Interview with Dr David Kibbe about Continuity of Care Record

Dr. Kibbe is well known and highly respected as an innovator and independent thought leader in the fields of primary care EHR technology and consumer health IT in the United States. A co-developer of the ASTM Continuity of Care Record standard, or CCR, that utilizes XML for computable health information exchange, he is an experienced clinician who practiced medicine in private and academic settings for more than 15 years. Dr. Kibbe has taught informatics at the School of Public Health, University of North Carolina at Chapel Hill, and founded two health care IT companies. From 2002 until 2006, Dr. Kibbe was the founding Director of the Center for Health Information Technology for the American Academy of Family Physicians (AAFP), the membership organization that represents over 95,000 U.S. family doctors. The Center is now the locus of the AAFP’s technical expertise, advocacy, research and member services associated with health IT, and a leading international resource on information and communications technology for physicians in primary care.

Kibbe maintains his relationship on a part time basis with the AAFP as Senior Advisor, is an active blogger on health IT policy, and provides strategic, policy, and IT consulting to a wide variety of firms and institutions. He is a frequent speaker on health IT trends and innovations, especially on the topics of patient engagement and physician-patient information sharing.

Listen to interview or download MP3

Read full transcript

Dr. Mohammad Al-Ubaydli: Welcome to the Patients Know Best Podcast. My name is Mohammad, and I have Dr. David Kibbe on the line with me.

David, it’s a pleasure to speak to you again.

Dr. David Kibbe: Pleasure to speak to you Mohammad.

Dr. Mohammad Al-Ubaydli: David, I was reminded of all the work you did today, because I was watching the discussions about the CCR and the CDA data formats. Give us a little background about your work and then we will dive straight into the data format and what it means for healthcare.

Dr. David Kibbe: Sure. Well, I am very much an accidental expert on health IT standards. I am a family physician by training, and had started a couple of health IT companies in 1990s and in the 2000s. And then worked for four years for the American Academy of Family Physicians in the United States, which is the group that represents about 95,000 physicians and residents in this country, about 65,000 active family physicians in practice. And headed up a division of the American Academy of Family Physicians called the Center for Health IT.

Part of the work we did there was to get involved with the Continuity of Care Record standard early on, as an effort to promote interoperability among electronic health record applications that were gradually gaining some popularity among our membership.

So I was one of the folks that helped to conceptualize the Continuity of Care Record standard, work on the XML, and help the industry understand why this was an important effort.

Dr. Mohammad Al-Ubaydli: And just to add to that, I know from talking to lots of people how important the work that you have done is on the CCR, and how much teaching and evangelizing you have been doing.

So let’s do the basics here. What is the Continuity of Care Record standard?

Dr. David Kibbe: Well, the Continuity of Care Record standard is a XML schema that is primarily involved in content transfer.

In other words, when we started this work in 2003, although there were a number of standards out there for the transport electronically of different kinds of information, laboratory data, for example, or payment information; there really was no standard that encapsulated the relevant information about a person. Things like the demographics problem list, medications, pharmacy medication list, allergies, immunizations, and so forth. There was no real, sort of, patient centered data summary standard.

So the first thing that we did was try to decide upon the data content itself. And the group that worked on this were physicians and nurses, and some patients themselves. The idea being, if you were to show up in an emergency room or at a doctor’s office, but you didn’t know, and they didn’t know you, what information would be really important to transfer at that particular time?

And believe it or not, this was before the whole idea of personal health records; that term didn’t even exist. So this was a fairly novel idea.

And then the second thing was to use Extensible Markup Language, XML, which is really the lingua franca of the Internet, which has been used in a lot of different industries; banking and financial services, but not in healthcare. And to use that as the vehicle for the human and machine readability of this transport standard.

Dr. Mohammad Al-Ubaydli: I remember when you started explaining to me it was that the Continuity of Care Record was supposed to be the digital equivalent of the referral letter. That it really married the existing clinical workflow of sharing information, that’s being brought to the digital realm.

