1. PDMP & Health IT Integration All-Hands Meeting December 10th, 2013

2. Meeting Etiquette Remember: If you are not speaking keep your phone on mute Do not put your phone on hold – if you need to take a call, hang up and dial in again when finished with your other call – Hold = Elevator Music = very frustrated speakers and participants This meeting, like all of our meeting is being recorded – Another reason to keep your phone on mute when not speaking Feel free to use the Chat feature for questions, comments or any items you would like the moderator or participants to know. NOTE: This meeting is being recorded and will be posted on the Meeting Artifacts Wiki page after the meeting From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute 2

3. Agenda TopicTime Allotted General Announcements5 minutes Review comment dispositions45 minutes Next Steps/Questions10 Minutes 3

4. General Announcements The PDMP & Health IT Integration All-Hands meets every Tuesday from 12:00-1:00 PM EDT – To participate please see the Weekly Meetings Section of the PDMP & Health IT Integration Wiki Homepage: http://http://wiki.siframework.org/PDMP+%26+Health+IT+Integrat ion+Homepage http://http://wiki.siframework.org/PDMP+%26+Health+IT+Integrat ion+Homepage Note: Please check the meeting schedule weekly to get the most up-to-date meeting information 4

5. Join the Initiative We encourage all members to sign up or join the initiative. By joining this ensures you stay up-to-date with the work being done, communications and any initiative activities. Simply complete the Join Form on the Join Wiki Page: http://wiki.siframework. org/PDMP+%26+Health +IT+Integration+Join+t he+Initiative http://wiki.siframework. org/PDMP+%26+Health +IT+Integration+Join+t he+Initiative 5

6. PhasePlanned Activities Pre-Discovery Development of Initiative Background Development of Initiative Charter Definition of Goals & Initiative Outcomes Discovery Creation/Validation of Use Cases, User Stories & Functional Requirements Identification of interoperability gaps, barriers, obstacles and costs Review of Vocabulary Implementation Creation of aligned specification Documentation of relevant specifications and reference implementations such as guides, design documents, etc.. Validation of Vocabulary Development of testing tools and reference implementation tools Pilot Validation of aligned specifications, testing tools, and reference implementation tools Revision of documentation and tools Evaluation Measurement of initiative success against goals and outcomes Identification of best practices and lessons learned from pilots for wider scale deployment Identification of hard and soft policy tools that could be considered for wider scale deployments S&I Framework Phases & PDMP & Health IT Integration Activities 6 We are Here

7. Comments from wiki: Background… Ben LoyPDX, IncCommitted Member BackgroundI agree with all four statements contained in the Background section. However, although this section states that "PDMPs are state-run electronic databases – functioning in 48 U.S. states and territories..." it does not state that these programs almost exclusively use one or more versions of the American Society for Automation in Pharmacy (ASAP) PMP Standard for collection of this data. This is important information as ASAP has worked to refine this standard over the past 18+ years to address information needs of these various state-run programs. Additionally, this information could impact decisions that the members may make regarding other processes that should be recommended. Accepted with mod We have included this as a potential standard and have included verbiage in the out of scope section with reporting from pharmacy to PDMP Maria Friedman Brookside Consulting Group Committed Member BackgroundWe should consider addressing the fact that there is a movement among states and stakeholders to make it mandatory for prescribers and pharmacists to check the PDMP database before a controlled substance is prescribed and dispensed. This underscores the need for interoperability for health IT systems in ambulatory and acute care settings with PDMPs. Persuasivethat is the point of this initiative. In some states prescribers are required to check the PDMP prior to dispensing controlled substances. This underscores the need for PDMPs to share information with health IT systems in ambulatory and acute care settings

8. Comments from wiki: Background Douglas Blair PAST, Inc. Other Interested PartyBackground The third paragraph seems unnecessary. Since it is also only a single sentence, I suggest it be dropped. Perhaps finish the second paragraph with "However, PDMPs value as a diagnostic tool is severely hampered due to being "stand-alone" systems that are cumbersome and time consuming to access." Accepted with Mod

