTI's announced intention to keep the public from the regional meetings, but added generally that the more eyes focused on a problem the better.
"I'd have to see what the basis is for doing it," Feldman said, but, "it strikes me at first glance as being counter-productive."
What do you think? Write us with your comments at hitsdaily@crain.c om. Please include your name, title and hometown.