Am I right about that use case? I know there’s a lot more that people can do with a CCR than just referrals.

Dr. David Kibbe: Well, I think that’s partly right. The difference between the CCR standard and a referral letter, say a Word document or a PDF document, is that the CCR is almost all structured data. And structured data is, generally speaking, computable data. In other words, it can be transferred from one person to another person, but it can also be transferred from one computer to another computer.


So the CCR is really not a document in the sense that a discharged summary or a referral letter is a document. It’s a set of data, and its purpose was, from the very beginning, to allow both machine readability and human readability of the content of the file that was created, the XML file that would be created according to the XML schema of the CCR.

Dr. Mohammad Al-Ubaydli: You mentioned the schema. The other thing that stuck me about the CCR is that structured data is actually almost — it’s actually readable by human beings. So although it’s designed to really work well with a computer, unlike other data standards in healthcare, it’s quite readable.

Could you tell me, sort of, if I were to look in a document how to — what’s the structure, how do I interpret it myself?

Dr. David Kibbe: Well, this is an interesting point of the standard itself, it’s a little bit arcane, but Adam Bosworth, who was formerly with Google and Microsoft, and now with Keas, was commenting on this the other day, is that, one of the things about Extensible Markup Language is that the code itself, while not formatted in paragraphs and so forth, is pretty human readable.

It looks a lot like what you would get if you were to look at the source code of an HTML page that you are viewing on the web, and you would see chunks of description, and a place for text and so forth.

But at the same time that instruction set, the Extensible Markup Language, allows computers to know that, oh, this is a diagnosis, and this is the code associated with the diagnosis, and this is the coding system associated with that diagnosis, and then to do computation upon that information as well.

So XML is a — there is a good reason that XML is the lingua franca of the Internet. It’s kind of the basis for the banking documents, exchange of information.

I think we were in a place where the timing was right to introduce this same technology into healthcare, not without some struggle and conflict.

Dr. Mohammad Al-Ubaydli: Okay. So you mentioned the struggle and the conflict. One of the other standards that’s available is the CCD or the CDA, and the nice thing about standards is that there are so many to choose from. So why is the CCR, or how is it different, and how is it better than the other alternatives?

Dr. David Kibbe: Well, I guess the first thing to say is that, there wouldn’t be any alternatives unless there hadn’t been the CCR in 2003, because this was really a new standard. The idea that health information should be patient or consumer centered and available to people, and then transferable at the will or authorization of the individual person, that was a completely new idea.

The folks over at HL7, which is another standards development organization; its much larger than ASTM, which is the organization that manages and develops the CCR standard, sort of immediately decided that this was also a good idea. They wanted to essentially take over the Continuity of Care Record standard from the group that had started it.

To make a long story short, what happened was the folks at HL7 developed a separate standard, which is officially known as the CDA/CCD. That stands for Clinical Document Architecture and Continuity of Care Document, which utilizes the CCR’s structure, if you will, in XML, or at least part of it.

But it’s really a very different standard. It has its uses in primarily large enterprises in America, those that are aligned with or have been using HL7’s complete set of standards for a long period of time.


The big difference between the CCR and the CDA/CCD is the level of complexity. CCR is actually a fairly straightforward, simple standard. It’s written in broad industry standard, computer industry standard, XML. It’s not really referential to any other standards. And in that sense it differs from the CDA/CCD, which is referential to the quite complicated set of standards around HL7, including not only the CDA, but the RIM, which is their data model, in basis of everything HL7.

So there has been, sort of, a competition between these two groups of people; somewhat symbolic in nature, over the past three or four years, but the reality is, is these are very different standards and they have different purposes and uses.

I think they are probably both valid and necessary in today’s environment of data exchange in healthcare, where this is a pretty new phenomenon. Moving data between institutions in healthcare is, at least in the United States, is a new thing. And the CCR is very good at that.

The CDA/CCD, I think, is probably much better at moving documents, many different kinds of documents inside institutions, inside enterprises.