9. Comments from wiki: Edits Shelly Spiro Pharmacy HIT Collaborative Committed Member Value Statement Recommend changing the 3rd bullet to: The ability for prescribers, dispensers, and other medication management providers (e.g. pharmacists, care coordinators, behavioral health team members) to access prescription drug data for patients at the point of care to make informed decisions to reduce prescription drug misuse and overdose. The reason to add "and other medication management providers (e.g. pharmacists, care coordinators, behavioral health team members). Providers that are not prescribing and dispensing should have access this information to make informed decisions to reduce prescription drug misuse prior to the prescribing and dispensing. Accepted with modification - the description has been made more broad but within legal authorization Edits Rhonda May OneHealthPortCommitted Member Challenge Statement In additions to the lack of exchange between EHRs and PDMPs, there is also a lack of exchange between pharmacy systems and PDMPS. Accepted with Modchanged EHR systems to include Health IT systems Edits

10. Comments from wiki: General Robert May II IJIS Institute Other Interested Party General Comment I believe the Charter is about right in the issues, challenges and risks it outlines and strongly support the purpose and goals. Persuasive Ben LoyPDX, Inc.Committe d Member Challenge Statement I agree with the Challenge Statement to the extent presented. However, this statement does not recognize work that has already been provided by others in the industry to address the need of making the PDMP information collected by the state-run programs available to additional stakeholders in the broader healthcare environment. Specifically, the National Association of Boards of Pharmacy (NABP) has sponsored the PMP InterConnect initiative that currently provides access to the PDMP data collected by 21 of the state-run programs. This initiative uses state-of-the-art network and industry methods for providing this access that may provide a guide for the members. Additionally, ASAP has published an interface document that incorporates state-of-the-art network and industry methods that could also provide a guide for the resolution to the Challenge Statement. Not persuasiveAs part of the Use Case development we will need to look at the work others have done. Additionally the winter concert series is a great way for those who are using HUBs to demonstrate what is being done. Catherine Graeff Sonora Advisory Group Other Interested Party General Comment Looks good to me

11. Comments from wiki: Glossary/Terms Maria Friedman Brookside Consulting Group Committed Member Scope Statement Suggested addition: Improving timely and convenient access to PDMP data by health care providers and pharmacists Accepted with Mod Health Care Providers to cover (pharmacists, prescribers, delegated authorities etc.) - this will be defined in the glossary Maria Friedman Brookside Consulting Group Committed Member StakeholdersI'm wondering if health care organizations is too broad a statement for providers. To me, health care organizations has a feel of managed care, which is not the intent. We want to cover authorized prescribers (don't forget the PAs and nurses) in the range of ambulatory, inpatient, LTC and community health/mental health sites of care. Accepted with Mod added more details/examples to refine "health care organizations" Rhonda May OneHealth Port Committed Member Scope Statement Need to find a terms that describes EHRs and Pharmacy systems and define it and use it consistently through the documentation as discussed in the meeting 11/26. Accepted with Mod

12. Comments from wiki: Goals Lynne Gilbertson NCPDPCommitted Member Purpose and Goals Suggested clarifications to item 2 and 5. 1.Identify existing stakeholders and methodologies for accessing PDMP data. 2.Identify, evaluate, and harmonize the data format(s) sent between EHRs/HIEs/pharmacy systems and PDMPs. 3.Evaluate and select transport protocol(s) systems support. 4.Evaluate and select security protocol(s) systems support. 5.Map selected health IT standards to standards already in use for PDMP-to-PDMP interstate exchange. - Is in scope what (if anything) the PDMPs are sharing between themselves? Unclear. Or is this the ability for EHRs/HIEs/pharmacy systems to query PDMPs in another state? If yes, suggest to clarify 2 that it is in state and out of state. Accepted with Mod removed bullet 5 for reference

