Town Call: Certification of Personal Health Records (PHRs) Mark Leavitt, MD, PhD – Chair, CCHIT Jody Pettit, MD – Strategic Work Group Leader, PHRs Friday, Oct 10, 2008 4:00 pm Eastern / 1:00 pm Pacific (60 minutes) Participant Dial-In (877) 313-5342 Conference ID: 65204557

Today’s Agenda The Personal Health Record (PHR) concept Why is certification important? What can I expect from certification of PHRs? How can I find out more, and participate in the process? Question and answer session

The Personal Health Record (PHR) concept

Why is certification important?

What can I expect from certification of PHRs?

How can I find out more, and participate in the process?

Question and answer session

The Personal Health Record (PHR) concept

The benefits of having a Personal Health Record Having your personal health information available -- whenever and wherever you need it -- can: Save your life in an emergency Reduce the possibility of a medical error Save time for you and your health care providers Give you more choice and control Help you and your doctors make better-informed decisions

Having your personal health information available -- whenever and wherever you need it -- can:

Save your life in an emergency

Reduce the possibility of a medical error

Save time for you and your health care providers

Give you more choice and control

Help you and your doctors make better-informed decisions

What can a PHR do? Without a PHR Your health information may be scattered – among doctors’ offices, hospitals, pharmacies, health plans When you move, or need care in an emergency, your health information may not be readily available With a PHR Your information can be gathered together in one place Your information will be available in an emergency You decide who may access it

Without a PHR

Your health information may be scattered – among doctors’ offices, hospitals, pharmacies, health plans

When you move, or need care in an emergency, your health information may not be readily available

With a PHR

Your information can be gathered together in one place

Your information will be available in an emergency

You decide who may access it

Why is certification important?

Certification: ensuring products work properly and safely Electrical devices are tested and certified by Underwriters Laboratories (UL) Vehicles are crash-tested and rated by the Insurance Institute for Highway Safety Healthcare information technology is inspected and certified by the Certification Commission (CCHIT)

Who is CCHIT? A nonprofit 501(c)3 organization with a public mission: Accelerate the adoption of health information technology Reduce risks for people using health IT systems Ensure health IT systems are “interoperable” (can exchange information accurately) Protect the privacy of health information Officially recognized by the Federal government Has inspected and certified over 150 of the health IT products used by doctors, hospitals, and emergency departments to maintain electronic health records

A nonprofit 501(c)3 organization with a public mission:

Accelerate the adoption of health information technology

Reduce risks for people using health IT systems

Ensure health IT systems are “interoperable” (can exchange information accurately)

Protect the privacy of health information

Officially recognized by the Federal government

Has inspected and certified over 150 of the health IT products used by doctors, hospitals, and emergency departments to maintain electronic health records

How are testing criteria developed? Testing criteria are developed by volunteer expert panels Volunteers represent a wide range of stakeholders The panels draw upon available standards whenever possible The public is always invited to comment on proposed criteria during the development process

Testing criteria are developed by volunteer expert panels

Volunteers represent a wide range of stakeholders

The panels draw upon available standards whenever possible

The public is always invited to comment on proposed criteria during the development process

Criteria Development Process Inputs: * Scope Guidance from Commission * Roadmap (from previous year) * Future Directions (from previous year) * Environmental Scan: - Use Cases from AHIC - Standards from HITSP, SDOs - Market research - More Develop Draft Criteria Refine Criteria and Develop Draft Test Scripts Proposed Final Criteria and Test Scripts Final Criteria and Test Scripts Public Comment periods Pilot Test Launch 09 Certification A consensus-based process with many opportunities for broad input

PHR Advisory Task Force Mark Leavitt,* MD, PhD (Co-Chair) CCHIT Paul Tang,* MD (Co-Chair) Vice President, Chief Medical Information Officer Palo Alto Medical Foundation Abha Agrawal, MD, FACP Director, Medical Informatics, Associate Medical Director, Kings County Hospital Center, Brooklyn, NY Richard D. Benoit Dossia Ecosystem Development, Director; Senior Program Manager, Dossia and Intel Digital Health Group Lorraine Tunis Doo, MPH, LEED AP Senior Policy Advisor, Office of e-Health Standards and Services, CMS Steve Findlay, MPH Health Care Analyst, Consumers Union Meighan Girgus Executive Vice President, Healthcare Markets, American Heart Association Theresa Hancock, PAHM Acting Director, Office of Information, Veterans and Consumers Health Informatics Office, U.S. Department of Veterans Affairs Leslie Harris President, Chief Executive Officer Center for Democracy & Technology Missy Krasner Product Marketing Manager, Google Health Steve Lampkin, FACHE Vice President, Benefits Services & Strategic Initiatives Wal-Mart Stores, Inc. Holly Miller, MD, MBA Vice President, Chief Medical Information Officer University Hospitals, Cleveland, OH Donald Mon, PhD Vice President, Practice Leadership, AHIMA Carl Phelps Patient representative Anna Lisa Silvestre Vice President, Online Services, Kaiser Foundation Health Plan Michael Stokes Principal Program Manager, Microsoft Corporation Michael Ubl Director, eHealth and IT Strategy Director, IT Strategy and eHealth, Blue Cross Blue Shield of Minnesota *Co-Chairs

Mark Leavitt,* MD, PhD (Co-Chair) CCHIT

Paul Tang,* MD (Co-Chair) Vice President, Chief Medical Information Officer Palo Alto Medical Foundation

Abha Agrawal, MD, FACP Director, Medical Informatics, Associate Medical Director, Kings County Hospital Center, Brooklyn, NY

Richard D. Benoit Dossia Ecosystem Development, Director; Senior Program Manager, Dossia and Intel Digital Health Group

Lorraine Tunis Doo, MPH, LEED AP Senior Policy Advisor, Office of e-Health Standards and Services, CMS

Steve Findlay, MPH Health Care Analyst, Consumers Union

Meighan Girgus Executive Vice President, Healthcare Markets, American Heart Association

Theresa Hancock, PAHM Acting Director, Office of Information, Veterans and Consumers Health Informatics Office, U.S. Department of Veterans Affairs

Leslie Harris President, Chief Executive Officer Center for Democracy & Technology

Missy Krasner Product Marketing Manager, Google Health

Steve Lampkin, FACHE Vice President, Benefits Services & Strategic Initiatives Wal-Mart Stores, Inc.

Holly Miller, MD, MBA Vice President, Chief Medical Information Officer University Hospitals, Cleveland, OH

Donald Mon, PhD Vice President, Practice Leadership, AHIMA

Carl Phelps Patient representative

Anna Lisa Silvestre Vice President, Online Services, Kaiser Foundation Health Plan

Michael Stokes Principal Program Manager, Microsoft Corporation

Michael Ubl Director, eHealth and IT Strategy Director, IT Strategy and eHealth, Blue Cross Blue Shield of Minnesota

PHR Work Group Volunteers Ted Eytan,* MD MS MPH , Medical Director, Health Informatics & Web Services, Group Health Cooperative Lory Wood ,* VP, Chief Security and Compliance Officer, Good Health Network Nicole Antonson, RN, MBA , Program Manager, Patient Safety, McKesson Suzie Burke-Bebee, MSIS, MS, RN , Senior Health Informatician, Dept Health and Human Services Albert Chan, MD, MS , Physician Champion of Electronic Health Record and PAMFOnline, Sutter Health, Palo Alto Medical Foundation/Palo Alto Foundation Medical Group Haris Domazet , Division Lead of Web Technical Services, Epic Systems Corporation Donna DuLong, RN, BSN , Program Director, TIGER Initiative Paul Edge , VP, Clinical Solutions, Misys Healthcare Systems Michael Galang, DO, MS , Chief Medical Information Officer, Catholic Health System of Western New York Lenel James, BS, MBA , Senior Project Manager, Blue Cross and Blue Shield Association Jerry Lin , Product Manager, Google Cortney Nicolato , Senior Manager, Strategic Alliances & Health IT, American Heart Association National Center Jan Oldenburg , Practice Leader, Kaiser Permanente Juhan Sonin , Designer, MITRE Stelle Smith , Clinical Product Marketing Manager, Sage Software James Tosone , Director, Healthcare Informatics, Pfizer Inc Lawrence Williams , President / CEO, Roadside Telematics Corporation Julie Wolter, MA, RHIA , Assistant Professor, Saint Louis University *Co-Chairs

Ted Eytan,* MD MS MPH , Medical Director, Health Informatics & Web Services, Group Health Cooperative

Lory Wood ,* VP, Chief Security and Compliance Officer, Good Health Network

Nicole Antonson, RN, MBA , Program Manager, Patient Safety, McKesson

Suzie Burke-Bebee, MSIS, MS, RN , Senior Health Informatician, Dept Health and Human Services

Albert Chan, MD, MS , Physician Champion of Electronic Health Record and PAMFOnline, Sutter Health, Palo Alto Medical Foundation/Palo Alto Foundation Medical Group

Haris Domazet , Division Lead of Web Technical Services, Epic Systems Corporation

Donna DuLong, RN, BSN , Program Director, TIGER Initiative

Paul Edge , VP, Clinical Solutions, Misys Healthcare Systems

Michael Galang, DO, MS , Chief Medical Information Officer, Catholic Health System of Western New York

Lenel James, BS, MBA , Senior Project Manager, Blue Cross and Blue Shield Association

Jerry Lin , Product Manager, Google

Cortney Nicolato , Senior Manager, Strategic Alliances & Health IT, American Heart Association National Center

Jan Oldenburg , Practice Leader, Kaiser Permanente

Juhan Sonin , Designer, MITRE

Stelle Smith , Clinical Product Marketing Manager, Sage Software

James Tosone , Director, Healthcare Informatics, Pfizer Inc

Lawrence Williams , President / CEO, Roadside Telematics Corporation

Julie Wolter, MA, RHIA , Assistant Professor, Saint Louis University

What can I expect from certification of PHRs?

How will PHRs be certified? CCHIT is currently developing testing criteria, and plans to begin certifying PHRs in July 2009 PHRs will be tested and certified in these areas: Privacy – safeguarding your privacy is the #1 concern Security – making sure your information is kept secure and protected from unauthorized access Interoperability – a PHR should be able to electronically connect with your physicians, hospitals, pharmacies, health plans and other entities Functionality – ensuring a PHR can do the things you need it to do

CCHIT is currently developing testing criteria, and plans to begin certifying PHRs in July 2009

PHRs will be tested and certified in these areas:

Privacy – safeguarding your privacy is the #1 concern

Security – making sure your information is kept secure and protected from unauthorized access

Interoperability – a PHR should be able to electronically connect with your physicians, hospitals, pharmacies, health plans and other entities

Functionality – ensuring a PHR can do the things you need it to do

What are some examples of PHR criteria? Examples of privacy criteria being proposed: Consent – you should be in control of your information and how it is used Controlling access – your PHR should give you the ability to decide what information is private and to restrict access to it Conditions of use – the conditions for using your PHR should be specifically explained to you Amending the record – you should have the ability to change or request changes to your health record Account management – your PHR provider must provide a way for you to terminate your account Document import – your PHR system should be able to retrieve health records Data availability – your PHR should allow you to view or print your health information whenever you need it

Examples of privacy criteria being proposed:

Consent – you should be in control of your information and how it is used

Controlling access – your PHR should give you the ability to decide what information is private and to restrict access to it

Conditions of use – the conditions for using your PHR should be specifically explained to you

Amending the record – you should have the ability to change or request changes to your health record

Account management – your PHR provider must provide a way for you to terminate your account

Document import – your PHR system should be able to retrieve health records

Data availability – your PHR should allow you to view or print your health information whenever you need it

How can I find out more, and participate in the process?

Visit PHRDecisions.com Download the Consumer’s Guide to PHR Certification Sign up to receive email updates Read articles and join the conversation

Want more? Review and comment on PHR criteria Visit www.cchit.org/participate/public-comment Download the PHR 09 Introduction and Criteria documents Follow links farther down the page to submit your comments Note: Public Comment on the First Draft PHR Criteria is open through Oct 29

Criteria Format Criteria description “ N” in the 09 column indicates criterion will be required in 2009 “ R” in the 10 or 11 column indicates criterion is on the “Roadmap” to be required in 2010 or 2011

Summing Up There are many benefits to having your records gathered together in a PHR system Certification is a way of assuring that products work properly and safely CCHIT is the Federally recognized certifying body for health information technology CCHIT is planning to test and certify PHRs for privacy, security, interoperability, and functionality, beginning July 2009 Public comments on the first draft of the PHR Criteria are being accepted through Oct 29, 2008

There are many benefits to having your records gathered together in a PHR system

Certification is a way of assuring that products work properly and safely

CCHIT is the Federally recognized certifying body for health information technology

CCHIT is planning to test and certify PHRs for privacy, security, interoperability, and functionality, beginning July 2009

Public comments on the first draft of the PHR Criteria are being accepted through Oct 29, 2008

Thank you! Q & A For more information: www.cchit.org phrdecisions.com