Dr. Mohammad Al-Ubaydli: That’s interesting. So again, just to recap, Google is using the CCR, as is Microsoft, for their PHR platforms, but Microsoft also accepts CDA/CCD documents, is that correct, for HealthVault?

Dr. David Kibbe: Well, yes. There is an interesting differentiation between Google Health and Microsoft HealthVault, both of which are platforms for personal health record information about a person.

I think Google took; and this is very characteristic of Google, the sort of sparse information model, and they said, we are not interested in everything about a person, lots of documents and radiographs and images and so forth, what we are really interested in is a small subset of information about a person that can be computable, and which may then be useful in a web services world.

So Adam Bosworth, who was the Vice President of Google at the time, in-charge of Google Health, chose the CCR because it met those needs.

Microsoft HealthVault on the other hand, I think, has taken a — although they do use the CCR and support the CCR standard, they have taken a broader, sort of, mission, which is, we will accept any kind of information about a person, whether it’s a scanned document or a structured dataset in CCR format, or a PDF document, and we will worry about organizing that information later.

Dr. Mohammad Al-Ubaydli: I know that you teach a lot of institutions as they begin adopting the CCR. What do you advice someone who is beginning to use the CCR and applying it to the data they have about patients?

Dr. David Kibbe: Well, the interesting thing is, is that, there are developers in companies coming from outside healthcare into the healthcare world in America all the time now. It’s very interesting to me that in Britain there

has been a lot of at least press about the National Health Services using Google Health or Microsoft HealthVault as the sort of inexpensive, secure way of creating personal health records for people.

Over here what we have is a little different. We have Google and Microsoft among a number of companies that have sort of entered the healthcare world from the Internet and from the World Wide Web. And their developers are not very conversant with healthcare as an industry.


So when they think about moving information from one place to another, when they think about web services that will take information and provide advice or look for drug-drug interactions, or provide information to a patient about new medications that might be of interest to them, all sorts of things, they come from a world that was XML, and Extensible Markup Language technology writ large is pretty familiar to them. What’s not familiar to them are the conventions of, sort of, inside baseball and healthcare.

So there has been a lot of adoption of the CCR standard, partly because it’s just so simple, and people have said over and over again to me, we don’t understand healthcare very well, we are not sure what this information means, but we understand how to encode it using the CCR standards. Whereas I think the learning curve for the CDA/CCD is very, very steep for non-healthcare informaticians, and probably even for them it’s a pretty significant learning curve.

Dr. Mohammad Al-Ubaydli: Just as you mentioned Google and Microsoft, I have been speaking to people from the Conservative party, who are the ones who are quoted saying that they would use Google or Microsoft in the National Health Service. And none of them can find the person who said that. They kind of said that they would have personal health record and there will be a private market at that patient’s choice.

But then someone from the press said, oh, you mean Microsoft and Google, and then everyone began quoting the press person, and they can’t seem to control that story anymore.

But the irony is that both Google and Microsoft are not actually available in the UK, and I think not in the European Union at large, as a PHR platform. If you come from a European IP address, you are not able to access those websites.

Dr. David Kibbe: Well, it’s just fascinating the way these things go back and forth between our cousin cultures.

Here in the United States we are contemplating something called the National Health Information Network, which has been conceived of as a network of networks based on Regional Health Information Organizations, or so called RHIOs, which are generally speaking very expensive database management systems that are controlled generally by coalitions of hospitals in different parts of the country.

The idea being that if you can create a large scale RHIO in Cincinnati, that gets five or six different hospitals and doctors’ groups to contribute data to a single database, creates a private network that allows physicians and nurses who are authorized to access that information. Eventually they will sort of connect one another.

But what’s now competing with that is this idea of health Internet, and it’s actually happening. That is, more and more healthcare organizations are establishing personal health record accounts. For example, CVS MinuteClinic and CVS Pharmacy, for example. And allowing the patients to access that information, and then move it over the Internet, using fairly standard conventions for privacy and security to Google Health or to Microsoft or Dossia or to whomever they want to move it. And then move it from there to their doctors, or from there to some other relative or service.