13. Comments from wiki: Risks… Maria Friedman Brookside Consultin g Group Committe d Member Potential Risks I think the first bullet should be relabeled as privacy and security. There are a host of privacy concerns as well as security issues that are risks. AcceptedAdded the label "Privacy and Security" Eric HilmanMA EOHHS HIE Other Interested Party Scope Statement Suggest that you include as in scope "discussion of the legal and policy (privacy mainly) implications" and "recommendation of legal (privacy) policies to support the envisioned technology" One might imagine that some approaches that the group elects to support would require regulatory approval and my suggestion is to make that clear at the outset so that the PMP groups in the various states can decide whether to seek such approval and can have guidance as to exactly what the regulatory requirements are to implement any given technical capability Accepted with Modification Identified this as a risk: It is possible that some approaches presented in the Use Case may require state regulatory approval or modification

14. Comments from wiki: Risks Rhonda May OneHealt hPort Committe d Member Purpose and Goals I wonder whether one of the goals should be to minimize the development efforts required for systems vendors to accommodate the standards chosen. The number of EHR and Pharmacy system vendors is quite large, relative to the number of PDMP vendors. If this does become a goal, one value would be that there would likely be a quicker path to adoption. Accepted with ModWe have added $ as a risk When we get to standards selection we can keep this s as one of the criteria when selecting standards (harmonization phase) Lynne Gilberts on NCPDPCommitte d Member Potential Risks A potential risk is Incomplete information. This might occur because of different factors. 1) PDMP data that is reported may be available in a less than real-time basis which may compromise the most accurate information the provider system needs. 2) PDMP data may be accessible on a state by state basis. Provider systems may have to check several surrounding states with multiple queries. Accepted with modHow dated the information is out of the control of our work. --Included a risk titled "Incomplete information" It is a consideration the providers may have based on the time of query but our focus is on the query PDMP to PDMP is out of scope

15. Comments from wiki: Scope… Charlie Oltman TargetCommitted Member Value Statement Suggest changing last value statement to: The ability for prescribers and dispensers to access prescription drug data real-time at the point of care to make informed clinical decisions to reduce prescription drug misuse and overdose Accepted with modification the "real time" issue is out of scope and is somewhat loaded - maybe we could say the prescriber can access it at the point of care Rhonda May OneHealt hPort Committed Member Scope Statement Also, the goal should not be "connecting" PDMPs and health IT systems...the goal should be the exchange of information between them. Accepted with Mod Rhonda May OneHealt hPort Committed Member Scope Statement Need to make the reporting of Rx dispenses to the PDMPs out of scope, based on my understanding of the discussion at the meeting 11/26. Accepted with mod Rhonda May OneHealt hPort Committed Member Scope Statement In the State of WA implementation, the second phase of the PMP work planned is to have a query from a provider go to the "in state" PDMP on a patient with information in more than one state PDMP. The inter-state PDMP query and response exchange occur between the PDMP vendors and then the "in-state" PDMP vendor would send the response information back to the querying party. I am not entirely certain that PDMP - PDMP exchanges should be out of scope for this workgroup, and in fact it may limit the efficacy of the process and the ability to achieve the goals particularly along state borders where patients cross state lines. Not persuasive

16. Comments from wiki: Scope… Rhonda May OneHealth Port Committed Member Value Statement The value statement needs to specifically call out something about integration of PDMP data into the provider/pharmacist normal workflow without requiring them to leave what they are doing to log into a different system or move to a different computer, etc.. Not persuasiveOut of Scope- While we agree this is ideal we cannot mandate vendors incorporate it into their systems - this project focuses on using existing standards to query the PDMP - where this is done is not part of our scope Lynne Gilbertson NCPDPCommitted Member Scope Statement Suggest the scope help with the actual flow. Clarifications below: To allow system integrations that arms providers with PDMP data as part of their normal clinical workflow by: Connecting health IT systems (e.g., EHRs, HIEs, pharmacy systems) to PDMPs using existing standards; If standards do not exist, establishing standards for facilitating information exchange between health care providers and PDMPs to improve timely and convenient access to PDMP data by health care providers. Accepted with Mod Identify gaps in selected standards and work with standards organizations to fill in those gaps

17. Comments from wiki: Scope… Lynne Gilbertson NCPDPCommitt ed Member Scope Statement Out of scope - suggest this bullet be discussed more. Defining method for how the PDMP is contacted or initiated by provider (e.g., hyperlink while ordering, pressing a button, automatic trigger, etc..); It does not seem out of scope to include the query (request) from the prescriber or pharmacy system to verify real-time against the PDMP database. It is out of scope that we would define hyperlink or pressing a button; agreed. However how the PDMP is initiated by provider is in scope (it is the query/request). Or am I misunderstanding the intent of the project? AcceptedWe have included verbiage to discuss the difference between triggering event and the actual query. The actual transaction is in scope but how it is initiated or triggered is out of scope Tia Johnson DORA, CO Board of Pharmacy, PDMP Other Intereste d Party Purpose and Goals I think that there should be some consideration / discussion in the Purpose and Goals Section which identifies if PDMP data is integrated into a health IT system, is it then saved within that Health IT System, and so once that integration occurs, does the PDMP data then become part of a medical record affiliated with that Health IT system? I am wondering if integration of data changes ownership of that data. Not persuasiveThe integration will be left up to the healthIT system - during standards selection we should consider the ability of the standard selected to allow for integration. This is a consideration for system requirements when we get into developing the Use Case

18. Comments from wiki: Scope Danna DrozNational Association of Boards of Pharmacy Committed Member General Comment The purpose of this project is to identify standards to facilitate the delivery of prescription information from the PMPs to health care providers (prescribers and dispensers). Extraneous discussions such as how the state PMPs operate, how data is delivered TO the state PMP, how frequently the data is update, etc.. are out of scope, as noted in the charter. These discussions take time and focus away from the very specific task with specific goals and outcomes. PersuasiveWe will continue to point to the out of scope statement as the group forms and works toward the S&I goals and deliverables Douglas BlairPAST, Inc. Other Interested Party Scope Statement Shouldn't the second bullet refer to "health IT systems," just like the first bullet, rather than "health care providers?" Accepted

19. Comments from wiki: Stakeholders… Bill LockwoodASAPCommitted Member Potential Standards for Consideration I also take issue with the fact that the PDMPs represented on the calls are not actively solicited for their opinions. Decisions made by this initiative directly impact these state-run programs. Therefore, the initiative leader has the responsibility, in my opinion, for asking what they think by polling them. So far many of the opinions that have been voiced are from pharmacy folks on the calls who have had no involvement with PDMPs over the years. I feel this has to be balanced out with input, as mentioned above, from PDMPs represented on the call. In a similar vein, in scrolling through the committed members I see companies that have had no involvement with prescription drug monitoring programs, yet can weigh in with a vote. This doesnt seem appropriate to me. And there are far too many involved. Under Consideration This is an open initiative and everyone is allowed to join. We will monitor the engagement of all stakeholders to ensure to the extent possible there is as much broad participation as possible. We realize this was an issue with the previous PDMP work and are committed to making this more inclusive this go around.

20. Comments from wiki: Stakeholders… Carl Flansbaum NM PMPCommitted Member General Comment I just want to second Bill Lockwood's comment. With well over 100 people on these calls with many members who do not seem to understand the specifics of how PMPs operate, it's frustrating to see how this initiative is exploding well beyond PDMP - Health IT System integration. I highly suggest those of us who are PMP Directors/Administrators (and the PMP hubs and PMP vendors) be more actively integrated into this process and we very quickly put anything beyond this narrow PDMP - Health IT System interchange out of scope. Under Consideration This is an open initiative and everyone is allowed to join. We will monitor the engagement of all stakeholders to ensure to the extent possible there is as much broad participation as possible. We realize this was an issue with the previous PDMP work and are committed to making this more inclusive this go around. Douglas Blair PAST, Inc. Other Interested PartyStakeholders I had suggested "Private Health IT companies" as a stakeholder on Tuesday. I am not referring to EHR/EMR companies, but rather third-party providers who utilize PDMP data. This is what my own company is, and we both interested in and affected by the outcome of this initiative. Accepted

21. Comments from wiki: Stakeholders Danna Droz National Association of Boards of Pharmacy Committed Member General Comment I am concerned about the amount of time available for comments, especially from the prescription monitoring program representatives. As we go forward, I'd like to see a concerted effort to include them in the discussions. Since these programs are operated by state governments, they are constrained in many ways that are not shared by private companies. In the last S&I Framework project with which I was involved, the prescription monitoring programs seemed to be dismissed as unimportant because "there are only 50 of them and there are hundreds of us". I hope this does not happen again. This supports previous comments by Bill Lockwood and Carl Flansbaum. Under Consideration This is an open initiative and everyone is allowed to join. We will monitor the engagement of all stakeholders to ensure to the extent possible there is as much broad participation as possible. We realize this was an issue with the previous PDMP work and are committed to making this more inclusive this go around.