So we are starting to see in this country — and the interesting thing is that people are sometimes using the supposed experience of the National Health Service in having spent billions of dollars on a personal health record system that didn’t work or doesn’t work, at least this is the mythology. This is the conventionalism.

And now turning it to Google and Microsoft, we are sort of anticipating not making this mistake that the Brits made.


And I think that’s really hilarious, but probably good. When it washes out, we may end up with not having to reinvent AOL and Prodigy and all those private networks.

Dr. Mohammad Al-Ubaydli: I will mention though that in that list of Google, Microsoft pages include Patients Know Best. My prediction is that —

Dr. David Kibbe: Yes, indeed. Let’s include that.

Dr. Mohammad Al-Ubaydli: Let’s make sure we are on there. This podcast is brought you by — so if you —

Dr. David Kibbe: Well, indeed. Okay, let’s go back there, because the difference is that your data are controlled by provider organizations and the RHIOs that are there sort of regional systems, you really don’t have control as an individual or a person or citizen or patient or where that information. But if I have control over this, I can send it to Patients Know Best. I can decide that that’s where I want my information to be stored and that’s where I want my information to be available for download in the same way that I control where my banking information goes.

Dr. Mohammad Al-Ubaydli: Exactly! In terms of my perspective, what we are asking is for healthcare provider to just give the patient a copy of that data and store it on PKB. But we think that at a certain point, enough clinicians would have given copies of their data to the same patient that the person with the most complete medical record about the patient is not the patient. So the clinicians as a matter of safety will now have to let the patients’ controlled record rather than relying on their internal system that this is an easier way of achieving a safe medicine than trying to build a big national infrastructure from the top-down.

Dr. David Kibbe: Well, we are exactly at this point in the United States as we speak. As a matter of fact, by the end of December, we will have regulations, meaning laws that prescribe particular standards and particular protocols for EHR technologies to use that will either encourage the role of the consumer as the keeper of his/her health information and the person that’s able to access this or discourage it. So we are all, kind of, on edge over here with respect to how this is going to work out.

Dr. Mohammad Al-Ubaydli: I think it’s going to work out. I think the time is right; all we need to do is get it done right. So let’s get back to the CCR. When you begin teaching people to use the CCR and the institutions, what did you learn from watching them?

Dr. David Kibbe: That’s a good question. What we have learned is that many organizations in United States don’t know where their data are located. If you think about it, the Continuity of Care Record standard helps organizations create a single file about a particular person that says my doctors are these people and the conditions that I have are these and the medications I take and how I take those medications are these and so on.

What we have found is that in the case of both large and small organizations, they often don’t know where those data are and they often find that those data are very difficult to locate by provider or department. There is enormous inter-operator variability in where physicians store or groups of physicians store information such as smoking history or a colon cancer screening test.

This makes it very difficult for the established vendors with any reliability to go back to their customers and say, we can get these data out for you and put it into a standardized format that can then be sent to Medicare or Blue Cross Blue Shield or whoever it is who is going to do pay for performance.


So I think one of the sort of surprising things, we did a course on the Continuity of Care Records standard, one of the most prestigious organizations in United States, and the problem that they identified was that their allergy information was about 90% in unstructured format in dictated documents.

So, for them to access that allergy information on any particular patient meant that some human being had to go and read a document and then type that information into a database that would then be accessible to technology like XML for export to some place else.

I think that’s a real problem we have over here, is that we’ve had a culture of Health IT in which doctors can put the data wherever they sort of like. As a matter of fact, some of the major vendors over here have become popular and have sold a lot of their technology in part because they really haven’t enforced any requirements about where particular informational content is collected and therefore made available for structured abstract.

Dr. Mohammad Al-Ubaydli: That’s interesting.

Dr. David Kibbe: It’s getting a little bit into the weeds, but it’s a very big problem.