22. Comments from wiki: Standards… Bill Lockwood ASAPCommitted Member Potential Standards for Consideration I take issue with the inclusion of the NCPDP Telecommunications Standard, which is used for billing claims, and the ASAP V4.2 PDMP reporting standard, which is used by every PDMP in the country, under the Potential Standards for Consideration. These have nothing to do with the Purpose and Goals of this initiative and to quote from this section: The purpose of this initiative is to bring together the PDMP and health IT communities to standardize the data format and transport and security protocols to exchange patient controlled substance history information between PDMPs and health IT systems (i.e., EHRs/HIEs/pharmacy systems). The purpose as defined has nothing to do with reporting from pharmacies, doctor dispensers, and veterinarians to PDMPs. The purpose is to bring into the workflow a more efficient means of accessing PDMP data on a person of interest. Therefore, I ask that these be deleted. The same holds true for the ASAP Zero Report standard. This standard is being used by pharmacies and others to report when no controlled substances were dispensed during a states reporting period. It has nothing to do with provider queries of a PDMP database. Not persuasiveThese are potential standards and there is a chance during harmonization that these standards will fall off the list during harmonization. It is better to start broad and narrow the scope once we have a use case in place as the use case will drive the harmonization of standards

23. Comments from wiki: Standards… Ralph OrrVA PMPOther Interested Party Potential Standards for Consideration Consider adding "REST" (maybe known as Restful) under Transport and Security Methods AcceptedAlready listed as a standard Lynne Gilbertson NCPDPCommitted Member Potential Standards for Consideration NCPDP SCRIPT Standard is more than the transport - it is the transactions used in electronic prescribing including new prescriptions, changes to new prescriptions, renewal requests/responses, medication history, prior authorization transactions, fill status notifications, and other transactions. Accepted John OddenC4UHCommitted Member Potential Standards for Consideration Typically, a PDMP Report is rendered as ISO 32000-1:2008 Portable Document Format. Some pharmacy boards issue electronic PDMP Reports in an extended format - PDF/Healthcare, a balloted best practice of AIIM and ASTM PersuasiveAdded these to the standards list (content standards)

24. Comments from wiki: Standards Michele Davidson WalgreensCommitted Member Potential Standards for Consideration I know it was discussed on the call, but the NCPDP Telecommunication Standard needs to be included under Other since we are looking at keeping this within the workflow of both prescribers and dispensers. Pharmacy systems use the NCPDP Telecommunication Standard as the standard to set up their pharmacy system and incorporating PDMP into this standard would enable pharmacists to see alerts within the prescription filling process. AcceptedAdded to potential standard s Thomas Bizzaro FDB (First Databank, Inc.) Committed Member Potential Standards for Consideration If the goal is truly an integrated delivery of content to the PDMP the NCPDP Telecommunications standard should be included for consideration. The data elements required by the PDMPs from pharmacies will be found within this standard or should be added if necessary. Accepted

25. Comments from wiki: Standards Michele Davidson WalgreensCommitted Member Potential Standards for Consideration I know it was discussed on the call, but the NCPDP Telecommunication Standard needs to be included under Other since we are looking at keeping this within the workflow of both prescribers and dispensers. Pharmacy systems use the NCPDP Telecommunication Standard as the standard to set up their pharmacy system and incorporating PDMP into this standard would enable pharmacists to see alerts within the prescription filling process. AcceptedAdded to potential standard s Thomas Bizzaro FDB (First Databank, Inc.) Committed Member Potential Standards for Consideration If the goal is truly an integrated delivery of content to the PDMP the NCPDP Telecommunications standard should be included for consideration. The data elements required by the PDMPs from pharmacies will be found within this standard or should be added if necessary. Accepted

26. Comments from wiki: Typos TyOneHealth Port Committed Member Purpose and Goals Typo..."though" was used when the correct word is "through" Accepted with mod Rhonda May OneHealth Port Committed Member Scope Statement typo - should read that "arm"...not that "arms".Accepted with modWe are focusing on the communications between PDMP and HealthIT system

27. Comments from wiki: Privacy/Security… Adrian Gropper Patient Privacy Rights Committe d Member General Comment I would add to the charter: PDMP is, by design, an involuntary citizen surveillance mechanism. PDMP with EHR interfaces must adhere to Fair Information Practice including data minimization, access minimization and transparency. Patient encounters that do not specifically involve controlled substances must not be impacted at all. See line 49 (Deb Peel) Deborah C. Peel, MD Patient Privacy Rights Other Interested Party General Comment There should be major modifications to all sections of the document: Proposed Project Charter: First the charter should note that PDMPs are law enforcement data bases, never intended to help patients and their physicians. This irony that this highly sensitive information is widely available to numerous state and federal government agencies and law enforcement, with thousands of employees authorized to access this very data and no oversight. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party General Comments Users' requests for data should also be subject to FIPs. Users should be required to request the minimum data for a specific purpose and states should be able to add more patient privacy protections if they choose to (such as Oregon has done), since the Omnibus Privacy Rule made it clear that states can write laws that prevail over the HIPAA "floor" of data protections. FIPs see: http://epic.org/privacy/consumer/code_fair_info.html

28. Comments from wiki: Privacy/Security… Deborah C. Peel, MD Patient Privacy Rights Other Interested Party General Comments Please eliminate the word "providers" and replace it with the licensed professionals who are treating the patients. Use the words "physicians and other health professionals licensed to treat patients" instead. Providers is a broad and misleading term that includes insurers and hospitals- -institutions who do not actually treat patients or write prescriptions. Similarly, eliminate the word "prescribers' and use "physicians and other health professionals licensed to prescribe medications". Deborah C. Peel, MD Patient Privacy Rights Other Interested Party General Comments The charter should openly support the goals of requiring accountability and transparency from PDMPs so the public, whose data is collected, used, and disclosed in hidden ways can monitor the accuracy and use of this extremely sensitive personal information. The public should have "FIPs rights" to know and correct their data, have methods of recourse, etc.. And the Charter should openly support that all users of the data base be held accountable to those whose data they see via automatic electronic Accounting for Disclosures of all uses of their data in PDMPs.

29. Comments from wiki: Privacy/Security… Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Challenge Statement Please add: there is another way to ensure interoperability that this group should ALSO strongly endorse: patients should be able to obtain automated BB+ electronic copies of their prescriptions records from pharmacies for their own use and to disclose to physicians themselves. This again is critical for patient safety and ensures transparency and accountability. Today's' PDMPs provide no accountability or transparency. There is also no meaningful oversight or external auditing of the data bases. This groups should also recommend/support meaningful external oversight and auditing of data security and privacy. But above all patients must have the tools to audit and check things themselves, no one has a stronger interest in the accuracy or misuse of the data. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Purpose and Goals Before state-to-state interchange of data is mapped. the means of state to patient interchange should take place-- that is the way the data can be used by those who need it for treatment! Those who need this data for treatment do not have it.It's critical that this project support and recommend getting this prescription data back into the patient's hands and back into the patient-physician relationship.

30. Comments from wiki: Privacy/Security… Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Scope Statement PDMP data should also be automatically available electronically to patients via BB+ and Direct secure email exchange. Again: intermediaries are not needed for data exchange as patients have the only clear rights to move PHI without any need for DURSA's etc.. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Out of Scope The needs of patients to be able to delegate access to their own data in PDMPs should be in scope. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Value Statement There is no value in this statement for patients whose data this is! The outcome should include specification of interfaces so patients can get automated electronic copies of their prescriptions in PDMPs and exchange it themselves with their physicians or other licensed health professionals who treat them. There is NO NEED for access to this data base by dispensers. Surely that is an obvious law enforcement step. Dispensers are NOT the problem, the problems lie elsewhere (lack of access to effective treatment, treating health professionals and patients not having access to data for treatment, etc., etc.). Law enforcement intends to shut down pharmacies that they decide dispense too many controlled substances. Yet the problem is licensed health professionals prescribe these drugs for patients--the problems in that relationship are NOT addressed by allowing dispensers to deny prescriptions to patients. Dispensers are not at "the point of care" at all, they are not involved in care--nor do they have any legal authority to make treatment decisions or override decisions made by physicians and other health professionals licensed to prescribe controlled medications.

31. Comments from wiki: Privacy/Security… Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Potential Standards for Consideration These should include tools/standards for patients as detailed about to enable BB+ downloads of PDMP data via Direct secure email and to download Accounting for all Disclosures of PDMP data (names of users and purpose)--unless restricted by a court for investigation of crimes, etc.. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Potential Risks Unintended access and patient mismatch can be best addressed by making PDMPs accountable and transparent to patients. Who cares more about those tow risks than the person whose data is at risk? There are huge risks that PDMPs will be subject to 'mission creep'---where all sorts of people will think of ways they could use that data. The data should only be used with informed, meaningful patient consent UNLESS a patient has been found to be breaking the law. Everyone else's data should not be accessible without court orders. Deborah C. Peel, MD Patient Privacy Rights Other Interested Party StakeholdersAgain, please change the vague and misleading terms as detailed above. The problem is that by naming all these groups as stakeholders, they appear to be designated as legitimate users/collectors/disclosers/sellers of this incredibly sensitive personal information. But they are NOT legitimate or legal users of this sensitive data that patients have strong rights to control and to prevent others from seeing and using. The only actual stakeholders are the patients and physicians (or other licensed health professionals). Those are the two parties involved in treatment. The rest should be called third parties or technology transport systems; some of which have clear legal rights or duties re:controlled substances data, but most don't.

32. Comments from wiki: Privacy/Security… Deborah C. Peel, MD Patient Privacy Rights Other Interested Party StakeholdersExactly what data security and privacy protection laws do PDMPs fall under? It appears that they fall under HIPAA, which means that stronger state and federal laws, Constitutional rights to health information privacy, etc. apply. The only real 'stakeholders are patients and their designated representatives and the licensed health professionals they seek treatment from. As an expert psychiatrist, I have been following this issue for 37+ years in my practice. When sensitive prescription records are tracked by law enforcement, it decreases access to the medications: physicians are hesitant to prescribe and patients do NOT want to be spied on by law enforcement for their diseases, diagnosed and treated by licensed health professionals The ONLY people who should LOSE their rights to the privacy of records of their controlled substances prescriptions are those convicted of crimes. These data bases used the way this project intends violates the rights of everyone who takes a controlled substance. These people are all innocent of a crime until proven guilty. When law abiding citizens are openly surveilled simply because they take a medicine, this has an incredibly chilling effect on patients who genuinely NEED these very effective, worthwhile medications.

33. Comments from wiki: Privacy/Security Deborah C. Peel, MD Patient Privacy Rights Other Interested Party Stakeholderscorrect it, or to have redress from harms. http://www.nytimes.com/2013/12/01/sunday-review/who-is- watching-the-watch-lists.html?partner=rss&emc=rss&_r=0 This group has an important opportunity to stop and think about the bigger picture, not just to technically connect PDMPs to EHRs. This group could be a force for fixing this terrible mess which violates the privacy of very sensitive information. BTW, since when has law enforcement stopped the War on Drugs? Its about getting data, its not about not more policing/action to stop drug diversion and drug crimes, it certainly is not more treatment for addicts (treatment works very well BTW), and it destroys the privacy of millions of people who have committed NO CRIMES. This is another expansion of the War on Drugs and part of the IT industry's push to sell technology for everything (whether it really helps or not). Today as many as 1/3 Americans have "chronic pain"----do we really think 1/3 of Americans are criminals? The larger causes of this epidemic need to be identified before they can be fixed. PDMPs are not a solution, to the problem of drug abuse and drug related crimes. They should provide data ONLY to law enforcement with warrants and to patients, whose data it is. They are a source of information, but should NOT be accessible to health professionals without patients' informed consent. This data should certainly NOT be collected and disclosed or sold by EHR/EMR vendors, state HIEs/HIOs, health orgs, standards orgs, or payers (unless insurers paid for the prescriptions).

34. End to End Charter Review 1.Review the Final Project Charter – http://wiki.siframework.org/PDMP +%26+Health+IT+Integration+Chart er+and+Members http://wiki.siframework.org/PDMP +%26+Health+IT+Integration+Chart er+and+Members 2.Fill out the comment form 1.wiki.siframework.org/PDMP+%26+ Health+IT+Integration+Charter+an d+Members#Commentwiki.siframework.org/PDMP+%26+ Health+IT+Integration+Charter+an d+Members#Comment – All fields are required 3.Submit your comments 4.A Message is displayed verifying your comment was submitted 5.Once you receive the message your comment has been submitted you will be able to view your comment 34 5 5

35. Next Steps Provide final comments on PDMP & Health IT Integration Charter Attend weekly PDMP & Health IT All Hands Meetings taking place every Tuesday from 12:00-1:00 PM EDT – Next Meeting December 17 th, 2013 Visit PDMP & Health IT Integration Wiki page – All Announcements, Meeting Schedules, Agendas, Minutes, Reference Materials, Project Charter and General Data Access Framework information will be posted on the PDMP & Health IT Wiki page located at: http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+H omepage http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+H omepage 35 NOTE: Please be sure to check the PDMP & Health IT Integration wiki homepage for the most up-to-date meeting information

36. Proposed Community Call Schedule 36 DateMeeting Topics Dec. 10 th, 2013 Review end to end comments Begin Consensus process Dec. 17 th, 2013 Review End-to-End Comment Review Discuss Consensus process Fall Concert Series – Target Dec. 24th, 2013 Meeting Canceled – Consensus will be announced Dec. 31 st, 2013 Review Consensus comments Achieve Consensus on Project charter

37. Initiative Support Leads For questions, please feel free to contact your support leads: – Initiative Coordinator: Johnathan Coleman jc@securityrs.comjc@securityrs.com – ONC Leads: Mera Choi mera.choi@hhs.govmera.choi@hhs.gov Jennifer Frazier Jennifer.Frazier@hhs.govJennifer.Frazier@hhs.gov Scott Weinstein Scott.Weinstein@hhs.govScott.Weinstein@hhs.gov – SAMHSA Leads Jinhee Lee Jinhee.Lee@samhsa.hhs.govJinhee.Lee@samhsa.hhs.gov Kate Tipping Kate.Tipping@samhsa.hhs.govKate.Tipping@samhsa.hhs.gov – Support Team: Project Management: – Jamie Parker jamie.parker@esacinc.comjamie.parker@esacinc.com – Ali Khan Ali.Khan@esacinc.com (Support)Ali.Khan@esacinc.com Use Case Development: – Presha Patel presha.patel@accenture.compresha.patel@accenture.com – Ahsin Azim Ahsin.Azim@accenture.com (Support)Ahsin.Azim@accenture.com Vocabulary and Terminology Subject Matter Expert: – Mark Roche mrochemd@gmail.commrochemd@gmail.com 37

38. Questions 38

39. PDMP & Health IT Integration Resources Initiative Wiki Homepage – http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Home page http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Home page Become a Community Member – http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Join+t he+Initiative http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Join+t he+Initiative Project Charter – http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Charte r+and+Members http://wiki.siframework.org/PDMP+%26+Health+IT+Integration+Charte r+and+Members Standards and Interoperability(S&I) Framework – http://wiki.siframework.org/Introduction+and+Overview http://wiki.siframework.org/Introduction+and+Overview S & I Calendar of Events – http://wiki.siframework.org/Calendar http://wiki.siframework.org/Calendar 39