Dr. Mohammad Al-Ubaydli: What I was going to say, what did the institution do? Did they ask the patients and do they structure the information for them or did they just throw their hands up? What’s going after that?

Dr. David Kibbe: Well, in this particular case, they decided to associate with Microsoft HealthVault rather than Google, because Microsoft HealthVault was really disabled. That’s okay. Just send us your PDF, we will take it, whereas Google says, well, if you want us to accept a list of allergies, it has to come in a structured way, because we don’t have any people who are reading those documents and that aren’t going to retype this data.

This is a very fundamental split, if you will, or division within the Health Information Technology culture of the United States. What’s happening is under meaningful use and David Blumenthal’s regime at the Office of the National Coordinator is that they are sort of regrouping and they are saying, there are certain data elements about every patient that a doctor sees and particularly about a patient with high blood pressure or diabetes, for example, that ought to be structured. This is a new thing, but I think it’s a good thing.

Dr. Mohammad Al-Ubaydli: Interesting. When people begin to use their CCR, what do they worry about that they shouldn’t worry about?

Dr. David Kibbe: Well, the biggest issue over here I think, perhaps it’s global issue, it’s privacy and security. It’s sort of interesting to me to observe that some of the people who put privacy and security as a barrier to innovation, as a reason not to innovate are among those whose security and privacy has been mostly suspected.

Hospital systems in this country, for example, have been awful in terms of their loss of data, people being able to access information in hospital systems, and yet these are the folks that worry the most about Google and Microsoft keeping people’s privacy. So we have a sort of tension in this country where we are worried about privacy and security, but we are not necessarily always talking about the same thing.


Dr. Mohammad Al-Ubaydli: Okay, and tell us the flip side, which is what people don’t worry about, but they actually ought to be worrying about.

Dr. David Kibbe: Well, they ought to worry about whether the data about them is accurate. I think one of the reasons why there has been so much hesitancy and resistance to data liquidity meaning the ability of you or me as a person to get our data from Partner’ Health Plan or from Beth Israel Deaconess Hospital system is that those institutions are not sure that they really want those data elements to be provided to the patient, because information is power.

If I have information about myself and what was done to me or recommended to me by an institution or by a provider organization, then I have access to other opinions and perhaps evidence-based guidelines that might indicate that, hey, that wasn’t the right thing to do or there were alternatives that I was not apprised of.

So I think people need to worry a lot more about whether their information in hospitals and doctor’s offices is accurate and up-to-date and comprehensive. That’s I think a coming worry.

As Americans have to pay more for their healthcare, they are getting better at this. They are starting to understand that this information is really, really important in determining the decisions that are made about their health and they are beginning to have less trust, not so much about privacy and security, but whether or not what was done to them and the information that was gathered about them is accurate.

Dr. Mohammad Al-Ubaydli: Interesting! I always say that security is about two things; it’s both about preventing inappropriate access, but it’s also about ensuring appropriate access and that beyond a certain amount of complexity of your health, you need to know everything about your care, and you need everyone on your team to also know about your care and if the information is incomplete, then that’s dangerous medicine.

It’s no longer something you can ignore, but I find that actually most people if you ask them, would you like to have a look at your records, they say, no, why would I want to?

If you ask, do you think you have to look after your health, you think you have to look at your bank records, look at your credit information, they understand all those things, but they haven’t met the need yet to actually look in my health record information is really important. And I am wondering how much of a change there is around that.

Dr. David Kibbe: Well, I think, it’s happening. I think it’s happening slowly but surely for the individual person to look at his or her medical records. When the medical records are kept in an incomprehensible mishmash of Latin, French, Greek, and Arabic, that encodes, not to mention, code systems that are numerical.

That’s one thing and I think people are smart, and they know that a lot of health information is sort of encoded in this mysterious language that doctors use.

I think when people can look at their health information in terms that they understand and are helped to make decisions that involve translating that information into common layperson’s English or whatever the language is that they use, then that’s a different story.

So part of this is a translational issue and as primary care physician — you share with me this, but this is part of our DNA. I mean we’ve been translating to this, the results of a complicated test, but people are smart. They are learning, I mean think about it. The pregnancy tests that women can now purchase for themselves in the pharmacies are sort of green or red.


I mean it’s either positive or negative. I think we are beginning to move all health information into the sort of red, yellow, green kind of schema, which makes it easier for people to understand when they have a risk, that’s not eminent but needs to be dealt with, when something is really kind of impending and when, in fact, they don’t change their behavior or they do something quickly, they are going to get into big trouble.

There are companies in the United States, and I am sure in the United Kingdom as well, who are in the business of translating this information into something that people can understand and act on.

That’s part of this whole story because you can’t do that very well if you can’t get access to the information. Computers are very good at taking very complicated information and translating it into terms that non-experts can understand. But they can’t do that unless they can get at the information the first time.

In this country, we have something like 37 states that prohibit the individual from getting his or her laboratory results from the laboratory company.

Dr. Mohammad Al-Ubaydli: I mean we supported Health Data Rights campaign to amend legislation around that and I think — I mean does it look like that’s going to pass that the federal legislation will allow the patients to get the test results directly?

Dr. David Kibbe: Well, this came up at the Health Information Technology Standards Implementation workgroup meeting two weeks ago, and it’s at least being brought up as a major issue.

Why isn’t that I as a patient can’t get my laboratory results directly, but it has to go to the doctor first? Now they maybe granted. There are situations in which this sort of paternalism is in my best interest, but I would argue that 80% of the time getting the information directly to the person in a timely manner is the right thing to do.

Again, that’s something that’s being debated hotly in the United States right now. The good news about the CCR and the CDA, CCD, and the sort of argument about information standards is really not about the technology. It’s about the information and who gets to see it and who gets to control it.

I would say one of the very positive things about David Blumenthal and his leadership at ONC, and about the Obama administration in general over the last year is that we have seen the dialogue, the conversation about these issues mature rapidly, so that we are now talking about much more important things than we were a year before.

Dr. Mohammad Al-Ubaydli: Okay. This has been really interesting. Is there anything else that I should have asked you about? I hate to miss out more of your opinions?

Dr. David Kibbe: Well, no. I mean I am glad to talk anything with you, Mohammad, about anything of interest. I can’t think of — we are hitting some of the hot spots here.

I mean I think that one of the things that people don’t recognize in this country quite yet is that we are entering in a phase of regulatory control by the federal government of Health Information Technology.

It’s certainly not at the level of the FDA, control in medical devices, pharmaceuticals at this point. But over the next year, there will be federal laws that specify the criteria for certification.

This has now been introduced in a way that is kind of irrevocable at least for the next period of time. It’s as though that sort of the telecom industry environment is now permeating Health IT and I think that’s going to make major changes occur; some of them unpredictable, some of them good, some of them probably not so good.

Dr. Mohammad Al-Ubaydli: Well, I am calling you and recording this call using the Skype. So if we can get the same kind of disruptive innovation in healthcare as we got in telecoms industry then, Amen! Look forward to it.

Dr. David Kibbe: Yes, I will look forward to it.

Dr. Mohammad Al-Ubaydli: David, thank you so much for your time. It’s been real pleasure talking to you.

Dr. David Kibbe: Yeah, pleasure talking with you, Mohammad.

Total Duration: 40 Minutes

Full transcription provided by Tech-Synergy

One Response

  1. Excellent discussion with one of the principal architects of the CCR. Tom Sullivan
    and Rick Peters are the two other key prinicipals, but the key element of
    incompatibilty between CCR and CDA was mentioned, but brief. The key element
    of XML use and data elements, DTDs, Schemas and other technical aspects of
    the CCR and CDA were not specified. It would be very informative to have Dr
    Kibbe clarify the specific use of XML that prevents the CCD from being the CCR
    with CDA compatibility..

Leave a Reply to Chris Bickford MD Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: