[Senate Hearing 105-688]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 105-688


 
                    THE YEAR 2000 COMPUTER PROBLEM:
                WILL THE HEALTH CARE INDUSTRY BE READY?

=======================================================================

                                HEARING

                               before the

                        SPECIAL COMMITTEE ON THE
                      YEAR 2000 TECHNOLOGY PROBLEM
                          UNITED STATES SENATE

                       ONE HUNDRED FIFTH CONGRESS

                             SECOND SESSION

                                   on

WHERE THE HEALTH CARE INDUSTRY STANDS IN RELATION TO MEETING  THE  YEAR 
     2000 AWARENESS,  ASSESSMENT,  VALIDATION,  AND IMPLEMENTATION 
                               DEADLINES

                               __________

                             JULY 23, 1998

                               __________

                  Printed for the use of the Committee


                               


 Available via the World Wide Web: http://www.access.gpo.gov/congress/senate

                     U.S. GOVERNMENT PRINTING OFFICE
 50-139 CC                  WASHINGTON : 1998

_______________________________________________________________________
 For sale by the Superintendent of Documents, U.S. Government Printing Office
                          Washington, DC 20402



                        SPECIAL COMMITTEE ON THE
                      YEAR 2000 TECHNOLOGY PROBLEM

         [Created by S. Res. 208, 105th Cong., 2d Sess. (1998)]

                   ROBERT F. BENNETT, Utah, Chairman
JON KYL, Arizona                     CHRISTOPHER J. DODD, Connecticut,
GORDON SMITH, Oregon                   Vice Chairman
SUSAN M. COLLINS, Maine              JEFF BINGAMAN, New Mexico
TED STEVENS, Alaska, Ex Officio      DANIEL PATRICK MOYNIHAN, New York
                                     ROBERT C. BYRD, West Virginia, Ex 
                                         Officio
                    Robert Cresanti, Staff Director
            Andrew Lowenthal, Acting Minority Staff Director

                                  (ii)


                            C O N T E N T S

                                 ------                                

                     STATEMENT BY COMMITTEE MEMBERS

Hon. Robert F. Bennett, a U.S. Senator from Utah, Chairman, 
  Special Committee on the Year 2000 Technology Problem..........     1
Hon. Christopher J. Dodd, a U.S. Senator from Connecticut, Vice 
  Chairman, Special Committee on the Year 2000 Technology Problem     4

                              PRESENTATION

Andrew Lowenthal, staff, Special Committee on the Year 2000 
  Technology Problem, Washington, DC.............................     4

                    CHRONOLOGICAL ORDER OF WITNESSES

Daniel S. Nutkis, chairman, Odin Group...........................     6
Kenneth W. Kizer, M.D., Under Secretary of Veterans Health, 
  Department of Veterans Affairs.................................     9
Kevin L. Thurm, Deputy Secretary, Department of Health and Human 
  Services.......................................................    17
Michael A. Friedman, M.D., Acting Commissioner, Food and Drug 
  Administration, Department of Health and Human Services........    19
Nancy-Ann Min DeParle, Administrator, Health Care Financing 
  Administration, Department of Health and Human Services........    20
Jennifer Jackson, general counsel and vice president, Clinical 
  Services, Connecticut Hospital Association, representing the 
  American Hospital Association..................................    31
Donald J. Palmisano, M.D., member of the board of trustees, 
  American Medical Association...................................    33
Ramin Mojdeh, Ph.D., director, research and development, Guidant 
  Corp., representing the Health Industry Manufacturing 
  Association....................................................    36
Gil R. Glover, director of Year 2000 Projects and Planning, 
  Bluecross Blueshield Association...............................    39
Joel M. Ackerman, executive director, Rx 2000 Solutions Institute    41

              ALPHABETICAL LISTING AND MATERIAL SUBMITTED

Ackerman, Joel M.:
    Statement....................................................    41
    Prepared statement...........................................    53
Bennett, Hon. Robert F.:
    Opening statement............................................     1
    Prepared statement...........................................    60
    Generic listing of potential date sensitive equipment........    61
DeParle Min, Nancy-Ann:
    Statement....................................................    20
    Prepared statement...........................................    63
    Responses to questions submitted by Chairman Bennett.........    68
    Responses to questions submitted by Senator Collins..........    70
Dodd, Hon. Christopher J.:
    Opening statement............................................     4
    Prepared statement...........................................    71
Friedman, Michael A.:
    Statement....................................................    19
    Prepared statement...........................................    72
    Letter to Hon. Christopher Dodd..............................    76
    Responses to questions submitted by Chairman Bennett.........    79
Glover, Gil R.:
    Statement....................................................    39
    Prepared statement...........................................    81
    Responses to questions submitted by Chairman Bennett.........    84
Jackson, Jennifer:
    Statement....................................................    31
    Prepared statement...........................................    85
    Responses to questions submitted by Chairman Bennett.........    88
    Responses to questions submitted by Senator Collins..........    90
Kizer, Kenneth W.:
    Statement....................................................     9
    Prepared statement...........................................    90
    List of medical devices......................................    98
Kyl, Hon. Jon: Prepared statement................................   101
Lowenthal, Andrew: Presentation..................................     4
Mojdeh, Ramin:
    Statement....................................................    36
    Prepared statement...........................................   101
    Responses to questions submitted by Chairman Bennett.........   105
Nutkis, Daniel S.:
    Statement....................................................     6
    Prepared statement...........................................   109
Palmisano, Donald J.:
    Statement....................................................    33
    Prepared statement...........................................   114
Thurm, Kevin L.:
    Statement....................................................    17
    Prepared statement...........................................   119
    Responses to questions submitted by Chairman Bennett.........   125

              ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD

Statement of the Medical Device Manufacturers Association........   134


THE YEAR 2000 COMPUTER PROBLEM: WILL THE HEALTH CARE INDUSTRY BE READY?

                              ----------                              


                        THURSDAY, JULY 23, 1998

                               U.S. Senate,
                 Special Committee on the Year 2000
                                        Technology Problem,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 9:55 a.m., in 
room SD-192, Dirksen Senate Office Building, Hon. Robert F. 
Bennett (chairman of the committee), presiding.
    Present: Senators Bennett, Smith, and Dodd.

  OPENING STATEMENT OF HON. ROBERT F. BENNETT, A U.S. SENATOR 
    FROM UTAH, CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000 
                       TECHNOLOGY PROBLEM

    Chairman Bennett. The committee will come to order. I 
apologize to the witnesses and other visitors for the delay. 
Occasionally, the work of the Senate gets in the way of the 
work of the Senate. I expect we will have other members of the 
committee here shortly, but in the interest of starting the 
hearing, we will begin. There is a vote going on on the Senate 
floor right now, which is why other Senators have not been 
here, and I want to--well, I will wait until Senator Dodd 
arrives to express the committee's gratitude to him for his 
leadership in getting us focused on the health care issues.
    We welcome you to the fourth hearing of the Special 
Committee on the Year 2000 Technology Problem. To date, we have 
held hearings on the energy utilities and financial services 
industries, and we plan hearings, as those of you who follow 
this issue know, on telecommunications, transportation, general 
government services and general business.
    Let me begin today's hearing by saying that health care is 
America's largest single industry, generating $1.5 trillion 
annually, more than one-seventh of our economy. More 
importantly, the quality of life of virtually every American 
family is directly impacted if this industry is not ready in 
time for the next millennium.
    Unfortunately, I have troubling news today. Clearly, the 
health care industry is not ready for the Year 2000. If 
tonight, when the clock struck midnight, the calendar flipped 
to December 31, 1999, large portions of the health care system 
would fail. There are some 6,000 American hospitals, 800,000 
doctors and 50,000 nursing homes, as well as hundreds of 
biomedical equipment manufacturers and suppliers of blood, 
pharmaceuticals, linens, bandages, et cetera, along with 
insurance payers and others that are not yet prepared.
    Today, we want to present a balanced picture of where the 
health care industry stands in relation to meeting the Year 
2000 awareness, assessment, validation and implementation 
deadlines. The committee has been unable to find a central 
repository of this kind of information, so I look forward to 
the contributions of each of today's witnesses, out of which we 
hope will come some kind of consensus.
    Since World War II, the United States has undergone one 
cultural change after another but probably none as profound as 
the one occurring in the health care industry. The very name 
health care industry is in sharp contrast to the solo-
practicing doctors which dominated medicine when my father was 
a member of the U.S. Senate. So, before we get into discussing 
the potential effects of Y2K on health care, I think a quick 
view of the changing times in medicine is in order.
    Not too many years ago, when you made an appointment to see 
your doctor, he would greet you at his office, inquire about 
your family and ask the purpose of the visit. When you told 
him, he would probably take your blood pressure, test your 
lungs and heart with a stethoscope, ask a few more questions, 
look at your medical record folder and prescribe treatment. 
There is no Y2K in that picture.
    Today, when you enter a doctor's office, outpatient clinic, 
hospital or HMO, you first encounter medical electronics as you 
submit your insurance or Medicare card to the admission clerk. 
The data in your card is entered into a desktop computer that 
is linked to Medicare or insurance eligibility files, 
maintained on a mainframe computer in some distant city. The 
same computer will bill the insurance company and you as a co-
payer.
    Electronic complexity continues at every step, starting 
with computerized medical records. Virtually every diagnostic 
and therapy machine is powered by one or more microprocessors. 
If a patient requires hospitalization, his physician 
electronically schedules a time-specific hospital admission 
date as a preparatory step as well as the medical orders. The 
hospital computer will generate a letter telling the patient 
the medically-necessary tests that will be needed, and every 
test uses one or more date-sensitive microprocessors which 
automatically feed your biological results into the hospital's 
computer-based clinical data system.
    This same computer schedules the time, surgical suite 
location and staffing levels for your operation as well as a 
list of essential medical needs for the surgery. Throughout the 
operation, the patient will be connected to life-saving 
machines: monitors, ventilators, anesthesia control and 
infusion pumps that are all, again, microprocessor operated. 
High technology follows the patient into the intensive care 
unit to help ensure full recovery. Finally, the patient is 
wheeled into a ward and begins receiving food from a computer-
generated dietetics menu. The only thing that has not changed 
since my father's day is the taste of that hospital food. 
[Laughter.]
    In addition, electronic data interchange, EDI, is used for 
most of the business transactions of the medical institutions. 
These include patient billing and payment systems which are 
interconnected, so that a failure at one can reverberate 
throughout the entire system. Based on what you will be hearing 
from various witnesses today, there is trouble in River City 
and most of the rest of the nation, because the health care 
industry is lagging behind other industries in making crucial 
Y2K fixes.
    The Gartner Group says that over 90 percent of the 
individual physician practices are not yet aware of their Y2K 
problems, and two of our witnesses have equally alarming data 
that they will share with us. Finally, if the insurance and 
Medicare eligibility process cannot function, doctors' offices 
and hospital admission processes would default to paper. That 
sounds easy, but the daily output is nearly 4 million Medicare 
claims and approximately 27 million pages of medical records. 
That is an awful lot of paper. Health care paperwork could back 
up like traffic on an interstate highway after a bad accident, 
and this could immediately affect a patient's access to quality 
health care.
    Concurrently, the nation's 1.6 million providers would have 
monumental cash flow problems without electronic payment from 
insurers and Medicare, which accounts for nearly 50 percent of 
health care payments, almost $1 billion a day. The problem is 
exacerbated by the lack of a national fix-it program by the 
health care industry. I try not to be too harsh, but I find it 
hard to understand why the manufacturers of biomedical devices, 
represented by the Health Industry Manufacturers Association, 
have not provided a central clearinghouse for the data that 
only they possess.
    The complexity of biomedical products causes me to take the 
unusual step of publicly requesting that the health care 
industry help solve the Y2K problem which they helped create. 
We will hear from them today.
    Again I had hoped that Senator Dodd could be here for his 
opening statement, but I understand that he is tied up on the 
floor. The vote is still on. So, we will go to Senator Dodd and 
other members of the committee as they arrive.
    We will begin with Andrew Lowenthal and a staff 
presentation of the complexities of the health care industry 
and how they are susceptible to the Year 2000 problem. Mr. 
Lowenthal is Senator Dodd's assistant and has been directly 
connected with this right from the beginning. Mr. Dan Nutkis, 
president of the Odin Group, which is a consulting group to 
major companies in the medical industry will describe the 
extensive electronic interrelationships that exist in today's 
health care environment. Then, Dr. Kenneth Kiser, the Under 
Secretary for Veterans Affairs, who is responsible for the 170-
hospital VA Hospital System and an outstanding emergency room 
physician in his own right, will demonstrate the impact of Y2K 
on biomedical devices.
    Mr. Lowenthal, thank you for your willingness to be the 
spokesperson for the staff, and let me thank the entire staff. 
This has been an extraordinary experience for me, to see how 
quickly this staff has come together, operating under difficult 
physical conditions down in the basement of this building, to 
do an outstanding job pulling all of this information. Mr. 
Lowenthal is the representative of that extraordinary group.

STATEMENT OF ANDREW LOWENTHAL, STAFF, SPECIAL COMMITTEE ON THE 
          YEAR 2000 TECHNOLOGY PROBLEM, WASHINGTON, DC

    Mr. Lowenthal. Thank you very much, Chairman Bennett, and 
as you said, I work on the special committee for Vice-Chairman 
Dodd, and I am here representing the staff, and I particularly 
think it is important to note the contributions of Robert 
Cresanti, John Stephenson, and Frank Reilley in putting this 
together. I am here on all of their behalfs, but they did 
outstanding work, and the success of their presentation is 
really much more theirs than mine.
    The staff was asked to put together an overview of the 
points in the health care delivery system in which there are 
Year 2000 implications from the point at which a patient 
presents themselves through diagnosis and treatment. In order 
to facilitate this and provide the Senators and the committee 
with the best possible presentation, two representatives were 
selected: Daniel Nutkis, president of the Odin Group will 
provide the committee with a broad overview from his vantage 
point as head of an organization whose members include 
hospitals, other health care providers, insurance companies, 
pharmaceutical manufacturers and distributors, and then, Dr. 
Kiser, who is the Under Secretary for Veterans Health at the 
Department of Veterans Affairs will present an overview that 
will focus a little bit more on the particular implications for 
hospitals and specifically focusing on medical devices and 
diagnostic equipment.
    Thank you very much, Mr. Chairman.
    Chairman Bennett. Mr. Nutkis, we appreciate your being 
here.
    Mr. Nutkis. Senator Bennett, Senator Dodd.
    Chairman Bennett. Senator Dodd, do you want to make an 
opening statement before we get into the panel?
    Vice Chairman Dodd. Yes, if you do not mind, just for a 
minute or so.
    Chairman Bennett. I said nice things about you before you 
came.
    Vice Chairman Dodd. And I was outside the door listening.
    Chairman Bennett. They were all deserved. Senator Dodd is 
the one who insisted that we focus early and specifically on 
the health care industry. If it had not been for that 
insistence, we probably would be getting around to this later 
than we are in our schedule. I acknowledge that and acknowledge 
that he was absolutely right in his priorities.

 OPENING STATEMENT OF HON. CHRISTOPHER J. DODD, A U.S. SENATOR 
FROM CONNECTICUT, VICE CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 
                    2000 TECHNOLOGY PROBLEM

    Vice Chairman Dodd. Mr. Chairman, I thank you, and I thank 
you immensely for this early hearing on such an important 
subject, and there are other subjects that we will no doubt 
review, but as we have both come to appreciate, the health care 
industry clearly falls into the category of mission critical, 
and as we both discovered earlier this week in a visit to a 
local hospital, in fact my sense of urgency about it was 
heightened even further by some of the things that we heard at 
a very fine hospital here in the Greater Washington area.
    So, I am deeply appreciative of the effort here this 
morning. There is no sense, I suppose, in trying to beat around 
the bush. The question that many Americans are asking today, as 
they begin to focus on this issue, is are people going to die 
as a result of the Year 2000 complications in the medical 
industry. My answer is I do not think so at all. We may have 
some problems, but I hope that these problems will be of a 
limited scope. My goal however, is to heighten awareness and 
increase prepuration not to create panic.
    But it is entirely possible--it is entirely possible, in my 
view, that the millennium conversion could put the health care 
industry in intensive care as a result of this problem. The 
industry faces significant Year 2000 challenges which could 
result in significant disruptions across the country. And as I 
said regarding the utility industry, we are no longer talking 
about whether there will be any disruptions. We are talking 
about how severe those disruptions are going to be.
    While I am very hesitant to say that these disruptions will 
be life-threatening, there is a reasonable chance that they 
will compromise the quality of extended patient care in all 
parts of the country. My concerns are based upon three factors, 
very briefly, which I want to touch on here in this opening set 
of remarks. First, there are serious Year 2000 problems in many 
medical devices, from diagnostic tools to dialysis machines, 
and I am deeply disturbed by the fact that instead of taking 
steps to deal with the problem, the medical device industry as 
a whole seems to be exacerbating the problem by refusing to 
provide information to either the Food and Drug Administration, 
which regulates the device safety, or even to the hospitals and 
clinics which use their devices every day.
    And just as an aside, Mr. Chairman, we went through the FDA 
reform legislation, and I was very active on that issue in the 
Labor and Human Resources Committee, and we have significant 
medical device companies in my State of Connecticut of which we 
are very, very proud; they have done some very innovative work. 
But I am deeply concerned about this issue, and for those in 
the audience who may be listening who are from this industry, 
this is unacceptable, and any industry that comes looking for 
protection on liability, in my view, who is lacking in 
responsiveness as the medical device industry is, at this 
point--do not look to this Senator for any support. You want 
support on liability issues; you better get going on this issue 
of being responsive to these inquiries, and right now.
    So, it is very, very serious. We have 500 days left; no 
time to be fooling around in responding to questionnaires when 
they come from the FDA and other sources. It is stunningly 
short-sighted, in my view, and can only cause harm to both the 
makers and the users of these devices.
    A secondary concern is that the Medicare system, which 
processes nearly a billion claims a year and provides nearly a 
billion dollars a day will not be ready. If there are any 
disruptions in the Medicare system, and I should also include 
state-run Medicaid programs in this area, many health care 
providers, some of whom depend on Medicare payments for as much 
as 40 percent of their operating budgets, will not be able to 
operate.
    And last, I am concerned about rural hospitals and 
municipal hospitals or other institutions that are strapped for 
resources. As I mentioned, the chairman and I saw a hospital 
the other day in the area which is a fine, fine institution and 
really first class and really working very aggressively to deal 
with their issues. Unfortunately, many hospitals do not have 
the kind of resources that this facility does, and I am worried 
about institutions in our rural areas or inner cities and urban 
areas that do not have the resources that some of the more 
affluent ones do.
    So, again, I think this is a very timely hearing. I am very 
grateful to the chairman for placing it as high in the agenda 
as he has, and we are very interested in hearing what our 
witnesses have to say. We are not going to get all of the 
answers we want this morning, but I think we are beginning an 
important discussion of what we can do at a governmental level 
and how we can encourage and support the private sector in a 
sense of cooperation on this issue to see to it that we 
minimize the problems on January 1, 2000, that could occur in 
the health-related industries.
    Thank you, Mr. Chairman.
    Chairman Bennett. Thank you very much.
    Mr. Nutkis.

      STATEMENT OF DANIEL S. NUTKIS, CHAIRMAN, ODIN GROUP

    Mr. Nutkis. Senator Bennett, Senator Dodd.
    Chairman Bennett. We would ask that you pay attention to 
the lights. We have got a lot of witnesses, and if you could 
hold your presentation within the time of the lights, we would 
appreciate it.
    Thank you.
    Mr. Nutkis. Earlier this year, Odin Group started a process 
of examination of Year 2000 issues in health care, not unlike 
the process that the Senate committee is going through now. Our 
members were becoming increasingly concerned about the heavy 
interdependence of a wide range of trading partners, the fact 
that small players still represent the bulk of the entities in 
today's health care system, the resource pressures that affect 
many of those players, the lack of sophistication regarding 
Year 2000 and the need to develop comprehensive contingency 
plans and to ease public concerns.
    I am not saying anyone will entirely escape disruptions 
within their own organizations no matter how well they are 
prepared, but the more trading partners you have, the greater 
the likelihood that you will feel the disruptions of other 
organizations. For these reasons, Odin Group initiated the 
Vital Signs 2000 project. Its ultimate objectives are to help 
the industry understand these possible disruptions; to 
encourage development of contingency plans by individual 
organizations and the industry at large and to ensure 
continuity of patient care.
    While many other parties and studies are focusing on one 
segment of the health care industry, Vital Signs 2000 is 
focused on the bigger picture. Let me show you one of our high-
level models that we are using to make the complexity of this 
industry more understandable and manageable. You can turn to 
the first chart attached to my testimony, the one describing 
the interaction matrix.
    Down the vertical axis, you will see that the players are 
categorized into five broad domains: customers, providers, 
suppliers, payers----
    Chairman Bennett. For the audience, the chart is over here. 
Do you want to identify which one it is?
    Mr. Nutkis. The chart to the left.
    Chairman Bennett. OK.
    Mr. Nutkis. Down the vertical axis, you will see the 
players are categorized into five broad domains: customers, 
providers, suppliers, payers, and regulatory bodies. There is 
more detail in my written testimony.
    Now, let us overlay this list of domains with a variety of 
processes that require intense interaction to deliver patient 
services. The matrix shows these processes along the horizontal 
axis, grouped into four value chains. Care delivery: this 
includes processes that the patient experiences along the 
continuum of care; customer management includes all elements of 
customer service, accounting, managing benefit plans and 
formularies; supply chain management covers the business 
processes to receive orders and fulfill orders; and provider 
management, which includes claims and reimbursement and 
internal management processes.
    The point of this interdependence model is to underscore 
how complexity drives up risk. Organizations can better handle 
failures if they are prepared for them, which is why some 
companies in this industry are spending half a billion dollars 
on Year 2000 mitigation. But a much greater problem is the 
failure you have not thought of until the beeper goes off, and 
that is assuming the beeper does go off.
    When an individual organization has a Year 2000 failure for 
which it is not prepared, it will greatly impact its trading 
partners. Those partners, unless properly prepared, will not be 
able to support the next level of trading partners. And on it 
goes, with each failure piling on top of the last and 
everything ultimately piling on the patient. Dr. Kiser is 
addressing medical devices, so let me take a different 
scenario, the case of a payer organization serving 2,000 group 
plans and 1 million employees or dependents. When the systems 
malfunction, plan sponsors start seeing inaccurate bills and 
premium notices. Payments may be lost or made for services that 
are not covered in the plan. The provider starts seeing a 
flurry of eligibility denials, claim denials and payment 
delays. The doctors may be unable to make specialist referrals.
    Meanwhile, failures in the doctor's own offices add to the 
snarls, as doctors have trouble accessing patient records, 
submitting claims and scheduling appointments. The actual time 
the doctor can spend with patients drops from 4 hours a day to 
2. Frustrated patients start wondering where else they can go 
for medical services, but health care is not as portable as it 
used to be.
    Health care organizations deal with failures every day. But 
what happens when they have to deal with more failures and 
longer-lasting failures than they ever have known before?
    By now, it is getting clear why an interdependent health 
care system requires an integrated approach to the Year 2000 
problem and why our central theme should be triage and 
contingency planning. We need to answer questions like how 
critical is each component and how well prepared; which 
failures could cause widespread disruptions; what are the 
contingency planning scenarios, including their financial, 
operational and technical implications?
    Odin Group has spent months studying the complexities and 
interrelationships I have just described and the impact on 
various failures. Now, we are undertaking a survey involving 
all parts of the health care industry to better understand 
where failures are likely to occur. Then, we will form working 
groups to conduct industry-wide contingency planning. 
Researchers, advisors and industry members will work together 
to identify, recommend and test industry plans. A final report 
will be presented to a gathering of CEO's to make sure the top 
industry leadership fully understands what must be done.
    Contingency planning must be part of a comprehensive 
approach to the Year 2000. The last chart to my testimony 
depicts what Smith Kline Beecham is doing. It is the chart to 
the right. In the center circle are the internal systems. 
Around that is a second ring representing their infrastructure. 
This includes telecommunications, lab equipment and process 
control. In the next circle are end user systems, on the 
desktops of tens of thousands of employees worldwide.
    But even if you have got all of that right, you are not 
going to make it through January 2000 unless you consider 
external relationships with customers, suppliers and anyone you 
do business with. In this particular case, the company even 
considers involvement in industry groups to be part of its Year 
2000 effort, and contingency planning is incorporated 
throughout. This chart could have come from any number of 
organizations we have studied. If these companies can do it, so 
can every player in this industry. A comprehensive Year 2000 
methodology has to include awareness of the problem, assessment 
of what is required to fix a specific device or system, 
prioritization and triage of the most critical issues, 
remediation, which may include the repairing, replacing or 
retiring of the system, testing, which should also include 
critical trading partners and contingency planning.
    What can this committee do to help? The health care 
industry, like most others, is greatly concerned with issues of 
liability concerning Year 2000 comprehensive efforts. It 
encompasses antitrust issues but also has to do with whether a 
company creates new liabilities for itself by sharing 
information which later proves to be wrong or even damaging. 
President Clinton's proposal for a Good Samaritan law to cover 
such situations is right on track. Odin Group members would be 
pleased to work with their Senators and this committee to make 
sure the provisions of such a law are appropriate for and 
helpful to the health care industry.
    I would also ask this committee to be watchful for 
regulatory initiatives that add complexity and drain resources 
from Year 2000 efforts. Every additional Year 2000 failure has 
the potential to make the situation exponentially worse, and 
every major new regulatory requirement adds to the complexity 
of information systems work being done over the next 17 months. 
Odin Group's approach is to leverage the strengths of the 
leaders who are preparing well for the Year 2000 to make sure 
that everyone in the health care industry prepares as best they 
can.
    Through Vital Signs 2000, we are producing specific 
recommendations regarding contingency planning, including 
operational and financial implications, industry-wide 
preparedness, and testing. The Government cannot do this job 
for industry but can raise awareness.
    Mr. Chairman, I would like to officially invite you and 
your esteemed colleagues on this committee to attend the Vital 
Signs 2000 CEO conference to hear the results firsthand. There 
are no excuses for any player in this industry not having a 
good plan, and there are no excuses for industry not having a 
contingency plan that reaches across the entire expanse of 
health care in America.
    I wish to thank you for the opportunity to testify on this 
matter and hope my testimony contributes in some small way to 
helping the health care system.
    [The prepared statement of Mr. Nutkis can be found in the 
appendix.]
    Chairman Bennett. Thank you. What is the date of your 
invitation?
    Mr. Nutkis. October 27.
    Vice Chairman Dodd. Good timing. [Laughter.]
    Chairman Bennett. The only thing more important than Y2K is 
the reelection of the vice-chairman and the chairman of this 
committee. [Laughter.]
    We may both be involved on that date.
    Vice Chairman Dodd. Teleconference us in.
    Chairman Bennett. Yes.
    Dr. Kiser.

    STATEMENT OF KENNETH W. KIZER, M.D., UNDER SECRETARY OF 
        VETERANS HEALTH, DEPARTMENT OF VETERANS AFFAIRS

    Dr. Kizer. Good morning, Mr. Chairman and members of the 
committee. I appreciate the opportunity to brief you on health 
care issues posed by the Year 2000 compliance problems. My oral 
comments will be directed towards biomedical equipment and 
medical devices based, in part, on the experience of the 
Veterans health care system to date.
    I have included in my written testimony much more detail 
about many of the other things the VA is doing in this regard, 
and I would ask that that be included in the record.
    Chairman Bennett. Without objection.
    Dr. Kizer. Technology has been responsible for so many of 
the advances and wonders of modern health care, and so, it is 
somewhat ironic that this same technology may now present 
hazards to patient care when the 21st century begins. I know 
that the committee is familiar with the genesis and the 
background of the Y2K problem, so I am not going to spend any 
time going into that. Suffice it to say that the essence of the 
problem from the biomedical technology point of view is the 
fact that when the Year 2000 is entered as 00, systems and 
devices may not recognize this entry as a correct year, and 
thus, programs may fail. They may not perform as designed. They 
may reject legitimate entries, or they may yield erroneous 
results.
    There are thousands of medical devices which may be 
affected by one or more of these problems--what I have 
collectively called the millennium bug syndrome or MBS. Any 
technology-related process that sorts by date or that requires 
a comparison by dates; any process that calculates age; or any 
other process that performs some date-related task is subject 
to the millennium bug syndrome. This includes hospital 
information management systems, building systems that control 
heating, ventilation and air conditioning, security, the 
elevators, billing and accounting, etc.
    While many of the problems that have been identified to 
date are relatively minor and can be fixed, many health care 
institutions across the country simply are not positioned to 
accomplish those repairs. More importantly at this time, 
though, is that too many health care institutions do not yet 
know whether they have a problem or how big of a problem they 
have.
    There are many aspects to this problem, as Mr. Nutkis and 
the chairman have noted already, and as other witnesses will 
discuss this morning that I am not going to talk about.
    Let me turn my comments to biomedical equipment and 
specifically to some of our experience with this at the 
Department of Veterans Affairs. As you know, the Veterans 
Health Administration in the Department of Veterans Affairs 
operates the largest fully-integrated health care system in the 
United States. We have a wide range of electronic information 
systems, biomedical equipment, facility management systems and 
other computer-based system products that are vital to support 
services at our over 1,100 sites of care. This includes 171 
hospitals, which includes the array from very complex tertiary 
and quaternary care facilities to small, rural hospitals. On 
average, we estimate that each of these facilities have 7,000 
to 8,000 devices per facility. When you add onto that the more 
than 600 clinics and outpatient sites we have, the 131 nursing 
homes, and the array of other facilities, I think it begins to 
paint a picture of how many devices we have and how large this 
could be for a system of our size. The inventory of devices 
runs the gamut from very general things like suction machines 
and blood pressure cuffs to magnetic resonance imaging and 
computerized tomographic systems.
    We have been working on this problem since 1996. A number 
of aspects of this are detailed in my written testimony. 
Specifically, with regard to biomedical equipment, beginning 
early last summer, we identified about 1,600 manufacturers that 
we had purchased equipment from over the years. I think that we 
are typical of most hospitals or health care systems in that we 
have an array of devices and equipment that has been purchased 
over the last two or three decades, in addition to more recent 
years. Much of the equipment that has been produced in recent 
years is not subject to this MB's, but much of the older 
material is.
    Now, of those 1,600 manufacturers, which is out of a 
universe of about 16,000 manufacturers of medical supplies and 
devices, we have surveyed them up to four times to get 
information as to whether their devices are compliant. I can 
report to you at this time that 694 of those manufacturers have 
certified to us that their products are Y2K compliant, and 
therefore, at least, per the manufacturer's report, there 
should not be any problems with them.
    Thirty-four manufacturers that account for a total of 182 
models of equipment have reported that their devices are not 
compliant and that they are no longer supported by the 
manufacturer; these models are considered obsolete and will not 
be fixed, even though many of those things are still commonly 
used.
    Some 102 manufacturers have reported that they produce a 
total of 673 models that are currently not compliant but that 
they do intend to repair or otherwise fix the device, although 
in almost all of these cases, the manufacturer has not stated 
exactly how the device is not compliant or exactly what will be 
done to fix it.
    Likewise, the manner in which they will be providing the 
fix ranges across the board as to whether they will charge or 
not charge for it; whether they will send a technician to the 
facility; whether you have to send the device back to the 
facility. These responses are across the board.
    Fifty-three manufacturers have reported that they are still 
doing analyses on their products, and they cannot tell us if 
their products are compliant. For 201 manufacturers we have 
gotten return to sender notices, and after four attempts at 
trying to identify those manufacturers, we are assuming that we 
probably will not ever get information from them.
    Some 96 other manufacturers have either gone out of 
business or have been acquired and have presented difficulties 
in tracking them down.
    Finally, 233 manufacturers have not responded to us at all, 
despite our multiple inquiries.
    Thus, overall, we know at this time that we have 855 models 
of devices and equipment that are not Y2K compliant and that 
about 20 percent of these will not be made compliant by the 
manufacturer. And after four separate queries, we have not been 
able to get a response from about 30 percent of manufacturers. 
I think it is relevant to note that in interpreting these 
figures, you should keep in mind the size of the customer that 
VHA is and that there is a business interest on the part of the 
manufacturers to be responsive to us. Other than that, we have 
no reason to believe that our experience is not, or will not 
be, typical of that of other health care providers.
    Let me conclude these oral comments by reiterating that the 
millennium bug syndrome clearly has implications for every 
industry and many households nationwide. It is particularly 
critical for health care, since health care today is so 
dependent on the use of biomedical equipment and devices that 
rely on embedded, date-dependent information technology. We now 
know that many medical devices are not compliant, and many of 
those are not going to be made compliant. We also know that 
when the clock rolls forward to the 21st century about 526 days 
from now that about 3.8 million Americans each day will be 
receiving health care at hospitals or clinics or nursing homes. 
Many more are being treated at home. Each of these patients 
will typically have multiple different interactions, sometimes 
hundreds of interactions, per day with biomedical equipment, 
devices and information technology systems. When you consider 
the extraordinary number of interactions that that translates 
to, I think it becomes clear how large the potential for 
adverse events is, even if the problem involves only a very 
small percentage of devices or systems.
    The good part of it is that we still have time to ensure 
that no patient suffers harm as a result of the millennium bug 
syndrome if concerted and very aggressive action is taken in 
the months ahead.
    I thought it might be useful to the committee to perhaps 
demonstrate for you or show you some of the different devices 
and the types of problems they have--i.e., how this Y2K bug 
might manifest itself in an array of equipment, and let me 
just, if I can move up here.
    Chairman Bennett. Yes; we have turned off the light for the 
show and tell.
    Dr. Kizer. Show and tell, OK.
    What we have done here is try to present a number of 
different devices to demonstrate the different types of 
problems.
    This one is a defibrillator. It is a relatively simple 
problem in that the date will not print out. That is not very 
serious if everyone remembers to write the date on the pages. 
Conversely, here is another device--this is a monitor that is 
used in intensive care units to monitor heart rhythms and other 
aspects of patient care.
    The problem here is that the software is designed so that 
the alarm may not go off when the date doesn't register 
correctly. The problem, in essence, is that in the typical ICU 
setting, if someone were to develop ventricular fibrillation or 
ventricular tachycardia, you may have a matter of only seconds 
or a couple of minutes to respond to that. If you do not hear 
the alarm, you may not respond in a timely manner, and 
therefore, the patient may suffer adverse results as the result 
of the alarm not going off.
    Let me turn now to a couple of pictures. These devices are 
too large to bring into the hearing room. But the one here, a 
linear accelerator, which is used in cancer therapy where the 
dose is absolutely critical if you are going to do proper 
treatment.
    Vice Chairman Dodd. Pull that microphone, will you? Because 
we can hear you, but they cannot hear you.
    Chairman Bennett. We have an overflow room with as many 
people in it as are here. So, they are getting it 
electronically; hopefully, there is no Y2K bug between here and 
there.
    Dr. Kizer. Are you sure?
    Chairman Bennett. Yes.
    Dr. Kizer. This is considered an obsolete unit, and there 
is no intent to fix it by the manufacturer. So, here, you get 
into replacement costs.
    Another aspect, this is a picture of a sterilizer. There is 
nothing as basic to operation of a hospital as sterilization, 
and this is a time dependent process. This is an example of one 
where, despite multiple entreaties to find out its compliance 
status we cannot get a response from the manufacturer as to 
whether this is going to be compliant or not. It obviously 
creates some problems.
    Here is another one. This is an infusion pump that is used 
to supply medication to patients. The problem here is simply 
that you cannot enter a date, and we know that the date is 
needed, for example, for preventive maintenance, or if there is 
a problem, from a repair point of view. For example, 
maintaining the battery is critical. If you are infusing a drug 
to a patient, you want to make sure that the device continues 
to operate while you are treating the patient. So, preventive 
maintenance is critical. But the date will not allow you to 
know whether your preventive maintenance is on schedule or not, 
because you cannot manually enter the date into it, and the 
software is programmed so that it will not recognize the Year 
2000. So, this is a particular problem in that it may work, but 
as far as maintenance or servicing the machine, we do not know 
whether it will work from that perspective.
    Here is another example. This is an electrocardiographic 
machine where the problem is that it will not print a date. In 
interpreting EKG's, it is critical to compare readings from 
different dates. What happens in this case is every time the 
machine is turned off, and it is meant to be a portable machine 
so you can transport it around the hospital to do EKG's. 
Because every time you turn it on, you have to recalibrate the 
machine so it will print out the date, it may take 10, 15, 20 
minutes extra. The machine works OK, but it is just another 
example of how Y2K noncompliance may complicate providing care. 
Obviously, it will not function as it is intended, so, there 
are replacement costs, or you have to find some other way to 
use it.
    Another example here has to do with CT scanners and SRI 
scanners. It is interesting that 2 weeks ago, when we held a 
press conference on this subject with the American Medical 
Association, the American Hospital Association, the American 
Nurses Association, and some other entities, we noted that we 
had not been able to get information from the company. We have 
in excess of 100 of these CT scanners for about $1.3 million 
each. We have 50 or so MRI scanners from this company at about 
$1.7 million each. After multiple entreaties, we had not been 
able to get information from them. After the press conference, 
we did get a call, and interestingly, last night, we got a call 
saying that the information has now been put on the Web site. 
So, it has been perhaps--shedding some light on it may have 
been helpful in getting some information from that company, 
which is a very large company, and I would say that some of the 
other manufacturers from whom we have not gotten information 
are not necessarily small companies. There have been some very 
large manufacturers there.
    Just a couple of others. There is another defibrillator 
here.
    Vice Chairman Dodd. I would like to see that list, and I 
think we ought to put it in the record.
    Dr. Kizer. We can provide this for you.
    Vice Chairman Dodd. Good.
    [The information requested by Senator Dodd can be found in 
the appendix.]
    Dr. Kizer. Here is another defibrillator, and it is much 
the same problem. This is one in which the clock does not work 
on it, so you do not, again, have a date printed out on it. 
This is one which the manufacturer will not replace. And each 
of these cost about $10,000, so if one is going to have to 
replace all of these in a facility, and there may be 10, 20, 30 
or 40 or more of these in a facility, there is obviously a 
significant cost associated with that.
    Vice Chairman Dodd. Could you give us just a quick 
assessment of what the costs are of each of these pieces of 
equipment are that you have in front of you, just rough 
numbers?
    Dr. Kizer. Most of these would be in the several thousand 
dollar range, but there are also--for example, this pump, at 
every bed in an intensive care unit, there would be one. A 
typical large hospital might have 20 or 30 intensive care beds. 
They have backup units as well. So, while the individual price 
is significant but not like a million-dollar CT scanner, the 
numbers add up very quickly, and certainly for very small 
hospitals, this is very significant.
    Just two other things I would mention here. One of them 
that we have a photo of is the dental x-ray machine. This is, 
again, a common device. The problem here is that we tried 
repeatedly to find the manufacturer, and it took some months 
before we could find out that this company had been acquired 
and changed ownership. It illustrates the difficulty in 
tracking down the source of information. Because of the 
changes, as the chairman noted earlier, the changes going on in 
health care. There has been a lot of consolidation, and the 
manufacturer of equipment that you have may not be the one that 
is taking care of it today.
    And finally, the last piece of equipment I would mention is 
a computerized medical system radiation therapy unit that uses 
cobalt, but the calculation of the dose is dependent on the 
software. It is absolutely critical if you are not going to 
overdose the patient with radiation that date-related 
calculations are correct. The manufacturer has indicated that 
these machines should be discarded. Again, this becomes an 
issue of cost. The current replacement cost would be about 
$250,000 per machine. We have three of these in operation 
today, and there are many others around the country.
    Hopefully, this presentation of devices gives you some 
sample of the types and the nature of the various ways that 
this millennium bug syndrome may manifest itself in biomedical 
devices.
    Senator Smith. Doctor, can you tell me how are the 
manufacturers trying to absolve themselves of litigation or 
mitigate damages that can flow from the malfunction of these 
pieces of equipment? Are they writing you letters and saying 
that they are obsolete, and we have no further obligation; the 
burden is yours? What is the MO?
    Dr. Kizer. I am not sure I can speak from a real informed 
point of view as far as how one mitigates their liability. I 
would say that the response of the industry has been across the 
whole gamut. We have some manufacturers who have been totally 
responsive; they have been absolutely forthcoming, and have 
been leading the charge very proactively. Then, we have others, 
some very large manufacturers, who, despite multiple letters, 
have either not responded or have given us what we characterize 
as courtesy responses that contain no information.
    Senator Smith. Do you want to offer an opinion? What ought 
our response to be on legal liability? Should we do anything 
trying to absolve them, or should we see this as a vehicle to 
get them to change and to improve their products, update them? 
Because, I mean, it seems to me we are talking about life and 
death kinds of equipment here.
    Dr. Kizer. Well, I think as illustrated by this, the 
potential is of that magnitude. The response I have given in 
some other settings on this is that this is a completely 
preventable problem. No one should have to suffer harm as a 
result of this, and it seems to me that the best vaccine 
against liability is to be as forthcoming and to be as 
proactive as possible in providing information and providing 
that information to the users, the health care providers, 
hospitals, physician offices, others. That would be the best 
way to protect against liability in my opinion.
    Senator Smith. I agree.
    [The prepared statement of Dr. Kizer can be found in the 
appendix.]
    Chairman Bennett. Thank you.
    Senator Smith, did you have an opening statement?
    Senator Smith. No.
    Chairman Bennett. OK.
    We have put up, Doctor, a list of the kinds of devices 
after you took us through some sample examples. This is a list 
of categories of devices, and we are dependent, or thankful is 
the better word, to the people at INOVA Fairfax Hospital for 
this. That is the facility that Senator Dodd and I toured 
earlier this week, and they are very forthcoming on the impact 
of this on patient care. As we walked through the hospital, 
they would say this will not be compliant; this will not be 
compliant; this will. This is where we are.
    I was impressed--Senator Dodd, before you got there, I said 
this is great that you are focusing on patient care and your 
internal systems, but you know me; I wanted to go horizontally. 
Have you looked at the impact on people outside your hospital? 
He said Senator, down to the traffic light controlling people 
turning into our property from the freeway to make sure that 
it, too, will be Y2K compliant. This is an example of a group 
that is doing it right.
    Do you want to make any comment about that list? I know we 
are springing it on you, so, if you say it is too confusing, we 
will----
    Dr. Kizer. I think I could be more helpful if I responded 
for the record after having a chance to look at the list and 
perhaps compare it with our results. I might just add a comment 
that is partially responsive to you and to Senator Smith, that 
the issue from our perspective really is one of protecting 
patients. One of the responses we have gotten from industry is 
that they do not want to provide us with the information until 
they have provided us with a fix, a technological fix.
    And while that may sound OK to some, we do not think it is 
really adequate. It is nice to have the fix, and we want that, 
but the real issue is we need to know about the problem, so we 
can take interventions to protect patients. If we know a device 
is not going to work, then, we can fashion some sort of way to 
protect the patients ultimately and work about the 
technological fix as needed.
    Vice Chairman Dodd. It goes to the contingency planning 
issue, which----
    Dr. Kizer. Exactly.
    Vice Chairman Dodd [continuing]. Is absolutely critical. I 
mean, you mentioned before and the chairman has, and actually, 
I am very glad to hear you, Mr. Nutkis, talk about the 
contingency planning. That ought to be moving up on the 
priority list of actions that institutions, private and public, 
are taking right now in preparation for the difficulty of 
compliance as we get further, the clock moves further along. 
So, I think that is an all-important consideration.
    Dr. Kizer. And let me give you a very specific example of 
that. One of the devices, the Space Labs monitor that we talked 
about regarding the alarm, the company has indicated that it 
will provide a patch, or a fix, but it has to be ordered by 
December 15, 1998. If it is not ordered by that time, they will 
not be able to supply it. Therefore, obviously, we are going to 
have to know about it well before that date, or a facility will 
have to know about it well before that if they are going to be 
able to order it in time to get the fix.
    Chairman Bennett. One other question: this is a lot of 
money. Now, let us talk about the VA, because it is the largest 
hospital system in the country. Do you have enough money?
    Dr. Kizer. That is a loaded question.
    Chairman Bennett. I know; asking any bureaucrat that----
    Dr. Kizer. Particularly with Senator Dodd sitting next to 
you.
    Vice Chairman Dodd. The answer is no.
    Chairman Bennett. Yes, yes.
    Vice Chairman Dodd. I must say, I should tell you, and Dr. 
Kizer very graciously was in Connecticut about a week ago.
    Dr. Kizer. A week ago, yes.
    Vice Chairman Dodd. On a totally separate set of issues 
dealing with the VA in West Haven and did a very, very fine job 
meeting with the entire congressional delegation from 
Connecticut, which is a rarity, to get an entire delegation 
together on an issue, but the doctor was very forthcoming and 
went through and explained some of the difficulties, and it is 
a financial issue we were talking about in terms of the various 
nets of veterans' hospitals.
    But I would be remiss in his presence here if I did not 
thank him for being in category last week and meeting with us. 
We were inaugurating a new outpatient facility at the hospital, 
which the doctor was the keynote speaker at, and we appreciate 
it very much.
    Dr. Kizer. The pleasure was all mine to be there, Senator.
    Chairman Bennett. I am told I have misspoken. Columbia HCA 
is twice as large as the VA system.
    Dr. Kizer. They have more hospitals.
    Chairman Bennett. They have more hospitals. [Laughter.]
    But the reason I raise this, as you know, we have a unique 
situation on this committee in that we have as ex-officio 
members the chairman and the ranking member of the Senate 
Appropriations Committee, Senator Stevens and Senator Byrd. I 
do not want to look back on this problem and say, well, the VA 
did not get it solved because of a snarl in the appropriations 
process, and the money needed to make these kinds of 
replacements was simply not made available by the Congress.
    We are going to have enough responsibility for this 
problem. I do not want to add to that the responsibility of not 
appropriating what is necessary to get this done. So, I am 
giving you the kind of dream question that every bureaucrat 
would love to have from an appropriator, which is tell us how 
much money you think you are going to need.
    Dr. Kizer. We actually are trying to get our hands around 
this. One of the problems in defining the extent of the 
replacement costs is when we do not have a response from 30 
percent of the manufacturers, that leaves a big hole. We know 
at this point that replacement costs are probably over $50 
million.
    Chairman Bennett. I am surprised it is that low.
    Dr. Kizer. Well, we know it is over $50 million.
    Vice Chairman Dodd. Better answer.
    Chairman Bennett. Yes. [Laughter.]
    All right; thank you both very much.
    Vice Chairman Dodd. Very, very helpful.
    Chairman Bennett. We appreciate it.
    All right; we now welcome the Honorable Kevin L. Thurm, 
Deputy Secretary of the Department of Health and Human 
Services; the Honorable Michael A. Friedman, M.D., who is 
Acting Commissioner of the Food and Drug Administration; and 
the Honorable Nancy-Ann Min DeParle who is the Administrator of 
HCFA.
    Once again, on behalf of the committee, I welcome you all 
and thank you for your willingness to testify. Mr. Thurm, we 
will start with you.

 STATEMENT OF KEVIN L. THURM, DEPUTY SECRETARY, DEPARTMENT OF 
                   HEALTH AND HUMAN SERVICES

    Mr. Thurm. Good morning, Mr. Chairman, Vice-Chairman Dodd, 
Senator Smith, and thank you for inviting me and my colleagues 
here today. I would like to submit a written statement for the 
record and offer a brief oral statement summarizing my 
testimony.
    Chairman Bennett. Without objection, your written statement 
will be made part of the record.
    Mr. Thurm. I am accompanied today by Dr. John Callahan, who 
is our Assistant Secretary for Management and Budget and our 
Chief Information Officer at HHS; by Nancy-Ann Min DeParle, the 
administrator of the Health Care Financing Administration and 
Dr. Michael Friedman, who is the Acting Commissioner of the 
Food and Drug Administration.
    The American people expect reliable service from their 
Government and deserve confidence that critical government 
functions will be performed accurately and in a timely manner 
in the next millennium. Like other departments and agencies, we 
are striving to meet the Year 2000 challenge. The Department is 
making progress in correcting computer code for a wide array of 
software systems; in modifying the underlying infrastructure on 
which these systems operate; in working with our partners with 
which we exchange data and with others reliant on our services 
and in constructing contingency plans in case our systems or 
our partners' systems are not ready on January 1, 2000.
    The Secretary and I have declared the Year 2000 issue to be 
our highest information technology priority. We have involved 
all parts of the Department to ensure that our information 
systems are able to recognize the Year 2000. No matter what 
else we do and what other initiatives we undertake, we must 
ensure that our ability to accomplish the Department's missions 
is not impaired.
    Of all of the Department's programs, the Medicare program, 
administered by HCFA, proves to be our greatest Year 2000 
challenge. Payment of health care claims is accomplished by 
over 60 external contractors, which operate and maintain a base 
of software programs that process nearly 1 billion claims each 
year from over 1 million health care providers. Ms. DeParle 
will explain these issues in more detail, but let me add that 
the Department is fully supportive of her and the agency in 
identifying the necessary human and financial resources and in 
prioritizing the work of the agency, including delaying 
implementation of a number of the Balanced Budget Act 
provisions.
    We are also addressing the need to develop public 
information about the compatibility of systems embedded in 
biomedical devices. Because it is imperative, as Dr. Kizer has 
already testified and as Dr. Friedman will testify, that 
medical equipment continues to function properly in the next 
century, the Department and, in particular, the Food and Drug 
Administration, is requesting information about the Year 2000 
compliance of medical devices and scientific laboratory 
equipment manufactured by biomedical equipment manufacturers.
    In addition, HHS is working with the Department of Veterans 
Affairs to better serve our mutual interests in the Year 2000 
compliance of biomedical equipment by merging our efforts. We 
have convened a steering committee and have asked the 
Department of Defense to participate as well. We will work 
through the health care outreach sector and the White House 
Year 2000 Conversion Council to enhance our ability to make 
this information available to you and the public. Dr. Michael 
Friedman will address these issues in depth, but again, the 
Department is fully supportive of the agency's efforts.
    In response to the Year 2000 issue, the President's Council 
on Year 2000 Conversion, led by John Koskinen, has enlisted 
agencies to increase awareness of the problem and to facilitate 
Year 2000 compliance of public and private sector 
organizations. HHS, through our operating divisions, is 
currently implementing efforts aimed at both the health care 
and human services communities. Outreach efforts have included 
speeches, meetings, publications, conferences, developing Web 
sites and making Year 2000 compliance a term and condition of 
all future grant awards.
    HHS still faces substantial challenges in our Year 2000 
efforts. However, let me assure you that on behalf of Secretary 
Shalala, we will continue to vigorously pursue Year 2000 
remediation as our most important information technology 
initiative. We recognize our obligation to the American people 
to ensure that HHS' programs function properly now and in the 
next millennium.
    I want to thank the committee for its interest and 
oversight on this issue. Thank you, Senator Bennett, as well 
for holding hearings with private sector representatives and 
encouraging them to work with the Federal Government and for 
your support on the Senate Treasury-Post Office Appropriations 
bill, which provides for over $3 billion for Year 2000 
remediation as emergency funds. I would be happy to answer any 
questions that the committee has.
    [The prepared statement of Mr. Thurm can be found in the 
appendix.]
    Chairman Bennett. Thank you very much.
    Dr. Friedman.

 STATEMENT OF MICHAEL A. FRIEDMAN, M.D., ACTING COMMISSIONER, 
 FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN 
                            SERVICES

    Dr. Friedman. Thank you, sir.
    Mr. Chairman, Mr. Vice-Chairman, Senator Smith, I, too, am 
pleased to be here today to provide information on the Year 
2000 issue as it relates to devices used in the care and 
treatment of patients. We recognize that Year 2000 problems 
have the potential to cause disruption in many computer systems 
and, simply put, the Food and Drug Administration takes this 
issue very seriously. The agency believes that if solutions 
being developed and offered by manufacturers are properly 
implemented, there need be no significant problems to endanger 
or discomfort patients, and with your permission, I will 
briefly outline the steps that we have taken and that we are 
taking and will continue to take to ensure that medical devices 
are compliant.
    The scope of this problem is potentially large, because 
medical devices include over 100,000 products and more than 
1,700 product categories. While many devices rely on computer 
chips and software to function properly, the Year 2000 bug will 
not affect the majority of the medical devices that rely on 
computerized control, because they do not require knowledge of 
the current date to operate safely and effectively, and you 
have heard many examples of those: pacemakers, ventilators, and 
so forth.
    That is not to say, however, that problems could not arise 
when software enhances the operation of a device; for example, 
so-called non-embedded software, which may not be integrated 
into the medical device itself, might run on a personal 
computer or workstation that is connected to the device. If 
this secondary software relies on two-digit year format to 
operate properly, it may be vulnerable to the Year 2000 bug. 
You have heard some examples of that, most significantly with 
the cobalt radiation therapy machine that Dr. Kizer described.
    Now, medical device systems that use a date relying on the 
two-digit format in their algorithm, in their calculations or 
record-keeping are at risk, and we estimate that up to 2,700 
manufacturers may produce such equipment. Our outreach efforts 
for these manufacturers began last June of 1997, when our 
Center for Devices sent a letter to 13,407 medical device 
manufacturers, both domestic and foreign, addressing this 
issue. The letter reminded manufacturers that they have the 
responsibility to investigate and correct any problems with 
their products.
    In January, our Center for Biologics posted specific 
guidance for the blood industry software, to alert them to this 
concern. This spring, our device center developed a guidance 
document describing our expectations of medical device 
manufacturers concerning the Year 2000 date problem. Very 
helpfully, a second letter was sent from the Department of 
Health and Human Services in January 1998 by Deputy Secretary 
Thurm. Some 16,000 biomedical equipment manufacturers were 
asked to voluntarily provide information on the compliance 
status of their products. The response from the manufacturers 
so far has been fairly low: only about 1,800 of the 
manufacturers contacted in January have provided the requested 
information.
    To further boost awareness of the need for companies to 
report, FDA authored an article for the medical device trade 
press, and we have been actively working with the trade 
associations. These are potentially important allies in this 
regard.
    Furthermore, a discussion in this June issue of the Journal 
of the American Medical Association had an article from FDA 
outlining our concerns in this regard. We have also sent a 
medical bulletin to approximately 700,000 health care 
professionals this last summer. Three weeks ago, FDA also sent 
a followup letter to nearly 3,000 manufacturers, and we are 
beginning to receive some responses. While the data are 
incomplete, of the 1,800 who did respond, about 1,650 said that 
their products either do not use date-related information or 
are already Year 2000 compliant. Eighty-eight manufacturers 
reported one or more products with date-related problems, and 
of this group, 53 have set up Web sites on the Internet that 
provide corrective information for their customers.
    For the remaining companies, though, the data submitted are 
incomplete or unclear in some manner. The great majority of the 
problems that we have detected are relatively minor and 
typically involve an incorrect display or printing of the date. 
There are only a few reported cases where the devices will not 
function. These are very important cases, and we take them 
seriously, but fortunately, they seem to be only a few.
    This information that we are garnering is being posted on a 
product database managed by FDA at the request of the 
Interagency Biomedical Equipment Working Group. All the 
information being garnered is shared and placed on the World 
Wide Web, to provide a comprehensive source of information. The 
Web site can be found on the FDA Center for Devices and 
Radiological Health home page.
    In addition, we are working with several Federal and 
private organizations, including the Veterans Administration, 
the Department of Defense, the American Medical Association and 
Hospital Association and others to try and address this problem 
more comprehensively.
    Let me close by saying that FDA recognizes the import of 
this issue. It is a special problem; if you will, a sort of 
electronic fin de siecle. At this time, we believe, however, 
that vigorously working with partners, both private and public, 
with other branches of Government, with our sister agencies and 
operating divisions and with the device industry will ensure 
the continued safety of medical devices.
    I thank you and will be happy to respond to your questions.
    [The prepared statement of Dr. Friedman can be found in the 
appendix.]
    Chairman Bennett. Thank you very much.
    Ms. DeParle.

STATEMENT OF NANCY-ANN MIN DE PARLE, ADMINISTRATOR, HEALTH CARE 
   FINANCING ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN 
                            SERVICES

    Ms. DeParle. Thank you, Mr. Chairman, for inviting me here 
today to discuss my highest priority.
    We must ensure that the more than 38 million Medicare 
beneficiaries experience no interruption in services because of 
the Year 2000 problem. We must also ensure that providers 
continue to receive prompt payment, and we must work with the 
States to ensure that their Medicaid systems are prepared.
    I am committed to doing everything possible to address this 
issue, and I am here to report to you today that we are making 
some substantial progress. As you know, and as we have 
discussed, the Year 2000 especially affects the Health Care 
Financing Administration because of our extensive reliance on 
multiple computer systems. Medicare and Medicaid use more than 
183 systems, and 98 of these systems are considered to be 
mission-critical. Medicare, in fact, is the most automated 
health care payer in the country. As your opening statement 
noted, we process nearly a billion claims every year, and fully 
98 percent of the claims that we pay on the Part A side or the 
hospital side of the business are processed electronically, and 
85 percent of those on the Part B side of Medicare are 
processed electronically.
    The renovation process is complicated, because each system, 
as well as interfaces with state Medicaid programs, banking 
institutions and some 1.6 million providers, must be thoroughly 
reviewed and renovated by those responsible for each particular 
system, and there is a chart here to your right that shows the 
process that must be undergone to just process a Medicare claim 
and all of the different interfaces that are involved in the 
different systems, and it has been attached to my testimony.
    For Medicare, Mr. Chairman, that means that we have to 
renovate some 50 million lines of code. If we do not succeed, 
we are aware that enrollment systems might not function; that 
beneficiaries could be denied services because providers might 
not be able to confirm eligibility, and we are concerned that 
providers would have cash flow problems, as you noted.
    We are committed to succeeding, but we are not only working 
intensively to renovate and test our systems; we are also 
developing detailed contingency plans for business continuation 
in all of the different areas where we provide services. After 
working on our contingency plans, it is clear to me that our 
best option and our only option is to successful complete all 
of our renovations on time.
    That is why we are requiring contractors to be in full 
compliance with all code renovated and fully future date tested 
by December 31, 1998. One of the first things that I did when I 
came to the agency last fall was to sit down with GAO to talk 
to them about this problem. They recommended to me, and we have 
negotiated with our contractors, a contract amendment that 
articulates Year 2000 requirements. All of the contractors with 
whom we have spoken, including the one that you are going to be 
hearing from today, indicate that they will sign that 
amendment.
    Renovations to mission critical internal systems also have 
to be completed by December 31, 1998. We expect to complete 
end-to-end testing of how claims are processed through our 
entire network in the spring. We will then have the remainder 
of 1999 to take any additional necessary action. GAO also 
recommended to us last year that we hire an independent 
contractor to review and assess our work. We did that. 
Intermetrics, our independent validation and verification 
contractor, is very actively overseeing our work. Because of 
their effort and our own increased attention, we now have a 
much more accurate assessment of the problem and what must be 
done.
    This more accurate assessment makes clear that Year 2000 
work has to take priority over all other projects. We have to 
delay any projects which require complex systems changes or 
which would occur during a critical window between October 1999 
and April of 2000. And so, for example, Mr. Chairman, we had to 
make the difficult decision earlier this year to postpone 
transitions to uniform systems for Part B and Part A of 
Medicare. We were trying to get it down to one system for each 
of those two sides of our business, but we had to postpone 
that.
    The Intermetrics-IV&V contractor also recommended that we 
stop parallel development, which meant to stop giving 
contractors additional work to do in addition to renovating the 
systems. So, we made the difficult decision to delay 
implementation of some of the Balanced Budget Act provisions, 
including the prospective payment systems for outpatient 
hospital care and home health services.
    Also, based on that recommendation, we are looking at the 
need to delay provider payment updates during that critical 
window of Year 2000 activity. Those updates are not complicated 
from a systems perspective, but we have been advised strongly 
that making that kind of a systems change at that point of 
potential instability not only in our own systems but in the 
systems of all of the various providers that we deal with would 
be not a good idea.
    We want to work with you, with this committee and with the 
Congress to ensure that this does not create a hardship for our 
providers.
    We also will have additional budget needs, and I want to 
thank you for your leadership and this committee for its 
leadership in this area, and, of course the Secretary recently 
reallocated $40 million from other activities in the Department 
to devote to Year 2000 efforts at HCFA.
    We are making solid and, I think, steady progress now in 
preparing for the Year 2000. We have taken steps, with your 
assistance, to obtain necessary resources. We are making 
difficult decisions to delay other priorities, and we are 
making necessary contingency plans. I appreciate this 
committee's support and the help that we have gotten from the 
General Accounting Office, and I am happy to answer any 
questions that you might have.
    [The prepared statement of Ms. DeParle can be found in the 
appendix.]
    Chairman Bennett. Thank you very much. We appreciate the 
testimony of all of you.
    Administrator DeParle, you made reference to the 
independent contractor who came in and assisted you. Let me 
understand something. I have heard this somewhat piecemeal. Let 
us get it out and give you an opportunity to get it 
authoritatively dealt with. I understand that prior to the 
independent contractor, you assumed that you had 20 million 
lines of code, and the independent contractor discovered that 
it was, in fact, 50 million. Do I have those numbers correct?
    Ms. DeParle. Yes, sir, I believe that is right.
    Chairman Bennett. And this, of course, is a very--what is 
the phrase, revolting development, that your problem is 2\1/2\ 
times bigger than you thought it was, that you discover almost 
overnight.
    Does that not create a much bigger problem than your 
overall testimony seems to indicate? I am not challenging that 
you are on top of it. I am not challenging that you are making 
it a top priority, but it would seem to me terribly 
discouraging to be moving along and suddenly discover your 
problem is 2\1/2\ times bigger than you thought. To me that 
would put you, in the overall analysis of where you are, 
substantially behind where you thought you were when you made 
that discovery.
    Ms. DeParle. I believe that is correct, and I think that 
what you are referring to is a discussion last year with a 
different committee that the administrator then had, and at 
that point, the agency had been doing its assessment on its own 
and had been talking to different contractors around the 
country and had the assessment that it was around 20 million 
lines of code that needed to be renovated, and I believe at 
that very same hearing, Joel Williamson of the General 
Accounting Office testified that he thought that HCFA needed to 
get an independent assessment of that.
    And late last fall, we did get the Intermetrics firm in to 
do such an assessment. They have been out to every one of our 
contractors, along with our chief information officer, who is 
with me today, and that is how we now have the assessment that 
the problem is bigger than we thought. So, yes, sir, we do have 
a big problem, and the good news is that we learned about it 
this spring instead of later this year.
    Chairman Bennett. I am told by the staff that the 20 
million figure was given to this committee at a briefing on the 
7th of July of this year; at least somebody who was briefing 
the committee did not have that information as recently as 
earlier this month. It was not something that came up in the 
spring.
    Ms. DeParle. Well, if that is the case, Mr. Chairman, I 
apologize to you, but, as I said, the complexity of this 
problem has certainly grown, and I am very glad that we got an 
independent assessment of it, and I think that we now know that 
it is bigger than it was thought to be.
    Chairman Bennett. All right; Dr. Friedman, I find a little 
bit of a disconnect between your testimony and Dr. Kizer's. The 
numbers that you are reporting paint a different picture from 
the one we had from Dr. Kizer's admittedly anecdotal trip 
through medical devices. If I had the numbers right, you said 
there were 1,800 responses to your questionnaire.
    Dr. Friedman. That is correct, sir.
    Chairman Bennett. And 88 of those 1,800 said they produced 
devices that had date-sensitive problems.
    Dr. Friedman. No, sir; and I apologize for the series of 
numbers. Let me go through it again. I can give you the exact 
numbers. I think the larger issue is that we recognize that 
somewhere around 2,700 to 3,000 manufacturers probably are 
responsible for producing equipment that has microprocessors or 
chips embedded and that is the most important group of 
manufacturers to target. But we felt it was very important to 
cast the net very widely, and therefore, in our initial 
mailings sent out to some 16,000 or more, people who may only 
make tongue depressors----
    Chairman Bennett. Yes.
    Dr. Friedman [continuing]. People who may only make, you 
know, other things, we sent out this very large mailing to make 
sure we tried to capture everybody both domestically and 
foreign. We believe that it is some 2,700 manufacturers. From 
that subgroup, we have about 500 responses now and are getting 
more in daily.
    Chairman Bennett. I see; OK, well, on page 10 of your 
prepared testimony, I picked up this 88 manufacturers. I 
thought OK, the folks who are really involved in this are not 
responding, and it is the tongue depressor people who are 
coming in, and that is skewing the data.
    Dr. Friedman. Well, and we have gotten a large number of 
responses from those folks saying no, thank you for asking us, 
but we do not have anything.
    I think it is more important to recognize that the kind of 
data that Dr. Kizer is garnering will be very helpful and 
complementary to the data we are getting. He is getting 
information about very specific pieces of equipment. We are 
getting information from manufacturers about all of the 
equipment, and I think that when we have the assistance of the 
manufacturers and those associations that represent them plus 
the AMA and the AHA, seeing this as a mosaic where we get all 
of the information and then post that for public consumption, I 
think that serves the public in the very best way.
    Chairman Bennett. OK; Senator Dodd?
    Vice Chairman Dodd. Thank you, Mr. Chairman, and I am going 
to sort of pick up where the chairman was going here. Let me, 
if I can, the American Medical Association--I am quoting them 
here and talking about medical devices--says unreliable 
equipment cannot be used, because virtually any malfunction 
could have disastrous consequences. Assessing the current level 
of risk attributable specifically to the Year 2000 problem 
within the patient care setting remains problematical. We do 
know, however, that the risk is present and real. End of quote.
    The American Hospital Association calling on Congress and 
the FDA to enact mandatory disclosure requirements on the 
device manufacturers, clearly because they believe that they 
are not getting sufficient information to guarantee patient 
care. I just want to come back to this. I read, Secretary 
Thurm, your statement and your written testimony. You said that 
you see no indications that there will be significant problems 
that will place patients at risk, assuming that the 
manufacturers are implementing the reported solutions.
    And Dr. Friedman, in your testimony, you repeat that 
statement almost word-for-word. Now, those statements would be 
reassuring, I think, to the chairman and myself if we were 
getting something better here. You said 2,700 of these 
manufacturers actually producing equipment that appears to be 
sensitive to the Y2K issue. Here, we have 526 days to go 
between now and January 1, 2000. You have only heard from 500 
of these companies out of almost 3,000. That is not reassuring 
to me at all. I have got to tell you; I mean, I find that 
frightening.
    And I--it is important here, because you are the ones who 
are going to be dealing with these people every day. I mean, we 
have hearings; we have got 20 other things that we are doing in 
an hour. We have got to have HHS, and we have got to have the 
FDA being a lot more aggressive about this, in my view. I do 
not think this is satisfactory. I do not think that 500 
responses from 2,700 businesses that produce this equipment 
that is highly sensitive and necessary, obviously, to patient 
care is a good response at all.
    Dr. Friedman. And no, sir; I hope I did not convey that we 
felt it was satisfactory. This is fractional. We do believe 
that getting all of the information is important. We began----
    Vice Chairman Dodd. I know that, but your statement that we 
see no indications that there will be significant problems, I 
see every indication that there is a significant problem.
    Dr. Friedman. The full sentence is if the manufacturers 
address it.
    Vice Chairman Dodd. Well, they are not. And I agree with: 
if they do, then, fine. I am all with you. But you have only 
got 500 responses with 500 days to go from almost 3,000 
companies. You ought to be banging the table here, in my view, 
with all due respect.
    Mr. Thurm. Senator, I think that is right, and I think that 
the FDA--two pieces. First, the FDA has followed up recently 
and comprehensively by narrowing the number of companies that 
it has targeted because we have not gotten responses, and your 
point and the chairman's point is exactly right.
    The second is, in conjunction with the VA, we have the 
obligation to coordinate our efforts with what Dr. Kizer has 
done through the VA and through what he announced several weeks 
ago, the National Patient Safety Partnership, which includes 
the American Hospital Association and the American Medical 
Association, so that we can provide to you and to the American 
public a more comprehensive and authoritative accounting of 
that.
    Vice Chairman Dodd. I have got you; I hear you. But look at 
this: I mean, here is this letter from the Health Industry 
Manufacturers Association. Let me quote them. You have got the 
same one.
    Chairman Bennett. I have got the same letter waiting for 
the next witness. But go ahead.
    Vice Chairman Dodd. You know, and I am quoting: HIMA's 
members understand the Department's interest in this issue. 
Nevertheless, we do not agree that a Federal Government 
Internet Web site listing Year 2000 compliance status of 
various products is an appropriate or necessary step.
    That is arrogant. I mean, and they go on to say here, 
HIMA's members note that the Department has no legal authority 
to require this submission of the Year 2000 information that is 
the subject of your January 21 letter. In view of this, HIMA 
believes that the statement in the letter that there will be 
targeted followup regarding non-respondents is inappropriate.
    Well, I do not know--I can get an amendment adopted to 
almost any bill in Congress that is floating through here. If 
there is a legal problem, I promise we will take care of that 
immediately. That is--you should let us know about that.
    Mr. Thurm. That is correct.
    Vice Chairman Dodd. What is the date of that letter? That 
is April 1, that letter.
    Mr. Thurm. Well, the point you are making is precisely 
right. We need to be more aggressive. HIMA has sent a followup 
letter, and your call today, Senator, and the chairman's call 
on the private sector, in particular, medical device 
manufacturers, assists us in getting them to provide----
    Vice Chairman Dodd. I hear you, and I understand that, but 
again, you have got these letters. You have got a January 
letter that went out on January 21 to the device manufacturers 
flatly stating FDA must aggressively pursue responses from the 
remaining equipment manufacturers--excuse me, OMB in their 
report on 5/15. Your letter went out on January 21. OMB, in its 
report on 5/15, says FDA must aggressively pursue responses 
from the remaining equipment manufacturers.
    Six weeks later, you sent another letter. That is not, in 
my view, aggressively pursuing responses. Am I wrong? I mean, 
is this not 6 weeks basically, June 29? That is May 15, and it 
is the end of June when we send the next letter? You have got 
to be much more aggressive than that.
    Dr. Friedman. I do understand what you are saying, Senator, 
and we have sent out multiple letters. We will continue to do 
so. We are not going to be satisfied until we have a complete 
data set, and I think you are absolutely right.
    Vice Chairman Dodd. I do not know; you have got the clock 
on. Am I over my time?
    Chairman Bennett. Go ahead. I am loving this. Go ahead.
    Vice Chairman Dodd. Well, I mean, this is the kind of 
stuff--you guys are on the front line every day. How often do 
we have hearings? You know, and I mentioned earlier, look, what 
I would like to suggest, this is Thursday, and I said earlier 
we ought to publish the lists of people. Why do we not do this? 
Maybe before we adjourn, which is maybe, I think, next week, 
let me say from my point, I have not talked to the chairman 
about this, but I will forego a week before I will go to the 
floor of the Senate and publish lists of companies that have 
not complied.
    Let us use this as a week of an opportunity to respond to 
these letters, and by next Thursday, I want the lists of the 
people who have not responded.
    Dr. Friedman. I cannot tell you how much we appreciate your 
stimulus of this. If this brings in responses, it will serve 
everyone very well, and we do appreciate----
    Vice Chairman Dodd. My goal is not to embarrass anybody.
    Dr. Friedman. Of course not.
    Vice Chairman Dodd. But it will be.
    Dr. Friedman. The goal is to have good information 
available for all of the people who need it.
    Vice Chairman Dodd. Now, let me get to this quick question 
here on this, because I think the chairman raised a very, very 
important point, but I think it has to be pursued a bit as well 
here to HCFA, and let me just run the chronology here on this 
thing for you. You know, you said, publicly stating that it is 
almost 70 percent complete on its renovations, on its 
assessment of the size of the problem. I appreciate that.
    July 7, you submit materials to the special committee that 
show that 30 million lines of code required renovations. All 
right; now, this is your chart you sent us here. The President 
stated that there were 42 million lines of code at HCFA that 
needed renovation. Today, Mr. Thurm here stated that there were 
49 million lines of code, and last week and again today, you 
stated that there are 50 million lines of code.
    Now, you can ask the question yourself. You understand the 
question I have. How reliable is this 70 percent? Seventy 
percent of what? I mean, that is in the space of a few days 
here, we go from 30 million to 50 million, almost double the 
number.
    Ms. DeParle. Well, let me be clear about one thing. The 
Deputy Secretary is right. The number is 49 million, and I was 
rounding up to say some 50 million to make it easier.
    Vice Chairman Dodd. All right?
    Ms. DeParle. But your point and the chairman's point about 
the changing numbers is certainly fair. I think I can explain 
it, and let me try to. Our estimate right now is that there are 
around 20 million lines of code that are internal that have to 
be changed. Those are systems that we maintain out in Baltimore 
primarily; for example, the Medicare managed care system.
    Vice Chairman Dodd. Right.
    Ms. DeParle. We pay the HMO's ourselves out of Baltimore. 
So, that is an internal system. So, for those systems, our 
estimate is around 20 million lines of code. I do not know what 
the estimate was last May when the total number was 20 million, 
but I would assume it was much smaller. So, that estimate was 
wrong.
    We brought in the independent verification and validation 
contractor, who gave us a better view of it. The external lines 
of code, we estimate to be around 30 million. When we get the 
estimates from the contractors, some of them count, I am sorry 
that my chart is probably hard to see, but some of them 
counted, when they did their initial assessments, the front-end 
systems, the standard systems and the back end systems, and the 
standard systems, if they count that as well, that is double-
counting, because we were counting those on another list.
    Vice Chairman Dodd. Yes.
    Ms. DeParle. So, what we have done now with our IV&V 
contractor is try to come up with the best list possible, and I 
believe it to be, at this point, Senator, 49 million, but I 
understand your point that it has been difficult to get our 
arms around this, and that leads you to be concerned about it, 
and, of course, that is why it is my top priority, because it 
is a major concern.
    Vice Chairman Dodd. I appreciate it. And listen, it is the 
tendency of every institution, particularly in public settings, 
to stand up and put the best face on things. I mean, and that 
is true of Congress, true of anybody. So, I understand that. 
What I think is so important here is that there be these--in 
fact, there is going to be a greater degree of credibility on 
the candid, hard assessments. You know, arguably, everybody is 
late on this issue. I mean, we got a committee formed here 
about a month ago, you know, and we are not--despite the fact 
that the chairman tried for months, and we tried. I mean, it is 
just hard for people to click onto this issue in a way.
    So, we are not sitting up here--you know, we should have 
been at this years ago in Congress talking about it. So, we are 
not immune from the criticism about this. But I think we serve 
the public really well when we lay it out coldly and hardly 
where we are here, and too often, institutions, public and 
private, come here, and the thrust is we are doing great.
    And then, it is these probing kinds of questions; our 
statements are written in that regard, and we end up creating 
more problems than ought to be the case. So, I just urge you to 
insist, when you go back, tell your own people: look, you know, 
you want the hard, cold information. You know, someone once 
said that the higher up you are in this process, the harder it 
is to get at the truth, because people who walk in do not want 
to tell the boss things they do not want to hear.
    And so, you have got to be tough on your people in terms of 
getting this stuff, because you do not want to have to come to 
a committee hearing and sit up here and answer the questions 
that we are going to ask that we are getting asked, OK?
    Ms. DeParle. If I could, too, Senator, I would like to 
correct a misunderstanding in the statement you made at the 
beginning. My understanding at this point is that we are 77 
percent of the way through in renovating our internal systems.
    Vice Chairman Dodd. OK.
    Ms. DeParle. That is the 25 or so systems that we maintain. 
On our external systems, which include the common working file 
and the contractor systems at the 60 different locations around 
the country, we are only about 40 percent of the way through 
there. Five of the six systems that need to be renovated have 
been renovated, but the most important phase is yet to begin, 
or we are just beginning, which is testing, and we have 
followed the GAO recommendations. We have a four-level testing 
system, and that will be very intensive, and that is where the 
rubber meets the road, as you know.
    So, I would not say that we are 70 percent done.
    Mr. Thurm. And, Senator, if I can add one thing to your 
point, which is exactly right, it is not just that the three of 
us do not want to be here answering the questions, but on 
January 1, 2000, none of us want to have said on December 31, 
1999, oh, no, it is OK, and to ask the hard questions, and I 
think we are trying to do that within the Department and the 
private sector. We moved money within the Health Care Financing 
Administration and we have come up and told you that we are 
going to have to delay implementation of certain Balanced 
Budget Act provisions. We have said in our 1999 budget we need 
more money, and we need it early in fiscal year 1999, because 
late in fiscal year 1999, we have a problem.
    But your hearings and your oversight help us further ask 
the hard questions sooner rather than later and to which, in 
our Department, and you all are owed the response sooner rather 
than later, so we can do contingency planning in case either 
our systems or our partners' systems do not work, so that we 
can ensure, as the administrator says, not only end-to-end 
within our systems but end-to-end within the whole health care 
system, so that providers in rural areas, if they cannot 
receive payments because their systems are not renovated, we 
have thought about that; they have thought about it, and we 
have figured out ways to address it.
    And those are the kinds of things we are trying to focus 
on, and these hearings are helpful.
    Vice Chairman Dodd. I have taken too much time, but I still 
have a couple of questions. I would like for you to respond, by 
the way, have your legal counsel respond to HIMA's letter to 
you in April about the legal authority, and I want to know 
immediately whether or not you agree with this letter that you 
lack the legal authority, and if you lack the legal authority, 
I want you to let us know ASAP on this, and we will find some 
means to give you the legal authority to see to it that you can 
list on here.
    So, I appreciate----
    Mr. Thurm. We will certainly do that, Senator.
    Vice Chairman Dodd. OK?
    I have some questions, but I have taken too much of your 
time.
    Chairman Bennett. Thank you.
    We will move on to the next panel. Let me make a few 
concluding observations. I am glad, Administrator DeParle, for 
your comment about the 70 percent and the 40 percent and to 
help us understand that, because I just could not understand 
how you could get a problem that is suddenly twice as big as 
you thought it was and still stay at 70 percent remediation.
    On your chart, the only point I want to make with respect 
to that chart is that if there is a failure in any one of those 
components or in any of the connections between components, the 
failure runs through the whole system. That is the scary thing 
about the chart. We could have everything working there and, 
for example, the connection between Social Security and the--
what do they call it--the central processing or central----
    Ms. DeParle. Common working file?
    Chairman Bennett. The common working file. If the common 
working file cannot access Social Security to check 
eligibility, the whole thing comes to a grinding halt, and the 
same illustration could be made in any other connection on that 
chart, and from a point of view of the effect of that on the 
whole system, it is really, really scary. In many ways, you 
have a bigger burden here than any other governmental official.
    As I said, we were at the INOVA Fairfax Hospital, and we 
got all of the other information to us and got tremendously 
reassured. If I am ill on New Year's Eve, that is the hospital 
in the area I want to be in. But I asked the question after 
they went through all of the things that they were doing, I 
said what would the impact be if HCFA was unable to process 
claims, and the answer was a single word: huge.
    They can do all of the other things they do. If you fail, 
or if any one of the connections that you have on the chart 
fails or any one of the components on the chart fails, the 
impact on the people who are providing the patient care would 
be huge--not to send you out of here with an enormous load on 
your shoulders but to remind you of the enormous load that you 
already have on your shoulder and to thank you for your 
forthrightness here today.
    Ms. DeParle. Thank you, Senator.
    Vice Chairman Dodd. Let me just ask if they could, on three 
questions, but I will not ask you to respond to them here, but 
I would like to get some answers to them. One is, and on the 
individual care providers, Mr. Thurm, if you could, that would 
be important for us to get that. I realize you have got a 
complex and huge area. We have talked on the hospitals and a 
lot of other areas, but the individual care provider, what is 
going on there is something I would be very interested in 
hearing from HHS on.
    Second, I want to know, if we can, what your contingency 
plans are. I am not going to go into it today, but I would like 
to have someone give us a brief on what your contingency 
planning is. Everyone is saying it now. It is the right thing 
to say, but the chairman is absolutely correct. This is one 
where we better get a good assessment of a billion dollars of 
processing a day to health care providers out here. We need to 
have a pretty good sense of what it is to make sure that there 
is not a failure in that system, with 40 percent of those 
providers relying or I think 40 percent of their resources come 
from Medicare and so forth. So, you would have a collapse 
there.
    And last, Mr. Thurm, I would like to know about the rural 
and more urban hospitals and so forth. If the veterans 
hospital, you know, with all of the power of the VA, cannot get 
responses from manufacturers, we heard from the Fairfax 
Hospital how difficult--and I have got some letters here that 
they shared with us from manufacturers. They are just downright 
rude in some instances in terms of their inquiries about 
equipment they have got to use there.
    What does the D.C. General, how are they doing? How is a 
rural hospital doing when they are trying to get information? 
And I would like to get some sense from them in terms of how 
responsive they are and also, you know, what sort of costs are 
they looking at? And to what extent are we making some 
assessment. Again, coming back to the chairman's question, we 
have got a very receptive and willing, I think, Congress that 
wants to help out in this area. The sooner we know, the better, 
and if rural and inner-city hospitals are facing some real 
problems here financially, the sooner we know, the better we 
are going to be able to step up to the plate and provide some 
help to see to it that they are getting the equipment that they 
need to serve that population, OK?
    Thank you.
    Chairman Bennett. Thank you all very much.
    Ms. DeParle. Thank you.
    Chairman Bennett. We now go to the health industry panel. 
These are representatives from hospitals, doctors, biomedical 
device manufacturers, insurers, and Y2K consultants. They 
individually and collectively have knowledge about how the 
health care industry is responding to the medical and financial 
challenge facing it in the next 17 months. They may be a little 
nervous, having heard the rhetoric of the first two panels.
    All right; introducing all of the members of the panel, and 
we will hear from you in the order in which you are introduced, 
Ms. Jennifer Jackson. Ms. Jackson is general counsel and vice 
president for clinical services of the Connecticut Hospital 
Association, representing the American Hospital Association. I 
wonder why we have someone from Connecticut doing that? No, we 
are delighted to have you here.
    Dr. Palmisano, Donald Palmisano, is a member of the board 
of trustees of the American Medical Association. Mr. Ramin 
Mojdeh, Ph.D., he is director of research and development of 
the Guidant Corp., and he is here representing the Health 
Industry Manufacturers Association. Mr. Gil Glover--is it 
Glover or Glover?
    Mr. Glover. Glover.
    Chairman Bennett. Glover?
    Mr. Glover. Glover.
    Chairman Bennett. Glover.
    Mr. Glover. Glover.
    Chairman Bennett. Glover, all right, director of Year 2000 
projects and planning for Blue Cross and Blue Shield and Mr. 
Joel Ackerman, executive director of Prescription 2000 
Solutions Institute.
    We welcome you all here. As is always, unfortunately, the 
pattern in the Senate, we have run over more from the Senators 
than the witnesses, but we make the witnesses pay for it by 
asking you to please hold your statements within the 5 minutes 
indicated by the lights.
    Ms. Jackson, we will start with you.

    STATEMENT OF JENNIFER JACKSON, GENERAL COUNSEL AND VICE 
PRESIDENT, CLINICAL SERVICES, CONNECTICUT HOSPITAL ASSOCIATION, 
         REPRESENTING THE AMERICAN HOSPITAL ASSOCIATION

    Ms. Jackson. Mr. Chairman, Senator Dodd, I am Jennifer 
Jackson, general counsel and vice president of clinical 
services at the Connecticut Hospital Association, and I am very 
pleased to be here today representing the American Hospital 
Association, which represents nearly 5,000 hospitals, health 
systems, networks, and other providers of care.
    Hospitals and health systems are taking the Year 2000 issue 
very seriously. They face the same potential problems as most 
other institutions. Their business and communications systems, 
their security systems, elevators and other parts of their 
physical plant all could be affected by Year 2000 problems. 
However, hospitals are unique places that face unique problems 
because of our patients' reliance on sophisticated technology 
and equipment. In analyzing these problems, our priority is, as 
always, the safety of our patients.
    The AHA believes that there are several key players who can 
help prevent Year 2000 problems from occurring in health care. 
They are hospitals and their associations, manufacturers of 
medical devices and equipment, the Food and Drug 
Administration, the Health Care Financing Administration and 
Congress.
    AHA and state hospital associations are working together to 
ensure that our members know the potential dangers of the 
millennium bug and are taking steps to avoid those problems. We 
are getting them the latest information on what their 
colleagues and other organizations are doing. In fact, in 
recent weeks, we sent every member CEO a briefing book called 
Y2K, Mission Critical, that is filled with extensive 
information from the history of the problem to sample contract 
compliance language for use with vendors and suppliers.
    When it comes to medical devices and equipment, however, 
our efforts alone are not enough. Information about whether 
these devices will be affected by the date change must come 
from the manufacturers of the equipment. We believe that 
existing regulations allow the FDA to require manufacturers to 
perform Year 2000 testing and report adverse results. We urge 
the FDA to exercise this enforcement authority and ask Congress 
to do everything in its power to help the FDA ensure that Year 
2000 information on medical devices gets from the manufacturers 
to those who need it most, health care providers.
    We are relying on the FDA and manufacturers to make this 
information available. We ask the FDA to continue to share its 
plans describing how the agency is getting needed information 
from manufacturers and make sure that those plans are available 
to health care providers.
    We also need the help of the Health Care Financing 
Administration. America's hospitals and health systems receive, 
on average, half of their revenues from Government programs 
like Medicare. It is critical that the flow of those funds not 
be jeopardized by Year 2000 problems.
    Of course, unforeseen problems could occur. Therefore, HCFA 
should establish a contingency plan. A fail-safe system to 
provide periodic interim payments based on past payment levels 
is one way to do this. At the same time, we do not believe that 
HCFA, as it recently announced, should delay hospitals' fiscal 
year 2000 payment update and the implementation of outpatient 
and home health prospective payment systems while it works on 
its own computers.
    Hospitals are already trying to cope with the Balanced 
Budget Act's dramatic changes, including severe reduction in 
hospital Medicare payments. A delay in the fiscal year 2000 PPS 
update adds to this burden and causes unpredictability for them 
and for their patients.
    Congress also has a key role. Your attention to this issue 
through hearings like this one reflects your understanding of 
the gravity of the situation, and you can help America's health 
care system avoid Year 2000 problems. First, Congress should 
appropriate whatever resources, including additional authority 
if necessary, the FDA may need to ensure that manufacturers of 
medical devices investigate, report and correct Year 2000-
related problems in their products. We also urge Congress to 
speak directly to manufacturers on the need and expectations 
for prompt, sufficient disclosure.
    Second, Congress should enact some form of limitation on 
liability for health care providers that have taken steps to 
prevent Year 2000 problems from affecting patient care. 
Hospitals must rely on manufacturers of medical equipment and 
devices to disclose whether a Year 2000 problem may occur and 
how to correct the problem. Health care providers should not be 
liable for damages related to Year 2000 limitation on those 
products, especially when they have made good faith, reasonable 
efforts to minimize the risk and obtain information.
    One way to approach this liability issue is to broaden the 
President's recently-announced good samaritan proposal, which 
would shield from liability businesses that, in good faith, 
share information on solving the Y2K problem. We suggest also 
addressing in that legislative vehicle our concerns about 
liability and protect hospitals and health systems from 
liability for treating a patient with a medical device that the 
manufacturer has reported as Y2K compliant.
    Congress should also authorize periodic Medicare payments 
and ensure that HCFA has adequate funding to ensure Y2K 
compliance. America's hospitals and health systems, their State 
associations, the AHA and other national organizations are 
working together to prepare for the Year 2000. We encourage 
Congress and our Federal agencies to work with us as well so 
that together, we can ensure a smooth and healthy transition 
into the new millennium.
    Thank you.
    [The prepared statement of Ms. Jackson can be found in the 
appendix.]
    Chairman Bennett. Thank you very much.
    Dr. Palmisano.

STATEMENT OF DONALD J. PALMISANO, M.D., MEMBER OF THE BOARD OF 
             TRUSTEES, AMERICAN MEDICAL ASSOCIATION

    Dr. Palmisano. Thank you, Senator Bennett, Senator Dodd and 
the committee.
    My name is Donald Palmisano. I am a member of the Board of 
Trustees of the American Medical Association, a member of the 
Board of Directors of the National Patient Safety Foundation, 
and the chair of the National Patient Safety Foundation's 
Development Committee. I also practice vascular and general 
surgery in New Orleans. On behalf of the 300,000 members of the 
American Medical Association, I want to thank you for inviting 
us to testify about the Year 2000 problem today.
    Senator Bennett, I request that our written comments be 
entered into the record in view of the time limitations.
    The Year 2000 problem will affect virtually all aspects of 
physicians' practices, most especially patient care. The good 
news is that if we act in a timely fashion, this problem is 
solvable. Within a clinical environment, physicians rely 
heavily on medical devices to gather or monitor information 
about their patients. Some of these devices take images; others 
regulate or assist bodily functions; and others simply monitor 
different aspects of the patient's condition. All of them are 
important and provide essential functions for the physician and 
the patient.
    Medical equipment has to be completely dependable. Can you 
imagine for yourself, for a moment, yourself as the patient? 
How would you feel if a device which was monitoring your heart 
failed to sound an alarm when your heart slowed to a dangerous 
rate or if a digital display incorrectly assigned another 
patient's name and all of their medical data to you? Obviously, 
these events would alarm you and your physician.
    Nevertheless, with the potential for malfunctions due to 
Year 2000 bug, there are real risks that have to be anticipated 
and corrected, and the physicians who are responsible for 
caring for these patients are calling for this problem to be 
remedied quickly and effectively. Medical device manufacturers 
need to disclose immediately whether their products will 
malfunction or not. Only they have that information. End users, 
the physicians and the patients, do not have the expertise or 
resources to determine what devices may or may not fail.
    We have to rely on the manufacturers, the Congress and the 
administration to ensure that they promptly disclose this vital 
information. We understand that the FDA and the Department of 
Veterans Affairs have been trying to obtain this information. 
We applaud their efforts to date but believe that more can be 
done. In addition to causing serious patient safety concerns, 
the Year 2000 problem may also wreak havoc on the medical 
community's ability to conduct even the simplest transactions. 
Many physicians and medical centers rely on information systems 
and, to some degree, maintain medical records through these 
electronic methods.
    Physicians need to be able to access this information 
quickly and reliably. Just as important, it must be accurate 
and secure. The software cannot assign incorrect data to 
patients.
    Another area of physicians' concern that is heavily tech-
dependent concerns electronic billing and claims, and you all 
have just gone through that, and I will skip over some of this, 
but we are aware of this in part because of an incident that 
recently occurred in my home State of Louisiana. As you may 
have heard, when the Medicare claims processor for Louisiana 
was planning on implementing a new Y2K-compliant computer 
system for claims processing, it announced that physicians 
could anticipate a 2-week delay. The actual implementation time 
was significantly longer. Many physicians had real problems 
keeping their doors open to treat patients.
    Those physicians who were treating a lot of Medicare 
patients had difficulty purchasing supplies and paying their 
employees.
    Getting back to HCFA, we understand HCFA's concerns and 
desire to have physicians and other health care professionals 
Y2K compliant. We have absolutely no problem with that. We 
believe, though, that HCFA should lead by example and make sure 
that its systems are in compliance as soon as possible. This 
would allow physicians and HCFA to parallel test their 
respective systems well before the Year 2000.
    We understand that in an effort to ensure that its own 
computer systems are Y2K compliant, HCFA is focusing a lot of 
its resources on this problem. We just heard from Administrator 
Nancy-Ann Min DeParle that the Y2K bug is HCFA's No. 1 
priority. As a result, HCFA has decided that it is not going to 
implement some changes required by the Balanced Budget Act of 
1997. Instead, HCFA is going to postpone physicians' 
reimbursement updates from January 1, 2000, to about April 1, 
2000, if not longer.
    We understand HCFA's reasoning for this decision. We just 
want to highlight our concerns about some of the potential 
consequences. First, the Y2K problem has been a known problem 
for a long time. It is a soluble problem if addressed in time. 
Nevertheless, HCFA is asking others to accept delays in updates 
because HCFA has failed to correct this problem. HCFA has told 
us they are not asking for this delay to save money for the 
Medicare trust funds. They have also said that they want to 
make sure providers are fairly reimbursed for the funds they 
should have received.
    Our concerns regarding updates are fourfold. First, we 
wonder whether HCFA is going to be able to devise a solution 
that accomplishes all of these goals. Second, we are concerned 
that a delay may now affect future calculations of 
expenditures. Third, the Year 2000 is a critical year for 
implementing BBA-mandated changes in the resource-based 
relative value scale, which Medicare uses to determine 
payments. This is known as the RBRVS.
    Fourth, as you may know, many private insurers and Medicaid 
agencies base their fee-for-service reimbursement on the RBRVS. 
Delaying the Medicare updates would likely have ramifications 
far beyond what is currently anticipated.
    You have also asked us to address the current level of 
preparedness of the physician community for the Y2K problem. We 
have run across a very limited number of studies giving that 
assessment. One already mentioned here today, the Gartner 
Group, has found what we knew, that physicians and hospitals 
rely on thousands and thousands of medical devices which, to a 
limited extent, may not be compliant. We are not sure of what 
the full extent is, and we need help from the manufacturers.
    Medical practices are among the furthest behind in their 
survey. Now, what can we do about this, specifically the AMA? 
The AMA is focusing on three areas: education, communication 
and cooperation. The AMA already has conducted a seminar at our 
annual meeting last month and will be holding additional 
seminars in the future. The AMA has also launched a national 
campaign entitled ``Moving Medicine into the New Millennium, 
Meeting the Year 2000 Challenge,'' which focuses on 
communication and education.
    As part of the campaign, the AMA will be holding a series 
of regional seminars to talk about how best to work with 
vendors and how to obtain necessary information about devices 
that could affect health care. We will also be distributing a 
solutions manual to further educate the participants.
    To foster greater communication among physicians, we have 
put together a special section on our award-winning Web site, a 
Y2k section, and we encourage everyone to visit ama-assm.org to 
gather information as we put it on that site.
    We believe it will serve as an important interactive 
resource for physicians by providing regularly-updated 
information about the millennium bug and by assisting 
physicians in solving their Y2K problems. The AMA is also 
promoting cooperation through our involvement with the National 
Patient Safety Foundation. The AMA launched this foundation and 
works with its partners. It is a separate corporation, and 
then, that corporation is now working with the National Patient 
Safety Partnership. It is a public-private venture, and Dr. 
Kizer, with the Department of Veterans Affairs, is a leader in 
this. And so, we are working together with all of these groups.
    We would suggest that others communicate to their 
constituencies, as we are trying to do. This would be a 
cooperative effort.
    And the last point, we need to develop a strategy to 
properly inform patients who are affected by medical devices of 
Y2K compliance or potential risk. The patient has to be our No. 
1 concern in all of our Y2K efforts. The clock is ticking. Time 
is of the essence.
    In conclusion, I wish to thank you very much once again for 
inviting me, Mr. Chairman and members of the committee, to 
testify. On behalf of the AMA, allow me to offer our services 
in working further with Congress to effectively address this 
problem. I will be happy to answer any questions. Thank you, 
sir.
    [The prepared statement of Dr. Palmisano can be found in 
the appendix.]
    Chairman Bennett. Thank you.
    Dr. Mojdeh.

   STATEMENT OF RAMIN MOJDEH, PH.D., DIRECTOR, RESEARCH AND 
 DEVELOPMENT, GUIDANT CORP., REPRESENTING THE HEALTH INDUSTRY 
                   MANUFACTURING ASSOCIATION

    Mr. Mojdeh. Mr. Chairman, my name is Ramin Mojdeh. I am a 
director of research and development at Guidant Corp., which 
designs, manufactures and sells innovative products to improve 
the quality of care for people with cardiovascular diseases. We 
thank you, Mr. Chairman and Senator Dodd for your leadership in 
raising the awareness of this important issue. Thank you also 
for the opportunity to testify on behalf of the Health Industry 
Manufacturers Association regarding the readiness of this 
industry to ensure the safe and reliable operation of medical 
devices in the Year 2000 and beyond.
    HIMA represents more than 800 manufacturers of medical 
devices, diagnostic products, and medical information systems. 
Mr. Chairman, I would like to stress three points. First, the 
device industry is extremely concerned about the potential 
hazards associated with the Year 2000 problem. Second, our 
industry has three compelling reasons to address this issue 
urgently and seriously. These are humanitarian, business and 
regulatory. Third, we recognize that timely access to relevant 
information is critical to patient safety, comfort and 
confidence.
    Today, we give you our assurance that our industry will 
continue to work with other concerned organizations and the FDA 
to make compliance information relating to devices publicly 
available.
    The medical industry is quite diverse. Over 50 different 
medical specialties use thousands of product lines and 
applications throughout the human body. Additionally, the 
complexity and sensitivity to the Year 2000 date varies 
dramatically among devices. Some devices vital to keeping 
patients alive are not date-sensitive. For example, pacemakers 
do not use a current date in their operation, and it is 
unlikely that ventilators and many other products will be 
affected by the date problem.
    Other devices may use date information to make calculations 
or send data directly to other systems. These devices may be 
sensitive to the Year 2000 problem. For these reasons, the 
challenge posed by the Year 2000 bug does not, for the medical 
device industry, represent a single problem yielding to a 
single solution. Rather, each company faces a unique set of 
circumstances involving its own technologies.
    The FDA has detailed the device industry's regulatory 
obligations for Year 2000 compliance. As an FDA-regulated 
industry, our member companies are profoundly aware of their 
Year 2000 compliance responsibilities and of the penalties of 
failing to meet them. HIMA members are taking strong action to 
ensure Year 2000 compliance. Some companies with diverse 
product lines have posted pages of detailed charts on their Web 
sites containing Y2K compliance information. Others have gone 
beyond the Internet and contacted their customers directly 
regarding the compliance status of their products.
    Many small companies, founded within the last 10 years, 
understood the Year 2000 problem in advance and have been 
designing Y2K compliant products from the start. It has been 
said here today that a central clearinghouse be established to 
make Year 2000 information publicly available. I want to assure 
all concerned that we take our responsibility in this area very 
seriously. Remember that we, the people, in this industry are 
also our own customers. The lives of many of us, our parents or 
our children, as patients, depend on our products.
    Every day, we come face to face with co-workers who have, 
for example, a pacemaker or have a family member whose life 
depends on safe and reliable operation of one of our products. 
The sense of responsibility and accountability we live with 
every day is enormous. Our commitment to safety and reliability 
of our products is renewed in every encounter like this many 
times a day, every single day.
    So, let me assure you that we share and welcome your 
interest in this area. Mr. Chairman, you have our strong 
commitment to continue to work with other concerned 
organizations and the FDA in making Year 2000 compliance 
information publicly available in an appropriate format.
    Thank you.
    [The prepared statement of Mr. Mojdeh can be found in the 
appendix.]
    Chairman Bennett. Thank you.
    I am going to have to leave and will turn the gavel over to 
Senator Dodd, my apologies to the other two witnesses. Let me 
just ask a quick question. Do I take it, Dr. Mojdeh, that you 
think the FDA request is not an appropriate format? You have 
just said you wanted to make this available in an appropriate 
format. HIMA's activity with respect to the FDA activities in 
the past would indicate its concern with the format 
appropriateness. The letter that Senator Dodd quoted from 
indicates that you do not think that the FDA has the legal 
authority to require it, and you say that that is not an 
appropriate or necessary step. Is that correct? You do not 
think that what the FDA has tried to do is an appropriate 
format?
    Mr. Mojdeh. With your permission, Mr. Chairman, I would 
like to ask my colleague, Mr. Bernie Lieberman, to respond to 
that.
    Chairman Bennett. Surely; just identify yourself for the 
record, and we are happy to have you respond.
    Mr. Liebler. Certainly; my name is Bernie Liebler. I am 
director of technology and regulatory affairs at HIMA.
    That initial letter was written on advice of our internal 
legal counsel. It was our legal counsel's opinion. We have 
since, as Mr. Thurm on the previous panel indicated, had 
further correspondence with FDA on this matter, and our last 
letter was sent yesterday, and it included our offer to work 
with other people. It also included with it, as an attachment, 
a paper that we have written on that.
    Our concern about format is that we believe that the total 
diversity of the industry in terms of size, size of company and 
resources available to them, may make it difficult for some 
companies to accumulate the information for location in one 
spot, as some people have requested. We believe that it is best 
for us to get together, meet with the organizations that are 
requesting information, find out what they need, offer what we 
can provide and work out a really optimum format.
    Chairman Bennett. Well, I am sure Senator Dodd will pursue 
this. Let me just make the comment that we really do not have 
any time. That is the primary enemy here, and I understand that 
legal advice says do not do this. I go back to an experience in 
my own lifetime. I am unburdened with a legal education. 
[Laughter.]
    Sometimes, that is good; sometimes, that is bad. I know 
that there are times when I have been very, very blessed to 
have a good lawyer at my side when I have gotten into some 
difficulty. But there are times when a CEO has to overrule his 
lawyer. I have been involved in those kinds of situations. I 
remember a rather terrifying incident; I was a young man in his 
thirties sitting before the chairman of the board of a Fortune 
500 company where I was working and had the chairman of the 
board say to me are you telling me I must disregard the advice 
of the general counsel on a legal matter because of your 
understanding of the political implications of this? I was then 
working as the Washington representative of that company.
    I took a deep breath and said yes, I am telling you to 
disregard the legal advice of the general counsel of this 
corporation plus the Wall Street law firms that are advising 
you, because this is not a truly legal issue; this is a 
political issue, and that is my area of expertise, and I am 
telling you you have to go to Washington and testify, even 
though the lawyer is telling you do not do it.
    I am not sure I would have the courage to do that if I were 
a little bit older. Maybe it was my youth that cost me that 
foolishness. He looked at me, and he said I am going to have to 
think about that. I am happy to report that he came to 
Washington, he testified, he ignored the advice of the lawyer 
who would have gotten him in all kinds of trouble and gotten 
his industry in all kinds of trouble, because this was not a 
legal problem.
    And the point I want to make here through you to all of the 
lawyers out there who are saying do not disclose this 
information: we are faced with a crisis here. And you have 
heard the testimony up until now from others. The crisis is not 
going to go away unless we get information. We, speaking as a 
society now, not necessarily the Congress, although it is true 
of the Congress, we are flying blind into this crisis. We do 
not know how serious it is.
    And I get very, very impatient with people who hide behind 
a legal opinion and say, well, the lawyer says we may have 
liability at some point down the road, and we want to make sure 
that liability does not come to pass, and so, we are not going 
to cooperate until we are absolutely sure that all aspects of 
liability have been examined by all law firms that we have 
retained all the way down the line.
    We do not have time for that. And so, I am delighted to 
know that an additional letter has been faxed. I find it 
interesting that it is on the eve of this hearing, and if I 
may, Senator Dodd, I think we can take some credit for having 
stimulated that letter by virtue of the hearing and the fact 
that you would have a witness here today. But I would take 
advantage of your being here to send that message not only to 
your lawyers but to all of the other lawyers in all of the 
other parts of the Y2K issue who are telling people to not be 
forthcoming with information.
    That is simply not acceptable. We have a crisis. We are 
flying blind toward it, and the only way we can resolve it is 
to get the information. And with that, again, my apologies to 
the other two witnesses that I will have to leave, but you are 
in good hands with the Senator from Connecticut.
    Senator Dodd [presiding]. Mr. Glover

STATEMENT OF GIL R. GLOVER, DIRECTOR OF YEAR 2000 PROJECTS AND 
           PLANNING, BLUECROSS BLUESHIELD ASSOCIATION

    Mr. Glover. Thank you, Mr. Chairman.
    Mr. Liebler. Senator, may we make the second letter a part 
of the record----
    Chairman Bennett. Absolutely.
    Mr. Liebler [continuing]. Provide it with the paper?
    Mr. Glover. Thank you, Mr. Chairman, Senator Dodd. I am Gil 
Glover, director of projects and planning and Medicare 
operations at Blue Cross and Blue Shield of Texas. Thank you 
for the opportunity to testify on behalf of the Blue Cross and 
Blue Shield Association on the progress Medicare contractors 
are making for becoming Year 2000 compliant.
    As a health insurance company, both our Medicare business 
and our commercial business face the challenge of becoming Year 
2000 compliant. Each independent Blue Cross Blue Shield plan is 
actively working to make sure that its information system and 
business operation will function properly in the Year 2000 and 
beyond. In Medicare, let me assure you that Year 2000 
compliance is the top priority for Medicare contractors.
    Toward this objective, the Blue Cross Blue Shield 
Association worked with HCFA to develop a formal process to 
ensure regular communications with HCFA on major Y2K issues. In 
response to a Blue Cross Blue Shield recommendation, HCFA 
established a steering committee to clarify Year 2000 
compliance standards and monitor contractor progress. As a 
member of that steering committee, which is composed of 
contractors and senior HCFA personnel, I can assure you that 
the Blue Cross Blue Shield plans and commercial Medicare 
contractors are working collaboratively to assure that claims 
will be paid accurately and timely in the Year 2000.
    Eight work groups have been established out of the steering 
committee to focus on various Year 2000 activities, including 
progress measurement, critical path assessment, provider 
relations, contingency planning and resource allocation. As a 
member of the contingency planning work group, I can report 
that the work group has developed a planning protocol, as 
supported by a comprehensive planning template applicable to 
any risk a Medicare contractor might identify in its 
operations.
    Use of this template is being piloted by work group 
contractor members and is scheduled for release to all 
contractors in early August. The work groups' combined input 
into the development of this protocol has produced a tool that 
can add significant value to this process and can produce 
uniform planning documentation. Beyond the specific products of 
these work groups, operation of the steering committee has 
facilitated very constructive and useful dialog between 
contractors and top HCFA management about Year 2000 compliance.
    We believe that it is possible to complete basic Year 2000 
modifications, testing and implementation by the end of 1998. 
However, it is important that changes to the Medicare program 
be minimized during the last quarter of 1998 and first months 
of 1999. If complex programming changes are made and tested 
simultaneously with Year 2000 programming changes, resource 
conflicts will arise, and it will be difficult to isolate 
whether problems are originating with Year 2000 or with other 
programming changes.
    After Year 2000 testing is completed, and any other 
problems are resolved, any further changes in 1999 will require 
retesting and should be kept to an absolute minimum. HCFA is 
seeking legislation that would dramatically restructure the 
contracting process for Medicare contractors. This legislation 
could potentially hurt Medicare contractors' Y2K efforts. HCFA 
currently has the authority to terminate a contractor for non-
performance, including non-performance of Year 2000 
responsibilities and is exercising extensive oversight of 
Medicare contractors' Year 2000 compliance efforts through the 
use of its own review teams and an independent verification and 
validation contractor.
    Most Medicare contractors have already been reviewed for 
Year 2000 compliance, with at least two comprehensive on-site 
reviews. Many contractors are around three of these reviews. In 
addition, both the Office of the Inspector General and the 
General Accounting Office are conducting Year 2000 reviews at 
Medicare contractor sites. There is ample opportunity for 
identifying and correcting any deficiencies or problems in the 
Medicare contractor community through these review processes. 
Additional legislation to enforce Year 2000 compliance is 
unnecessary.
    I would also note that adequate funding is very critical to 
accomplish this monumental task. We strongly support HCFA's 
efforts to secure additional fiscal year 1999 funding for Year 
2000 activities.
    In summary, let me again emphasize that Medicare 
contractors are working diligently to become millennium 
compliant by December 31, 1998. We advocate a very careful 
approach to structuring the Medicare program change burden 
while Year 2000 remediation is in process. Medicare contractors 
will continue to work closely and effectively with HCFA to 
resolve issues that arise and to ensure compliance.
    Mr. Chairman, thank you for the opportunity to express 
these views.
    [The prepared statement of Mr. Glover can be found in the 
appendix.]
    Vice Chairman Dodd. Thank you very much.
    Mr. Ackerman, thank you.

  STATEMENT OF JOEL M. ACKERMAN, EXECUTIVE DIRECTOR, RX 2000 
                      SOLUTIONS INSTITUTE

    Mr. Ackerman. Senator Dodd, my name is Joel Ackerman. I am 
the executive director of the Rx 2000 Solutions Institute. I am 
a former computer programmer, so I am a--actually, I did 
double-digit programming many years ago, so I am very 
intimately familiar with the issues.
    Vice Chairman Dodd. You could get a very good job today.
    Mr. Ackerman. There are lots of openings, and I am getting 
lots of calls.
    But 2\1/2\ years ago, when we founded Rx 2000, we felt like 
a voice in the wilderness, and actually, 1\1/2\ years half ago, 
we still felt that way. So, we are glad to see that things are 
finally changing. Rx 2000 is an independent, nonprofit member 
supported organization that is open to all organizations in the 
health care community, and we have no conflicting ties to 
health care organizations, manufacturers, pharmaceutical 
companies or consulting groups. Our sole objective is to help 
ensure the survival of health care organizations into the next 
millennium and to minimize the impact on patient care. We felt 
when we founded this organization that health care needed an 
information clearinghouse, and that is exactly what we set out 
to do for the Year 2000.
    Some of the services we offer include a Web site at 
rx2000.org, which has gotten a lot of recognition as a leading 
Internet health care Year 2000 Web site as well as a list 
server with currently over 1,100 subscribers representing 20 
countries in addition to the United States, discussing health 
care Year 2000 issues.
    We are also currently developing a health care Year 2000 
database that includes information submitted by organizations 
primarily focusing on field test information, and one of the 
things I have heard in the presentations today is a lot of 
emphasis on information from suppliers. There has not been 
enough emphasis on actual field testing, because we are finding 
that information from vendors, while it is very important to 
try to get that, and it needs to be as accurate as possible, it 
is very unreliable, and we have field examples to support that.
    A couple key points. I will skip a lot of what I had 
planned on talking about, because it has already been covered 
today, but there are some key points I want to make. In health 
care, we do not have a big three or a big six driving the 
health care industry on Year 2000 issues. Other industries have 
that. In health care, we have a very diverse, fragmented 
industry with lack of coordination, lack of cooperation between 
the payers, providers and other manufacturers and other 
organizations.
    That is a significant issue for us. We do not have the 
coordination and cooperation that is necessary. There is also a 
very strong fear of acknowledging and sharing information about 
Year 2000. I have talked with payers who do not want to talk 
about the issues with their providers, because they are afraid 
of incurring additional liability. We have to get around those 
kinds of problems. Health care organizations, as it has been 
pointed out a couple of times, are very late to the Year 2000 
table, and that has resulted in a lack of awareness and 
significant denial on the issues.
    And it is important to recognize that most organizations 
have, at most, one budget cycle left before the Year 2000, and 
every organization that we have talked to about budgeting, 
estimating, they have significantly underestimated the cost and 
effort associated with the Year 2000. That is a key problem.
    There is also a lack of consensus in the health care 
community as to how to deal with these issues. We are talking 
with hospitals and other organizations that are planning on 
relying strictly on information from the vendors, the 
manufacturers. As we have heard, they are having trouble 
getting that, but also, it has not been pointed out strongly 
enough that a lot of that is unreliable and cannot be counted 
on, and therefore, they need to be doing testing in addition to 
that. I wanted to emphasis that strongly, that relying solely 
on vendor information is a mistake at this point based upon the 
field experience.
    We recently held a national meeting of a health care Year 
2000 special interest group, and we had organizations from all 
over the country participating, and we did a survey of those 
organizations at the end of the meeting, and these are the 
people in the trenches, actually working on the issues, and 
some of the statistics we got were very interesting. Virtually 
all of the participants agreed that the Year 2000 issues will 
have significant impact on payers, providers, health care 
suppliers, and vendors. Ninety-seven percent of the people 
responding agreed that health care Year 2000 issues have a 
significant potential to negatively impact the quality of care. 
Now, again, these are the people in the trenches.
    Ninety-four percent of them agreed that the Year 2000 
issues have significant potential to lead to unnecessary deaths 
in our health care system. Sixty-nine percent agreed that 
health care lags behind most other industries in dealing with 
these issues, and 62 percent of these organizations said that 
they have already experienced Year 2000 failures. So, it is not 
something that will hit in December or January of 1999 or 2000.
    We have heard about many of the areas of Year 2000 risks. 
There are a couple of key things that I want to point out. 
There has been emphasis on getting a statement from suppliers. 
That is good. But you have to be careful about a single point 
in time assessment. What we are finding is that everybody is 
learning still. Things are changing. Things we thought were OK 
6 months ago, we are finding out that they are not. So, it is 
important to have ongoing, continuous monitoring.
    There is a significant shortage of personnel, including 
biomedical engineers who can deal with issues. I brought with 
me today Mr. Dan Forrester of St. Joseph Health System who 
heads a group of 12 biomedical engineers in their hospitals in 
Texas and California. They are finding currently a 19 percent 
failure rate in medical devices, and he would be happy to 
answer questions if you wish.
    I am running short on time, but in my testimony, there are 
some recommendations in there that we obtained both from Rx 
2000 Institute as well as from the participants on our 
listserver. We asked them what would you like Congress to do 
about the Year 2000 issues in health care, and there are some 
very key things there, including a couple of things that have 
not been addressed, such as providing information to the 
patients, the people that are out there. We are starting to get 
a lot of questions. Doctors are getting a lot of questions. 
There is no place for the patients to go at this point for 
information or for health care professionals. There are no 
credible, independent and reliable, unbiased sources of 
information, and we need to establish that somehow.
    I will wrap up. I want to thank you for having me here 
today. I want to also emphasize that we are Y2K virgins. None 
of us have been through this before. We really do not know what 
to expect. So, all we can do is continue preparing and acting 
in good faith and not just solicit information from vendors but 
also do our testing.
    Thank you.
    [The prepared statement of Mr. Ackerman can be found in the 
appendix.]
    Vice Chairman Dodd. Thank you very much, Mr. Ackerman. That 
is some very good points you made, I think, and it is a nice 
ending here in a sense, having had the--and I appreciate your 
responding to things you have heard. Too often, people come 
with testimony, and regardless of anything else that has been 
said, that is what gotten written, and it is a single point in 
time testimony, instead of responding to observations that have 
been made.
    I should have made note, Ms. Jackson, at the very outset, 
of how certainly proud I am to have a resident of my State as a 
witness here representing the Hospital Association and, of 
course, from the Connecticut Hospital Association, and we thank 
you very, very much for coming down from Connecticut to be with 
us, and I thank all of our witnesses here.
    And I might want to get to your--that 19 percent number, I 
may want to come back and have the man you identified share 
some thoughts on that. I will try to keep this relatively 
brief, and we will keep the record open. Senator Bennett or 
other members of the committee may want to address some 
questions in writing, and I would urge you, if you could, if 
that is the case, to respond, and I will try and go through, 
and I may have some additional ones I will ask as well.
    And what I would like to do on this, I will ask questions, 
and we will try to keep this brief, but if someone feels a need 
to want to respond to a question that I have addressed to 
someone else, please feel free to do so. I want to get as many 
cases for--for those of us here, sometimes, the debate and 
discussion between people who are at that table can be very, 
very helpful to us, and you may ask questions that we do not 
think of that are very important and poignant. So, do not 
hesitate. If you have something to say, indicate it to me.
    Let me start with you, if I can, Ms. Jackson, and again, I 
thank you immensely for being with us here today. It is--
obviously, we are getting a great deal of information about the 
seriousness of this issue; again, the panelists here today have 
indicated that as well. Limited budgets of hospitals in rural 
and urban areas, and I have got a series of questions I could 
ask you about this, but I want to get at that, and I want to 
know from your assessment, the assessment of the American 
Hospital Association, there have been some that said that this 
could be a--particularly in these hospitals, it is going to 
make it very difficult for them to adequately staff Year 2000 
efforts, make it unlikely that they will have the extra 
resources necessary to replace equipment and programs where 
necessary. I am talking about these rural and inner-city 
hospitals. How accurate are those views?
    Ms. Jackson. Based on the information that we have, not 
just from our hospitals but, as I believe you know, there is a 
consortium of state hospital associations in the AHA that is 
working together on bringing hospitals together throughout the 
country to work on Year 2000 issues and particularly focus on 
developing a database on medical equipment and devices, and 
what we have heard in talking to the hospitals is that they are 
very frustrated, because it is difficult for them to yet 
quantify what the costs are.
    Their early indications are that this is very expensive. 
There is a lot of concern that they will need to replace very 
expensive equipment that they do not yet know about, because we 
do not have the information, and therefore, they have not been 
able to budget for it, even as you point out, if their budgets 
would allow for it.
    Vice Chairman Dodd. No.
    Ms. Jackson. So, there is a great deal of frustration on 
that issue, and we do not know the numbers yet.
    Vice Chairman Dodd. Well, that statement alone would 
indicate to me that it is pretty serious.
    Ms. Jackson. Yes.
    Vice Chairman Dodd. Because clearly, there is going to be 
replacement necessary or renovation.
    Ms. Jackson. We believe that there will be some replacement 
and a great number of fixes. Even the indication that we are 
getting from our database is that although there may not be 
widespread, drastic harm to patients, that that may be very 
limited, this is a huge problem because of the administrative 
burden on assessing all of the equipment, the physical plant--
--
    Vice Chairman Dodd. Yes.
    Ms. Jackson [continuing]. All of the issues that hospitals 
have to deal with.
    Vice Chairman Dodd. I hope--you know, as I see it, then, 
there may be certain services because of the lack of resources 
that less affluent hospitals have that they would end up having 
to either stop or curtailing those services for lack of the 
equipment: They do not have resources to buy it; late in 
applying for it; the waiting lists are long.
    Take dialysis: A big issue in urban hospitals, inner-city 
hospitals. We looked at, I told you, equipment that was bought 
2 years ago that is state of the art stuff. I am sort of 
surprised that something 2 years ago was not--the people were 
not thinking about whether or not they were going to make it 
2000-ready. It seems to me we ought to get some assessment as 
to what State, local, and Federal Governments might do to 
assist in those rural and urban settings for those hospitals. 
And I think it would be very helpful to this committee, through 
the American Hospital Association, to share some ideas with us 
as to what we might do.
    We are 526 days away from a decision of a major urban 
hospital, making a decision that they discover that a number of 
pieces of equipment which are critical are not compliant, could 
cause serious health risks and therefore are obviously going to 
shut them down. What do you do with those patients? Where do 
they go? Are there plans being made to see to it that other 
hospitals will accommodate those people, particularly in life-
threatening situations, where dialysis--a case that comes to 
mind immediately. I would be very interested in--people now 
talk about contingency plans. What are you thinking about in 
this area? And what are the best minds saying, the best advice 
you are getting as to how these hospitals that fall into that 
area might be able to respond to that?
    Ms. Jackson. We have been very intensively studying this 
issue and working with our hospitals, and we would be very 
pleased to submit additional information.
    Vice Chairman Dodd. I appreciate it. It would be very, very 
helpful.
    Let me jump to HIMA if I can, and again, we thank you very 
much for being here today, and you have asked that this July 23 
letter--what is today? Ah, timely piece of correspondence. You 
have asked that this be in the record, and I will put it in the 
record.
    Mr. Mojdeh. Thank you.
    Vice Chairman Dodd. But let me point out to you here, as I 
read down this here, in paragraph two, we continue to maintain 
that the important thing is for the right people to get the 
right information in time. Fine. We think that each company is 
the best judge of which method of communication best fits its 
operations. Third paragraph. In the next few months, I expect 
the device industry to work with the FDA and other interested 
groups to define more clearly the needs of all parties 
regarding Year 2000 compliance information.
    Let me just say, and I am speaking for myself, and other 
members may have a different reaction, but we are getting here 
not each company deciding what information it may think is 
important. We have got places like the Food and Drug 
Administration and HHS that rely on getting that information 
out. The company is not going to get that information out to 
everybody and sort out what needs to be done, and in the next 
few months, you know, this is not a problem that we can sort of 
delay.
    We all know the day we have got to be kind of ready around 
here, and the notion somehow in the next few months, we can get 
to this I do not think is a satisfactory response. I will put 
this letter in the record, and others may find it to be fine, 
but I do not. I think you have got to be--this is not a company 
by company decision. This is really not your call in a sense 
here in my view. It is going to be others'.
    Now, I do not know if anyone wants to comment on this. I 
have quoted the letter. Doctor?
    Dr. Palmisano. Senator Dodd, I have not read the letter, 
but the view of the American Medical Association, in working 
through the National Patient Safety Foundation and the National 
Patient Safety Partnership, is that we need to have a central 
clearinghouse so we can all go that site and look, because if 
we wait for the manufacturers to make that decision, as you 
point out, I will be very anxious for my patients that they 
have a piece of equipment that--if a piece of equipment is 
being used on my patients, I do not want to have to rely on 
someone saying, well, gee, we failed to get the information; we 
did not have the proper address or something like that.
    Right now, the FDA site is a voluntary reporting the way we 
understand it as we visit the site. Why could it not be a 
mandatory reporting to that site, so we could all go there and 
look at it and start making plans? We believe there should be a 
central clearinghouse. What we are doing, we are taking 
questions from physicians and patients and trying to answer 
those questions and disseminating the information. We think 
information needs to be spread so everyone is aware of the 
problem.
    But we just do not know what the true significance--I had 
the occasion to be on a plane recently on an AMA assignment, 
and the gentleman next to me saw me working on the computer, 
and we got to talking, and he said he came out of retirement to 
work on the Y2K problem. And his quote was, his exact quote, 
``this will be the biggest problem since the great plague.''
    Now, he is selling his services, and that may be a self-
serving statement, but that causes you to pause a moment and 
say, well, wait a minute; we better check this out. And we are 
very much concerned. We do not want monitors. I mean, he makes 
a statement to us. I do not know if this is correct. I am not 
an engineer. We are trying to get people to give us that 
information, that certain defibrillators, because they have the 
BIOS, it does internal checking, when it checks, when it goes 
to 2000, it goes to 00, it says this machine is broken. So, 
that portable defibrillator will not work. I do not know if 
that is true or not.
    Vice Chairman Dodd. Well, let me come back, and I said 
earlier we have heard now from the VA, the American Medical 
Association, the American Hospital Association--who else have 
we got; I do not know if you gentlemen feel likewise, but that 
this company, the user, says the system is just not working. I 
wonder if we might get some further reassurance of how HIMA is 
going to respond to this. Actually, in my view, you ought to be 
taking the lead in providing the clearinghouse. This would be a 
wonderful role for HIMA to play, in establishing a 
clearinghouse, so that a lot of these other organizations, 
including the Federal Government agencies, could be looking to 
an association as being cooperative, instead of trying to--when 
you only get 500 responses to 2,000 or 3,000 manufacturers with 
a letter sent in January, this is August with the clock 
ticking.
    I mean, do you think I am being outrageous when I raise 
that? I mean, am I acting irresponsibly when I say to you that, 
you know, 6 months later, after a letter, you are only getting 
500 responses out of 3,000?
    Mr. Mojdeh. Well, Senator, the bottom line here is the 
safety and confidence of the patients.
    Vice Chairman Dodd. Yes.
    Mr. Mojdeh. And the medical community that is responsible 
for their safety.
    Vice Chairman Dodd. They have to rely on the equipment, 
though. I mean, doctors do not--I mean, they maybe do not read 
that machine, what it says when it prints something out, but 
they are not responsible for how that thing works.
    Mr. Mojdeh. And that is why I emphasize confidence, and 
that confidence is very important. It is an issue that is 
related to the quality of life for the patients, the knowing of 
the fact that the devices that they rely on are reliable and 
safe and also, the health care community to know that their 
patients are safe, and there are many different ways of 
communicating that. The clearinghouse is one method, and there 
may be other methods that would complement the clearinghouse or 
instead of the clearinghouse.
    Ultimately, HIMA is after understanding what is the direct 
need of the customers and the health care providers and would 
act to provide that, and again, I assure you that you have our 
commitment to be working diligently on that issue. And if it 
turns out in these discussions that the need expressed by the 
customers is that, then, HIMA would consider that very, very 
seriously.
    Vice Chairman Dodd. Well, you have got 233 manufacturers 
that have not responded to multiple inquiries from the 
Veterans' hospitals of this country. I mean, you know, I said 
earlier I will wait a week on this thing, but I am going to get 
those names of the companies, and I am going to get on the 
floor of the U.S. Senate. I am going to issue a press release. 
I am going to do everything I can, if that is what it takes, to 
get them to even respond to the VA--our veterans? We have got 
veterans of this country lying in hospitals relying on this 
equipment, and American companies, I presume, most of them 
would not respond to the VA? That is outrageous, absolutely 
outrageous, putting lives at risk potentially.
    I mean, anybody, but, you know, I hope you take this very 
seriously what I am saying here today. You know, we can get to 
the mandatory stuff. I will bet you if I go over and offer an 
amendment on the floor of the Senate, we will make it mandatory 
within an hour. And if you want it to come to that, we can do 
that, but I hope it does not come to that. I hope you would 
respond to it.
    Mr. Mojdeh. Sir, you are pointing out very well the need 
for this communication that HIMA is after to understand those 
needs and try to provide the best vehicle to get those needs 
met. If it happens to be the clearinghouse or other----
    Vice Chairman Dodd. You are not responding to a letter. 
Come on. You know, I cannot answer you right now; I will get 
back to you next week. How about that?
    Mr. Mojdeh. We will be happy to do that.
    Vice Chairman Dodd. I mean, that is what I am saying, a 
letter. Just even responding or assessing it: we do not quite 
know yet; we will be in touch; here is a number where you can 
call us. This is not brain surgery we are talking about. This 
is simple communication, and if it is not happening, then, we 
are going to make it happen.
    Ms. Jackson. Senator Dodd, I will take you up on your offer 
of commenting on other people's questions. I believe that you 
have identified a large part of the solution. What we have 
found in developing our database is that it is our belief that 
many manufacturers are not responding because they do not yet 
know what the solutions are. There is a certain amount of 
concern, perhaps, from those of us who are burdened with a 
legal education, in responding when the answers are not clear. 
And your contention--that the Federal Government, the Congress, 
should create an atmosphere in which full and timely disclosure 
is mandatory--is part of the key here.
    We understand that for many manufacturers, from what we 
hear, testing and finding out what the problem is with the 
devices is very difficult and may not be completed. But this is 
your point exactly: If the policy of the Federal Government is: 
``Tell us what you know so far; you will not be penalized for 
not having the answers,'' that is what we think will help move 
this solution along.
    Vice Chairman Dodd. I am sure that does, and I appreciate 
that. Of course, I will point out that an awful lot of them 
have found it, that they can respond, and it may be that they 
have identified the problem, but earlier on, I think the point 
Mr. Ackerman raised earlier about this, I think I wrote in my 
note here, the single point in time issue, and I respect that. 
That is probably true. I mean, there are people who are finding 
out that their equipment that they thought was going to be OK 
and so forth, making that statement, then, they discover, as 
more information becomes available; I was told, for instance, 
on the embedded chip issue that the manufacturers, in many 
cases, are using embedded chips as like a bin, and they will be 
sitting there and plugging in the embedded chips, and the 
embedded chips could come from any number of different 
manufacturers, and they are not necessarily taking them all 
from the same source.
    So, two pieces of equipment that are sitting next to each 
other in two emergency rooms or two operating rooms could have 
very different manufacturers of the embedded chips in the exact 
same product, exact same--in fact, made on the same day by the 
same person who put them in and, yet, relied on different 
manufacturers. That is how serious this is. I realize that may 
be information that people did not know about until fairly 
recently. It does not excuse, in my view, the failure to 
communicate with the Veterans Administration and HHS and other 
organizations seeking to collect data and information on this. 
That is irresponsible, in my view.
    Mr. Ackerman. Senator Dodd, yes, if I may.
    Vice Chairman Dodd. Yes.
    Mr. Ackerman. You bring up a very good point. It is 
important that the vendors not only disclose their test results 
but also their test processes, so that they can be repeated in 
the individual institutions, because there are variations. We 
are finding differences in different serial numbers of the same 
unit. And so, it is very important that individual 
organizations do their own testing if they want to be 100 
percent sure, which does not minimize the need for disclosure 
of test results but also the test process information.
    Vice Chairman Dodd. All right; did you want to comment, 
Doctor Palmisano, on the rural-urban issue as well as 
physicians in these areas?
    Dr. Palmisano. We think it is a very important point. You 
have already emphasized that, and we are going to try to 
disseminate the information and make sure that every physician 
working knows about this, so that they can evaluate the needs 
of their patients, and also, we are working with the National 
Patient Safety Foundation, National Patient Safety Partnership, 
and the American Hospital Association recently contacted us to 
see what we could do, working together, to make sure that the 
rural areas also have this information.
    So, our goal is to disseminate the information, to 
cooperate, but we need the information. I mean, I can look at 
this little thing, and I know it is 2000-compliant, because 
when I came in here, just for curiosity, I went over to 2001 
and everything, and it still works. I know this is OK, because 
this is not date-stamped, and there is no problem here. But I 
do not know. I mean, I hear testimony that the defibrillator is 
going to work, and now, you have raised another issue, which is 
a very interesting issue, in that the same machine, side-by-
side, made on the same day, they grab in a bin, and certain 
things, the BIOS and so on, some may be, and some may not be. 
That is another whole dimension.
    And we cannot be expected to understand that. So, we need 
disclosure. We are not looking for blame. The whole attitude of 
the American Medical Association, through the National Patient 
Safety Foundation, is to get away from a culture of blame but 
to have candor, full disclosure. I mean, the liability system, 
which appears to be worrying everybody, I mean, that is another 
problem. We have got to address that another day. We know that 
is a serious problem, and it needs to be fixed. The present 
liability system does not work.
    But what we need to do right now is we have got to look at 
our patients. We want full disclosure so that we can help our 
patients.
    Vice Chairman Dodd. Let me ask Mr. Glover a question that 
is very important. We have a tendency to talk about equipment 
and machinery here, and in a sense, people may understand that 
more. When we get into the Medicare system, you can really 
glaze over the eyes of even a well-intended listener.
    Mr. Glover. Right.
    Vice Chairman Dodd. It is a complicated system and so 
forth. You point out that there are 4 million Medicare claims 
made daily. Currently, 98 percent inpatient and 85 percent of 
the outpatient claims are processed by electronic data 
interchange, EDI, as it is called. Now, if the Y2K issues are 
not resolved, what contingency plans does Blue Cross Blue 
Shield have in place or propose to process the staggering 
number of claims? What decisions are made? How do you handle 
it?
    Mr. Glover. We are still----
    Vice Chairman Dodd. You mentioned them, but I want to know 
what they are.
    Mr. Glover. We are developing those contingency plans now, 
and I would not say that we have a plan at this point to deal 
with a serious degradation to paper claims. It is recognized 
throughout the Medicare community--HCFA--that that would be a 
serious problem. We think that there is a real payoff to 
provider education, and at my own company and other Medicare 
contractors, we are engaging in that kind of education to make 
sure they understand what the requirements are.
    Most, I believe all, Medicare contractors, provide free 
software for actually generating a claim. We have renovated 
that and have already distributed that out to those who use it. 
There is a connection, however, to this whole issue of medical 
equipment at hospitals and in doctors' offices and so forth. It 
is a little bit, I guess, off the subject in a way, but we feel 
like the problem may not be that the provider, the hospital, 
the doctor, cannot actually generate the claim format, the 
record that he needs to, and send it to us electronically----
    Vice Chairman Dodd. Right.
    Mr. Glover [continuing]. As much as there is a possibility 
that systems behind that, their back office systems, their 
administrative systems, might not support the creation of the 
claim data. Actually, you know, the information might not be 
available.
    Vice Chairman Dodd. Yes.
    Mr. Glover. And so, that one is a little bit of a concern. 
It is along the same line, though, as the biomedical type 
issue. There are a lot of different system vendors, equipment 
and software vendors who have systems in doctors' offices, 
clinics, hospitals. So, it is a very broad area.
    Vice Chairman Dodd. OK; I would be very interested, again. 
We do not want to add to burdens. We have got enough people. I 
want you to get on the contingency plan. I am not worried about 
how well informed we in Congress are about the contingency 
plan. I am far more interested if you have got one than whether 
or not I know about it, specifically.
    But I would like to just generally have the committee sort 
of be kept abreast to the extent, you know, what are these 
contingency plans and how they are going to work, and also, I 
would like to know how you are going to test, integrated 
testing, because I think that is going to be--you have got Blue 
Cross Blue Shield processors, HCFA central working file and 
disbursement. And that is going to require integrated testing.
    Mr. Glover. Yes, sir.
    Vice Chairman Dodd. And I would be curious again. I do not 
know if you have any specific comment on that this morning, 
this afternoon. Do you have anything you can share with us, 
something on that?
    Mr. Glover. The testing picture, it is complicated.
    Vice Chairman Dodd. Yes.
    Mr. Glover. And they are very extensive, but each Medicare 
contractor has systems that they actually maintain in-house for 
themselves. They also have--they operate systems that are 
maintained by other HCFA system maintainer contractors, if you 
will: the major Part A processing system, the major Part B 
processing system and the common working file system. So, 
individual Medicare contractors have to renovate their own in-
house code----
    Vice Chairman Dodd. Right.
    Mr. Glover [continuing]. Wait for or schedule the 
introduction of these other renovated software pieces----
    Vice Chairman Dodd. Right.
    Mr. Glover [continuing]. Into their environments and do 
some testing up to certain points before those major pieces 
come online but are really reliant on that for what is called 
end-to-end testing, where you would go from the very front 
end----
    Vice Chairman Dodd. How soon are you going to be doing 
that? I mean, I gather that based on people I am talking to 
that you ought to be testing very quickly on this. Am I right 
on that?
    Mr. Glover. Well, we are testing at our location things 
that we are renovating ourselves.
    Vice Chairman Dodd. Yes, OK.
    Mr. Glover. However, the full end-to-end testing of the 
Part A processing system, the Part B processing system and CWF 
will occur mostly in the September through December timeframe 
of this year.
    Vice Chairman Dodd. Of this year.
    Mr. Glover. Of this year.
    Vice Chairman Dodd. Of this year.
    Mr. Glover. Yes, sir.
    Vice Chairman Dodd. We have got a vote going on, and I do 
not want to have you sit around while I go out for a vote and 
come back. So, let me--who is the gentleman, Mr. Ackerman, you 
said has been doing some testing on the devices themselves?
    Mr. Ackerman. Dan Forrester.
    Vice Chairman Dodd. Dan, why do you not step up here very 
quickly? That number kind of slipped out of me a little bit, 
the 19 percent number. Why do you not share that microphone? 
Tell me what you are finding here very quickly. What is your 
name, again, for the record?
    Mr. Forrester. I am Dan Forrester, representing St. Joseph 
Health System in Orange, CA.
    Vice Chairman Dodd. OK.
    Mr. Forrester. We have an enterprise responsible for 16 
facilities, and I am in charge of the biomedical equipment 
discipline of our Year 2000 project. We started testing in 
early spring. We are physically, hands-on, changing the dates 
of medical equipment that we can get to on our mission 
critical, and we have experienced a 19 percent failure rate of 
mission critical. The failures range from minimal, such as date 
printout issues like this to total failure, and to reinforce 
what Mr. Ackerman, my colleague here, had said, we have had 
letters of compliance from a manufacturer on some significant 
chemistry analyzers, had the letter in hand, performed the 
test, and the unit crashed.
    Star Wars, and it took about 3\1/2\ hours to revive the 
machine. As we speak today, there is a blood gas analyzer in 
northern California that has been rebooting for about 3\1/2\ 
months.
    Vice Chairman Dodd. Been what?
    Mr. Forrester. Been rebooting.
    Vice Chairman Dodd. What the hell is that? What the heck is 
that? [Laughter.]
    Mr. Forrester. Cannot find its BIOS, reinitializing its 
configuration. It cannot find its BIOS.
    Vice Chairman Dodd. Ah.
    Mr. Forrester. And that particular manufacturer, quite 
frankly, has no solution. So, the only letter from a vendor 
that our system will accept is a letter of noncompliance. All 
other letters, we put on the record for further litigation 
purposes, but we are physically testing each piece.
    Vice Chairman Dodd. That is encouraging.
    Nineteen percent; are you surprised by that number?
    Mr. Forrester. No, sir, because hospitals have not had the 
luxury of replacing equipment every 2 to 3 years. So, there is 
lots of old equipment out there.
    Vice Chairman Dodd. Is my concern about rural, urban, 
inner-city hospitals versus more ones that have greater 
resource capacity----
    Mr. Forrester. That is a genuine concern, Senator.
    Vice Chairman Dodd. Yes; are you showing much higher rates 
of failure depending on where equipment is coming from?
    Mr. Forrester. Yes, sir; typically, the smaller and rural 
hospitals do not have the luxury of buying new equipment, 
although just 2 days ago, I tested a product that was 2 months 
old, and it failed.
    Vice Chairman Dodd. Well, we may want to get--have you got 
some--I think you indicated, Mr. Ackerman, that you had a 
report that Mr. Forrester had done on this. Have you done an 
interim report on this?
    Mr. Ackerman. No, I do not have a report. The information 
that they are gathering, as well as the information other 
organizations are gathering, the field test data, is being put 
in our database, and it is being made available to the health 
care community.
    Vice Chairman Dodd. OK; that would be very helpful maybe 
for the staff on the committee, since we are wrapping up. Maybe 
we ought to sit down before you leave or take off. I would be 
very interested to have the staff talk to you a bit more and 
the kinds of questions that we ought to be asking or that HHS 
and FDA ought to be asking, so that maybe you can help us frame 
that so we can get more reliable information here.
    Mr. Ackerman. I think that would be very good, because we 
see a lot of the wrong questions being asked.
    Vice Chairman Dodd. I apologize to all of you, because you 
want to eat and have lunch, I suppose. I am fascinated by what 
you have to say. You have been tremendously helpful, 
tremendously helpful. And let me say to HIMA, too, I have 
worked very closely with HIMA on a lot of issues, and my 
concern here is I want us to get up and moving on this stuff. I 
see that clock ticking, and every day we waste and do not get 
on this thing, it is just--the problem does not get less; it 
gets worse. So, I hope you will follow up with us on some of 
these idea and requests.
    And with that, on behalf of Senator Bennett, it was very 
dangerous of him to give me a gavel. I am the only Democrat on 
Capitol Hill who has been called Mr. Chairman, probably, in the 
last 6 months, so I appreciate that.
    But I should quickly point out this committee has 
absolutely no legislative authority, so there is no risk 
whatsoever that I misuse it.
    The committee stands adjourned, and thank you all.
    [Whereupon, at 12:42 p.m., the committee adjourned.]
                            A P P E N D I X

                                ------                                


              ALPHABETICAL LISTING AND MATERIAL SUBMITTED

                                ------                                


                 Prepared Statement of Joel M. Ackerman

                              introduction
    Senator Bennett, Senator Dodd and members of the U.S. Senate 
Special Committee on the Year 2000 Technology Problem, it is my 
pleasure to be here today to offer this testimony on the Year 2000 
technology problem and its implications for the American health care 
community.
    I will begin by briefly telling you about myself and the Rx2000 
Solutions Institute. I will follow this with a description of some of 
the significant patient care and business risks to the U.S. health care 
community posed by potential Year 2000 failures. I will close with some 
recommendations for what assistance Congress might offer to help health 
care institutions prepare for and survive the Year 2000 changeover.
   presenter: joel m. ackerman, founder & executive director, rx2000 
                          solutions institute
    I have a confession to make. I am a former computer programmer who 
used two digits instead of four to denote the year. Granted this was 
more than twenty years ago, but even then I was aware of the anomaly 
posed by the year 2000. When I expressed this concern to my supervisor, 
he laughed and told me not to worry. ``There's no way,'' he said, 
``that we'll be using these programs twenty years from now.''
    You can imagine my dismay when I learned less than a year ago, that 
this government contractor was indeed still using the programs I had 
worked on which, by the way, were used to control avionics and defense 
engineering and manufacturing projects.
    Over the years my career has take me from programmer to systems 
executive working for:
  --Honeywell, Inc. as a programmer, systems analyst, project manager 
        and management scientist
  --GE Capital, Inc. as an Information Center manager and a manager of 
        systems development
  --EDI Solutions, Inc. (software vendor) as Director of Product 
        Development,
  --and most recently for United HealthCare Corporation as its Vice 
        President for International Information Systems and Director of 
        Advanced Technologies.
    I've chaired several advisory groups including:
  --The Workgroup for Electronic Data Interchange created by former 
        Secretary Sullivan of Health and Human Services: Trends & 
        Technologies, Health I.D. Cards and Monitoring
  --The ANSI ASC X12 development of health care eligibility and EDI 
        transactions

    Throughout my career I have expressed misgivings about using the 
two digit year. And while my colleagues have understood my concerns, it 
has only been within the past 3-4 years that replacing this programming 
practice with four digit years has been widely accepted as a critical 
issue for systems development.
    rx2000 solutions institute: health care's year 2000 information 
                             clearinghouse
    Long before most hospital and medical associations and other 
industry groups, the Rx2000 Solutions Institute was a determined voice 
in the health care community, raising the alarm about the Year 2000 
changeover and the possibilities of significant harm to patient care 
and institutional survival Organized in early 1996, the Rx2000 
Solutions Institute is an independent, non-profit, member-supported 
organization with no conflicting ties to health care organizations, 
manufacturers, pharmaceutical companies or consulting groups. The 
Institute's sole objective is to help ensure the survival of health 
care organizations into the next millennium with minimal impact on 
patient care.
    The Rx2000 Solutions Institute's initial funding came from its 
founders and early users of its services. The Institute has recently 
become a membership organization. Members and users of Institute 
services come from large and small health care organizations including:
        Aetna/U.S. Healthcare, Hartford, Connecticut
        Mayo Foundation, Rochester, Minnesota
        Allina Health System, Minneapolis, Minnesota
        Medical College of Georgia, Atlanta, Georgia
        St. Joseph Health Care System, Orange, California
        Phycor, Nashville, Tennessee
        Vanderbilt University, Nashville, Tennessee
        HIP of New York
        Texas Health Resources, Dallas, Texas
        George Washington Medical Center, Washington, DC
        University of Virginia Hospital System, Charlottesville, 
        Virginia
        Bellin Hospitals System, Green Bay, Wisconsin
        Several state hospital associations
        And more upon request.
    The Institute provides services in three areas:
  --Year 2000 education and awareness,
  --Year 2000 information sharing,
  --external organizations monitoring and reporting

    Rx2000's Web site at http://www.rx2000.org as the leading Internet 
source for health care Year 2000 information.
    The Rx2000 List Server & Discussion Forum has more than 1,100 
members discussing a broad range of health care Year 2000 issues 
online. This includes participants from at least twenty other 
countries.
    Rx2000's Year 2000 Solutions Vendor & Matching Service helps health 
care organizations efficiently locate appropriate sources of tools or 
assistance.
    Rx2000 is developing the definitive International Health care Year 
2000 Products Database of manufacturer and user product test results 
and compliance information for medical devices, software, and other 
products used in health care.
    Other services include a Health care Year 2000 Electronic 
Newsletter, health care Year 2000 Special Interest Group meetings, a 
speakers bureau, supplier, provider, and customer reporting/monitoring 
services.
experiences and observations about the year 2000 crisis in u.s. health 
                                  care
    We are convinced the American health care community is in deeply 
serious trouble due to anticipated problems of the Year 2000 
changeover. Rx2000 believes that patient care and indeed, patient lives 
are at stake.
    Why? The reasons are rooted in the very nature of our health care 
system.

    1. The health care community has a heavy dependence on computing 
technology including:

  --Date sensitive information systems and electronic medical records
  --medical devices and other equipment containing date-sensitive 
        embedded chips
  --information intensive outsourced services.
    2. The industry is almost totally dependent upon the electronic 
exchange of information with insurers and claims processors, physician 
practices, laboratories and affiliated institutions.
    3. The U.S. health care community is a fragmented, diverse industry 
with no ``Big 3'' or ``Big 6'' to drive activity. There has been little 
or no coordination of Year 2000 activities and significant duplication 
of Year 2000 efforts.
    4. There has been little or no Year 2000 cooperation between 
segments of health care including payers, providers and vendors.
    5. There is fear of acknowledging Year 2000 issues and offering 
information or assistance due to concerns over who will ultimately be 
liable for Year 2000 failures.
    6. The U.S. health care community, like many other focused 
industries, struggles with the concurrent problems of rapid industry 
change (consolidation, cost containment, etc.) and rapid technology 
change (medical and information technologies)
    7. Even more so than other industries, the health care community is 
late coming to the Year 2000 table. Because of this there has been a 
lack of awareness of the breadth and depth of year 2000 issues coupled 
with a denial and minimization of problems.
    8. Year 2000 problems can come from both internal and external 
sources and are likely to threaten the whole institution. If they are 
not fixed, Year 2000 failures could compromise patient care, interrupt 
core practice continuity and create substantial liability exposure.
    9. Small, rural health care providers lack the necessary project 
management, technical and financial resources for Year 2000 
preparation.
    10. Organizations have, at most, one budget cycle remaining before 
January 1, 2000. Every organization we have talked with has, in their 
initial projections, significantly underestimated the costs and level 
of effort needed.
    11. There is a significant shortage of qualified personnel, 
particularly biomedical engineers.
    12. There continues to be significant denial regarding the severity 
of the Year 2000 problem. Even at this late date, many health care 
professionals are hoping for the ``silver bullet'' or for Bill Gates to 
``fix'' the problem.
    13. There is a potentially catastrophic lack of consensus in health 
care regarding the best and most effective practices for resolving the 
problems associated with the Year 2000 changeover. Some health care 
institutions, for example, intend to rely almost entirely on vendor 
assurances of compliance, even though experience has proven these to be 
unreliable.
    14. There are often dramatic differences among health care 
institutions regarding testing protocols. Some systems are aggressively 
testing for operational compliance. Some are performing minimal tests 
solely for developing a trail of due diligence. Others are simply 
collecting compliance letters from manufacturers.

    But these reasons are almost too generic for our use today. What is 
more telling is some of the input we've received from participants in 
Rx2000 Solutions Institute activities. These include the Special 
Interest Group (SIG) meetings we host around the country.
survey results from the april rx2000 health care year 2000 users group 
                                meeting
    Participants representing 55 health care organizations with most 
actively working in health care Year 2000 issues (i.e., ``in the 
trenches'') responded to our survey with the following outcomes.
  --Agree that Year 2000 issues will have significant impact on: Payers 
        (100 percent), Hospitals (100 percent), Multi-Specialty Clinics 
        (100 percent), Small Provider Offices (97 percent), Health care 
        Suppliers/Vendors (100 percent)
  --97 percent agree that Year 2000 issues have significant potential 
        to negatively impact the quality of health care
  --94 percent agree that Year 2000 issues have significant potential 
        to create errors that lead to unnecessary deaths in health care
  --69 percent agree that health care lags behind most other industries 
        in addressing Year 2000 issues
  --62 percent have already experienced Year 2000 failures in their 
        organizations
observations on the evolution of health care's year 2000 activity since 
             the creation of the rx2000 solutions institute
    Two years ago there was:
  --Little or no significant activity (except among payers).
  --A primary focus on internal information systems.
  --A significant lack of awareness of:
      --supply chain issues
      --embedded systems issues
    One year ago, we observed:
  --Large, leading hospitals and hospital groups were initiating 
        projects.
  --A quickly-growing awareness (almost a panic) about medical device 
        and supply chain issues.
    As recently as six months ago:
  --Approximately 25 percent of hospitals we addressed had even an 
        awareness effort underway.
  --There was still no significant activity among small & rural health 
        care providers.
    And today:
  --There has been a significant increase in awareness of basic Year 
        2000 issues primarily due, we believe, to media coverage and 
        internal awareness of potential legal exposure.
  --Although most health care organizations have at most one budget 
        cycle left before 1/1/2000, almost every organization we've 
        spoken with has significantly underestimated the costs and 
        level of effort needed.
 confusion and misinformation are rife within the health care community
    Following are some of the areas about which participants in our 
Rx2000 List Serve have had questions or have expressed concern:
  --Internal information systems
      --Administrative
      --Clinical
  --Embedded systems
      --Medical devices (e.g. 18 percent failure rate observed by a 
        large health care system doing extensive testing)
      --Facilities
      --Business systems
      --Transportation (ambulances, helicopters, etc.)
  --Supplier & vendor issues
      --Suppliers of goods
          --Food service, linen service
          --Medical supplies, pharmaceuticals
          --Medical gases, blood banks
      --Services
          --Laboratories
          --Claims clearinghouses, EDI networks
          --Police, fire, 911
      --Utilities
          --Power
          --Water
          --Communications
      --Inadequacy of a ``single point in time'' supplier/vendor 
        assessment
  --Trading partner issues (customers, contracted providers, suppliers, 
        regulatory agencies, etc.)--potential for interruptions in 
        payment and information flows
  --Under-addressed risk areas:
      --Personnel
          --Shortages
          --Retention
          --Burnout (noticeable increase!)
      --Who is going to talk to the patients about health care Year 
        2000 issues?
                --There's a notable and growing concern among patients 
                who are asking hard questions about health care's Year 
                2000 readiness.
                --Year 2000 concerns may lead to patients avoiding 
                needed care.
                --Home health care issues are a particular issue, 
                especially among the senior and disabled population, 
                and include the potential for medical device failures, 
                interruption in the availability of pharmaceuticals, 
                transportation, communications, etc.
                          a disconnect exists
    It's obvious that there is a significant disconnect between public 
messages of readiness and the feelings and beliefs of those 
professionals who are working in the trenches. Following are just a few 
of the thousands of messages the Institute has received on its Year 
2000 List Serve.
Biomedical Devices
    A few of us have been deeply ``embedded'' in testing. I am a 
Director of Technology Management (Biomedical Engineering) tasked with 
identifying the risks within our system of ten acute care facilities 
and numerous clinics and home health entities. My team is, quite 
frankly, horrified at the risks within the laboratories. A few of the 
manufacturers have told us to not test their product with a date roll-
over, for fear that it will experience catastrophic failure.
    You know what? They are right. We have had significant hard crashes 
with chemistry analyzers, hematology analyzers and urine analyzers, 
coagulation profilers, and immuno-assay analyzers. A technology cousin 
most usually found in Respiratory Care Departments, the blood gas 
analyzer, is also quite risky. And, of course, in terms of risk 
assessment here in the United States, most of our surgical procedures 
rely on blood gas analyses once the patient is anesthetized. And the 
imaging devices that our physicians rely on to see inside the body are 
not in real good shape either. Many of the imaging manufacturers have 
outsourced their programming through the years while they developed the 
illustrious million-dollar hardware, so remedy is not imminent. So, at 
last we are able to substantiate those fears that have been identified 
as hype and chicken-little! My colleagues, I shall not be a frequent 
web-buddie, simply because time does not permit me to sit in my hotel 
room and chat. My advice is to get off our laurels, quit inquiring 
about who is doing what, forget the presentations, quit chasing the 
soothsayers and prophets of doom, and get to work!
    In biomedical equipment we found that we need to test all of them. 
Manufacturer's model and serial numbers may be alike, but the chips and 
boards inside test with different responses. Some work and some ail. 
Also the manufacturers know about this.
    Count us in! We have 20,000 devises, some date sensitive, some not. 
We have just begun to assess Y2K compliance for embedded devices * * * 
had one device already certified by the vendor as compliant which 
failed the leap year test!
Budgeting
    FYI * * * we just found out that FSB has stated new equipment can 
be capitalized but consultant fees and upgrades cannot. We did a rough 
estimate of computers, software and clinical devices to extrapolate the 
dollar costs. Hardest part was consultant costs. We just guessed on 
that one.
    At ``C'' we have not prepared a detailed budget for TOTAL cost. 
Without an inventory and without vendor status I don't think we can. We 
have prepared a budget for corporate staff, consultant costs, 
inventory.
    The important point here is that you need however much money you 
need! Do your best to budget based on what you know and the help you 
can get from people on this listserve. But do not let the budget 
committee think they have heard from you for the last time. The odds 
are HUGE that you will have to go back to them and this is a 
contingency for which they must be prepared. Y2K budgeting does not fit 
into the annual cycle model. Any attempt to make it do so at this state 
could be disastrous.
Drug Availability
    I've discussed this subject with my pharmacist and the answer is 
``YES'', that the drug supply problems could be a major impact of Y2K. 
Currently they are dealing with shortages of blood by-products under 
normal operations. Throw Y2K computer problems into the mix and certain 
products may nearly ``disappear'' from the market.
    I am a bit confused as to why there would be a shortage. I could 
see the possibility that the pharmacy may not be able to dispense with 
the meds due to a Y2K failure on the computer end, but they should have 
a contingency plan in place, due to the fact that the computer could 
fail now with a power failure or a system crash.
A response from another listserve participant
    The real issue is in moving back up the supply chain. The 
possibility exists that the manufacturer may not be able to make or 
ship the product. Then the middle man that distributes the product may 
not be able to inventory, pick, pack or ship the product. You may not 
be able to create or send the order to the middle man through EDI or 
the middle man may not be able to receive and process the transmission. 
The chain is where the problem may exist and not in the ability of the 
pharmacy to dispense the product.
                            recommendations
    We asked members of the Rx2000 listserve to suggest ways the 
federal government might help the healthcare community prepare for the 
Year 2000 changeover. The following summarizes the Institute's and its 
listserve participants' recommendations.
    The federal government and health care community should:

    1. aggressively maintain this critical sense of urgency. Given the 
short amount of time available, this urgency coupled with a sense of 
responsibility toward patients' well being and safety, will help give 
health care professionals and business managers the will to persevere 
in the face of negative publicity, aggressive head hunters and a loss 
of hope as the century change becomes more imminent.
    2. accept the fact that we will not be able to eliminate the risk, 
but we can continue to work to minimize it.
    3. aggressively build awareness through existing networks.
    4. place more emphasis on medium, small and rural health care 
providers.
    5. be prepared to respond to patient fears, especially as the Year 
2000 draws closer. What should patients do, where can they get 
information? Who will answer their specific concerns?
    6. increase national & international health care Year 2000 
information sharing.
          This means removing the fear of sharing product test 
        information. The Rx2000 Institute has experienced this as a 
        significant problem as it develops its Year 2000 International 
        Health Care Products Database. Several health care 
        organizations, for example, have been hesitant to share their 
        test information. This is due to:
                --fear of legal liability and litigation from vendors 
                and others.
                --concerns over customer loss of confidence
                --fear of interference and oversight from regulatory 
                agencies
                --concerns over staff retention
          Concerns about information sharing can only result in 
        significant duplication of efforts, increased costs and the 
        potential for failure due to lack of testing time etc.
    7. provide assistance in the form of low interest loans or other 
financial mechanisms to help smaller health care organizations do what 
needs to be done.
    8. support the rapid expansion of comprehensive Year 2000 services 
provided by private organizations such as the Rx2000 Solutions 
Institute and government agencies. Services should include:
  --education and training
  --information sharing
  --vendor, customer and provider monitoring and reporting services
    9. strongly support continuing efforts by HCFA to assist Medicare 
and Medicaid intermediaries in their year 2000 compliance efforts. We 
also encourage HCFA to develop a contingency plan for use with any 
unforeseen problems.
    Additionally, the Rx2000 Solutions Institute strongly urges 
Congress to authorize a interim payment for the Medicare program which 
can ensure the uninterrupted delivery of quality health care.
    10. very, very carefully consider requests for limitations on Year 
2000 liability. Some in the industry have compared limitations to 
liability or ``safe harbor'' legislation to a ``license to kill''. We 
believe that any limitation to liability should provide relief only to 
those organizations which have demonstrated responsible behavior as 
defined by stringent standards of due diligence. We need to keep 
serious pressure on all organizations in health care to act responsibly 
in preparing for the Year 2000.
    11. Support the creation of two national hot lines to provide 
informed, credible and responsible answers to Year 2000 questions and 
concerns from patients and health care professionals.
                               conclusion
    I want to thank Senator Bennett, Senator Dodd and members of this 
committee and its staff for inviting me to be here today. We are all 
Year 2000 virgins. No one has lived through the Year 2000 before and we 
can only make calculated guesses about the extent and severity of 
problems related to the millennium change. The Year 2000 is not 
``somebody else's responsibility. Working together we can reduce the 
risks of failure and increase hope for the professionals and patients 
in global health care community.
    The Rx2000 Solutions Institute is and shall remain unalterably 
committed to serving the health care community ``until the dust 
settles'' past January 1, 2000.
    We shall bring our database of product test results to broad 
American & international health care audience.
    We shall continue our aggressive monitoring of the Year 2000 
readiness of health care suppliers, customers and contracted providers.
    We shall continue operating our web site, list server, user group 
meetings as our contribution towards enhancing information sharing.
    Thank you.

              Rx2000 Solutions Institute Board of Advisors

Mr. Alan Abramson,
Vice President, Information Services, Allina Health System, 
Minneapolis, MN
Mr. James P. Bradley,
President, ABATON.COM (former CIO, United HealthCare Corporation), 
Bloomington, MN
Ms. Elizabeth Clifford, M.P.H., Ph.D. (cand),
Senior Consultant, Columbia University School of Public Health (former 
Publisher, Business & Health, former President and CEO, American 
Association of Preferred Provider Organizations), New York, NY
Mr. Patrick J. Davitt,
Director, Information Services, Information Architecture and 
Technology, Mayo Foundation, Rochester, MN
Scott W. Erickson, Ph.D.,
Vice President, Research, Strategy, and Policy, Pharmacia & Upjohn, 
Windsor, Berkshire, UK
Mr. Donald E. Gerhardt,
CEO, The Vermont Health Plan, Colchester, VT
Mr. Gary Holland,
President, I.D. Division, Fargo Electronics, Inc., Eden Prairie, MN
Mr. Sean Sullivan,
President and C.E.O., Institute for Health and Productivity Management 
(former CEO, National Business Coalition on Health), Dallas, TX

            Rx2000 Solutions Institute Legal Advisory Board

Paul H. Arne, Esq.,
Morris, Manning & Martin, Atlanta, GA
William F. Baron, Esq.,
Garvey, Schubert & Barer, Seattle, WA
Michael R. Cashman, Esq.,
Zelle & Larson, Minneapolis, MN
Bradley S. Davis, Esq.,
Blackwell Sanders Matheny Weary & Lombardi LLP, Kansas City, MO
Mark F. Foley, Esq.,
Foley & Lardner, Milwaukee, WI
Steven H. Goldberg, Esq.,
Cosgrove, Eisenberg & Kiley, P.C., Boston, MA
James Kalyvas, Esq.,
Foley, Lardner, Weissburg & Aronson, Los Angeles, CA
Keith Lind, Esq.,
McKenna & Cuneo, Washington DC
John B. Massopust, Esq.,
Zelle & Larson, Minneapolis, MN
Charles Merrill, Esq.,
McCarter & English, Newark, NJ
Dean A. Morehous, Jr., Esq.,
Thelen, Marrin, Johnson & Bridges, LLP, San Francisco, CA
Jacob Pankowski, Esq.,
McKenna & Cuneo, LLP, Washington, DC
Vito Peraino, Esq.,
Hancock Rothert & Bunshoft LLP, Los Angeles, CA
Joel Rothman, Esq.,
Stephens, Lynn, Klein & McNichols, West Palm Beach, FL
James D. Troxell, Esq.,
Squire, Sanders & Dempsey LLP, Cleveland, OH
Alex W. Zabrosky, Esq.,
Gardner, Carton & Douglas, Chicago, IL

 Partial List of Organizations Working with Rx2000 or Participating in 
        Rx2000 Healthcare Year 2000 Special Interest Group (SIG)

Aetna Year 2000 Projects
Allina Health System
American Continental Insurance Co.
AnswerThink Group
Anthem, Inc.
Aon Risk Services
Bellin Hospital
BES Medical Claim Service
Blue Cross & Blue Shield Association
Blue Cross Blue Shield of Illinois
Blue Cross Blue Shield of Minnesota
Carle Clinic Association
CDHS
Central Dupage Hospital
Cerner Corporation
Clark Information Services
Cleveland Clinic Foundation
CNA HealthPro
CNA Insurance
Columbia Wesley Medical Center
Columbia/HCA
Comdisco Healthcare Group
Crow Consulting Group. Inc.
CSC
Detroit Medical Center
Fairview Health System
Family Health Systems
Fedota, Childers & Rocca, P.C.
G.J. Sullivan Company
Gardner, Carton & Douglas
George Washington University Med. Ctr.
Giga Information Group
Gillette Children's Specialty Healthcare
Glencoe Area Health Center
Guident-CPI
Hancock Rothert & Bunshoft
Harvard Pilgrim Health Care
Healthpartners
HealthSytem Minnesota
Hexaware Technologies, Inc.
HIP Plans, Inc.
Holy Cross Health System
Humana, Inc.
IBM Global Services
IKON
Jacquard Systems Research
JCAHO
Kanabec Hospital
KARE Computing
KPMG Peat Marwick
Lake View Memorial Hospital
Litton Enterprise Solutions
Lutheran Health Systems
MacNeal Hospital
Manitoba Health
Martin, Clearwater & Bell
Mayo Foundation
McGladrey & Pullen
Medical Center at Princeton
Memorial Health System
Mercy Health Services
Mercy Hospital of Pittsburgh
Metropolitan Health Plan
Michael Reese Hospital
Miller Christerson McNaboe & Cortner
Ministry of Health, British Columbia
MN Hospital & Healthcare Partnership
Modern Healthcare Magazine
Monterey Bay Group
Naval Medical Logistics Command
NCH Healthcare System
Noridian Mutual Insurance Company
North Memorial HealthCare
NRC-GIG
Oakwood Healthcare System
OHA: Assoc. for Hospitals & Health System
PhvCor
Price Waterhouse
PROMINA Health System
Provena Health
Regence BCBS of Oregon/Regence HMO
RHEMA Association, Inc.
Rider, Bennett, Egan & Arundel, LLP
Rockford Health System
Rush North Shore Medical Center
Rush Presbyterian St. Luke's Med. Ctr.
Rx2000 Solutions Institute
SafeNet Consulting
Salina Regional Health Center (SRHC)
Scott & White Hospital
Sierra Health Services
SSM Health Care
St. Joseph Health System
St. Jude Medical Center
The Toronto Hospital
U.S.NRC
University Medical Center Arizona
University of Virginia Hospital System
Vanderbilt University Medical Center
Y2Kplus
Zelle & Larson
                               __________

            Prepared Statement of Chairman Robert F. Bennett

    Good morning, and welcome to the fourth hearing of the Special 
Committee on the Year 2000 Technology Problem. To date, we have held 
hearings on the energy utilities and financial services industries. 
Subsequent hearings will include telecommunications, transportation, 
general government services, and general business.
    Let me begin today's hearing by saying that health care is 
America's largest industry generating $1.5 trillion annually, more than 
one-seventh of our nation's economy. More importantly, the quality of 
life of virtually every American family is directly impacted if this 
industry is not ready in time for the next millennium.
    Unfortunately, I have troubling news today. Clearly, the health 
care industry is not yet ready for the Year 2000. If tonight when the 
clock struck midnight the calendar flipped to December 31, 1999, large 
portions of the health care system would fail. There are some 6,000 
American hospitals, 800,000 doctors, and 50,000 nursing homes, as well 
as hundreds of biomedical equipment manufacturers and suppliers of 
blood, pharmaceuticals, linens, bandages, etc., insurance payers, and 
others that are not yet prepared.
    Today, we want to present a balanced picture of where the health 
care industry stands in relation to meeting the Year 2000 awareness, 
assessment, validation and implementation deadlines. The Committee has 
been unable to find a central repository for this kind of information 
so I look forward to hearing the contributions of each of today's 
witnesses.
    Since World War II, the United States has undergone one cultural 
change after another, probably none as profound as the one occurring in 
the health care industry. The very name ``health care industry'' is in 
sharp contrast to the solo-practicing doctors which dominated medicine 
when my father was a member of the Senate. Before we get into 
discussing the potential effects of Y2K on health care, a quick view of 
the changing times in medicine.
    Not too many years ago when you made an appointment to see your 
doctor, he would greet you at his office, inquire about your family and 
ask the purpose of the visit. When you told him, he would probably take 
your blood pressure, test your lungs and heart with a stethoscope, ask 
a few more questions, look at your medical record folder, and prescribe 
treatment. No Y2K problem in that picture.
    Today, when you enter a doctor's office, outpatient clinic, 
hospital or HMO you first encounter medical electronics as you submit 
your insurance or Medicare card to the admission clerk. The data in 
your card is entered into a desktop computer that is linked to Medicare 
or insurance eligibility files maintained on a mainframe computer in 
some distant city. This same computer will bill the insurance company 
and you as a co-payer.
    Electronic complexity continues at every step, starting with 
computerized medical records. Virtually every diagnostic and therapy 
machine is powered by one or more microprocessors. If a patient 
requires hospitalization, his physician electronically schedules a 
time-specific hospital admission date as a preparatory step, as well as 
medical orders. The hospital computer will generate a letter telling 
the patient the medically necessary tests that will be needed. Every 
test uses one or more date sensitive microprocessors, which 
automatically feed your biological results into the hospital's computer 
based clinical data system.
    This same computer schedules the time, surgical suite location and 
staffing levels for your operation as well as a list of essential 
medical needs for the surgery. Throughout the operation the patient 
will be connected to life saving machines--monitors, ventilators, 
anesthesia control, and infusion pumps that are microprocessor 
operated. High technology follows the patient into the Intensive Care 
Unit to help ensure full recovery. Finally, the patient is wheeled into 
a ward and begins receiving food from a computer-generated dietetics 
menu. The only thing that has not changed since my father's day is the 
taste of that hospital food.
    In addition, electronic data interchange (EDI) is used for most of 
the business transactions of medical institutions. These include; 
patient billing and payment systems, which are interconnected, so that 
failure at one can reverberate throughout.
    Based on what you will be hearing from various witnesses today, 
there is trouble in River City and most of the rest of the nation 
because the health care industry is lagging behind other industries in 
making critical Y2K fixes. The Gartner group says that over 90 percent 
of the individual physician practices are not yet aware of their Y2K 
problems. Two of our witnesses, Mr. Nutkis and Dr. Palmisano, have 
equally alarming data.
    Finally, if the insurance and Medicare eligibility process cannot 
function, doctor's offices and hospital admission processes would 
default to paper. Their daily output is nearly 4 million Medicare 
claims and approximately 27 million pages of medical records. Health 
care paperwork could backup like traffic on an interstate highway after 
a bad accident. This could immediately affect a patient's access to 
quality health care. Concurrently, the nation's 1.6 million providers 
would have monumental cash flow problems without electronic payment 
from insurers and Medicare, which accounts for nearly 50 percent of 
health care payments--almost $1 billion per day.
    The problem is exacerbated by the lack of a national ``fix it'' 
program by the health care industry. I find it hard to understand why 
the manufacturers of biomedical devices, represented by the Health 
Industry Manufacturers Association, have not provided a central 
clearinghouse for the data that only they possess. The complexity of 
biomedical products causes me to take the unusual step of publicly 
requesting the industry to help solve the Y2K problem which they helped 
create, and we will hear from them today.
                                 ______
                                 

         Generic Listing of Potential Date Sensitive Equipment


Aerator, Ethylene Oxide
Anesthesia Unit
Anesthesia Unit Ventilator
Anesthesia Unit, Monitoring System
Angioscope
Apheresis Unit
Apnea Monitor
Arthroscopic Shaver System
Aspirator, Emergency
Audiometer
Automatic Implantable Defibrillator Function
Battery Conditioner/Charger
Bed, Electric
Biofeedback System
Blood Cell Processor
Blood Gas/pH Analyzer
Blood-Flow Detector, Ultrasonic
Breath Analyzer, Alcohol
Camera, Gamma
Camera, Identification
Camera, Microscope
Camera, Video
Carbon Dioxide Analyzer
Carbon Dioxide Monitor, Exhaled Gas
Cardiac Output Unit, Thermal Dilution
Cardiodynameter
Cataract Extraction Unit, Phacoemulsification
Catheter, Cardiac Ablation
Centrifuge
Chloridometer
Chromatography Equipment
Circulatory Assist Unit, Intra-Aortic Balloon
Circulatory Assist Unit, Ventricular
Clinical Chemistry Analyzer
Coagulation Analyzer
Compressor, Medical Air
Computer
Computer, ECG Interpretation
Computer, Nuclear Medicine
Computer, Pulmonary Function
Continuous Positive Airway Pressure Unit
Cystic Fibrosis Screening Device
Data Analysis System, Ultrasound, Cardiac
Date-Time Stamp
Defibrillator
Dialysate Delivery System, Single-Patent
Disinfecting Unit, Liquid, Flexible Endoscope
ECG Monitor
Electrocardiograph
Electroconvulsive Therapy Unit
Electroencephalograph
Electrolyte Analyzer
Electromyograph
Electrosurgical Unit
Emission Control System, Ethylene Oxide
Enzyme Immunoassay Analyzer
Ethylene Oxide Monitor
Evoked Potential Unit
External Pacemaker Analyzer
Film Digitizer
Flowmeter, Blood, Ultrasonic
Fluoroescence Immunoassay Analyzer
Gastrointestinal Motility Analyzer
Heart Rate Monitor
Hematology Analyzer
Hemodialysis Unit
Hemofiltration Unit
Hemoglobinometer
Hyperthermia Unit, Circulating-Air
Hypo/Hyperthermia Unit
Immunofluorescence Equipment
Incubator, Laboratory, Thermocycling
Information Storage Unit, Magnetic Disk
Infusion Controller
Infusion Pump
Injector Contrast Media Angiography
Irradiator, Blood
Irrigation/Distention System, Arthroscopic
Laser
Laser Imager
Lensometer
Light, Examination
Line Isolation Monitor
Linear Accelerator
Lithotripter
Magnetic Resonance Imaging (MRI) Unit
Microbiological System
Monitor, Fetal
Monitor, Physiological
Monitoring System Arrhythmia Computer
Monitoring System Central Station Recorder
Multiple Medical Gas Monitor, Respired/Ane
Nephelometer
Network Communication Gateway
Nurse Call System
Osmometer
Oximeter
Oximeter, Pulse
Oxygen Analyzer, Sampling
Oxygen Monitor
Oxygen Monitor, Transcutaneous
Pacemaker Analyzer
Pacemaker Programmer
Pacemaker, Cardiac
Peritoneal Dialysis Unit
pH Meter
Photometer
Physiologic Monitoring System, Neonatal
Physiologic Monitoring System, Stress Exerci
Physiologic Recording System
Platelet Aggregation Analyzer
Plethysmograph
Polygraph
Polysomnography Analyzer, Computerized
Positron Emission Tomography (PET) System
Pressure Infusor
Pressure Monitor, Airway
Pressure Monitor, Blood, General/Invasive
Printer, Video
Pulmonary Function Analyzer
Pump, Circulating-Fluid, Localized Heat
Pump, Enteral Feeding
Pump, Extracorporeal Perfusion
Radiographic Systems
Recorder, Chart
Recorder, Long-Term, ECG, Portable
Recorder, Video Tape
Regulator, Line-Voltage
Respiration Monitor
Scanner, Computed Tomography
Scanner, Long-Term Recording, ECG
Scanner, Ultrasonic
Spectrophotometer, UV/Visible
Speed Control/Selector, Treadmill
Sphygmomanometer, Electronic Automatic
Stereotactic Radiosurgical System, Linear Acc
Sterilizing Unit
Synchronizer, Gamma Camera
Telemetric Monitoring System
Television Monitor
Thermometer, Electronic
Tissue Embedding Equipment
Tissue Processor
Trainers, Auditory
Transmitter/Receiver System, Telephone. EC
Ultrasonic Cleaning System
Unit-Dose Dispenser, Tablet, Electronic
Urinometer
Urodynamic Measurement System
Uroflowmeters
Ventilation Monitor
Ventilator
Video Image Processor
Visual Function Analyzer
Vital Signs Monitor
Warmer, Blood/Solution
Washer, Flexible Endoscope
Washer/Decontaminator
Washer/Sterilizing Unit
X-ray Control Panel
X-ray Film Processor, Automatic, Sheet-Film
X-ray Image Recorders
Xenon System
                               __________

              Prepared Statement of Nancy-Ann Min DeParle

    Chairman Bennett, Vice Chairman Dodd, distinguished committee 
members, thank you for inviting me here today to discuss my highest 
priority. We must assure that the more than 70 million Medicare and 
Medicaid beneficiaries experience no interruption in services because 
of the Year 2000 computer problem. We also must assure that the 
approximately 1.6 million Medicare and Medicaid providers continue to 
receive prompt and efficient payment for their services.
                                progress
    I am committed to doing everything possible to address this issue, 
and we are making substantial progress in addressing the Year 2000 
problem. Since I became HCFA Administrator in November we have:
  --completed renovation of five of our six standard systems;
  --completed renovation of 24 of our 37 most critical internal 
        systems;
  --initiated testing of renovated systems;
  --conducted at least one site visit to every claims processing 
        contractor, and at least two site visits to every systems 
        maintainer for independent verification and validation;
  --provided clear instructions to contractors on everything they must 
        do to be Year 2000 compliant, and made sure they assessed their 
        status based on those instructions;
  --negotiated a contract that makes clear the responsibility Medicare 
        claims processing contractors have in ensuring that their 
        systems are Year 2000 compliant;
  --developed more realistic cost estimates for Year 2000 work after 
        contractors reassessed their workload based on the instructions 
        we provided;
  --conducted outreach to states, providers, and other health care 
        entities; and
  --gathered data from states on Medicaid system Year 2000 status.
                                 scope
    The Year 2000 especially affects Medicare because of our extensive 
reliance on multiple computer systems. More than 183 systems are used 
in administering the Medicare and Medicaid programs, and 98 of these 
are considered ``mission critical'' for establishing beneficiary 
eligibility and making payments to providers, plans, and states. 
Medicare is the most automated health care payer in the country. We 
process nearly one billion claims each year, or about 17 million 
transactions each week. Fully 98 percent of inpatient hospital and 
other Medicare Part A claims are processed electronically, as are 85 
percent of physician and other Medicare Part B claims.
    The renovation process is complicated because each system used by 
Medicare and by its 60-plus claims processing contractors, as well as 
interfaces with State Medicaid programs, banking institutions and some 
1.6 million providers all must be thoroughly reviewed and renovated by 
those responsible for each particular system. They must be tested, both 
alone and for the complicated interfaces among them. To fix Medicare 
systems alone, nearly 50 million lines of internal and external systems 
code must go through the renovation process. We must renovate all 
Medicare-specific software, and work with new versions of vendor-
supplied software, including operating systems that drive the hardware 
we use. Some hardware must be upgraded, and our telecommunications 
equipment and software must be compliant. We must assure that all data 
exchanges with thousands of partners are compliant. I have attached a 
chart to my testimony which depicts the systems that must interface to 
process Medicare claims.
    Testing of Year 2000 changes presents a far greater burden than 
testing of routine system changes because we must test multiple times 
on a range of different dates. For example, we must test February 29, 
2000 and March 1, 2000 because 2000 is a leap year. Normally we would 
never consider so much change and testing at one time, but we have ho 
choice.
    If we do not fix all information systems that might have Year 2000 
problems, enrollment systems might not function, beneficiaries could be 
denied services because providers may not be able to confirm 
eligibility, and providers could have cash flow problems because of 
delayed payments.
    Processing paper claims by hand is one contingency if we fail. 
Given the nearly one billion Medicare claims we process each year, it 
is a possibility that strongly motivates us to succeed. Paying 
providers prospectively, based on previous payments to them, is another 
option, which would be a considerable endeavor itself. Clearly our best 
option is to successfully complete all of our Year 2000 renovations.
    That is why we are requiring contractors to be in full compliance 
with Year 2000 requirements, with all code renovated and fully future 
date tested, by December 31, 1998. Renovations to mission critical 
internal systems also must be complete by December 31, 1998. We expect 
to complete end-to-end testing of how claims are processed through our 
entire network of renovated systems in the Spring, and then have the 
rest of 1999 to fix any remaining glitches and take any additional 
corrective action that might be necessary.
    Year 2000 compliance for the Medicare program is considered a 
mission critical activity and as such, is being closely scrutinized and 
monitored by many sources, including the Office of Management and 
Budget, General Accounting Office, Office of the Inspector General and 
the Department of Health and Human Services Chief Information Officer, 
the Assistant Secretary of Management and Budget.
                               commitment
    I have committed significant staff and other resources to this 
priority. Actions taken include:
  --setting up special teams of employees whose sole responsibility is 
        making Year 2000 fixes;
  --hiring retired federal programmers to assist with Year 2000 
        efforts;
  --hiring Intermetrics, a special Independent Validation and 
        Verification contractor, to make sure Year 2000 fixes are done 
        right;
  --hiring Seta Corp. to independently test systems after we and our 
        contractors conclude renovation and testing to make sure they 
        work properly;
  --negotiating contract amendments with the more than 60 Medicare 
        fiscal intermediaries and carriers to ensure that they use 
        information technology that is Year 2000 compliant;
  --closely tracking contractor progress to ensure that work is on 
        schedule;
  --creating a special contingency planning unit to make sure 
        disruptions do not result from any unexpected problems;
  --working with the Congress to redirect $62 million within the Agency 
        and Department to this effort for fiscal year 1998; and,
  --working with Congress to obtain an additional $62 million for 
        fiscal year 1999.
    Intermetrics is now very actively providing comprehensive oversight 
of contractors, with more site visits for those with high volumes of 
claims or evidence that they are behind schedule. Intermetrics is 
monitoring contractors' Year 2000 resources, quality assurance, test 
plans, use of commercial software, and progress in non-Medicare systems 
in order to fully assess their Year 2000 status. Because of their 
efforts and our own increased attention to this problem, we now have a 
much more accurate assessment of what must be done and how it should be 
accomplished.
                        necessary postponements
    This more accurate assessment makes clear that, because of the Year 
2000 imperative, related work must take precedence over other projects 
that require systems changes. Many other private and public 
organizations, including most major insurance companies, have reached 
the same conclusion and are halting other projects involving 
information technology changes to clear the decks for the Year 2000. 
Intermetrics advises that we must clear the decks of projects that 
could interfere with Year 2000 work. Intermetrics specifically advised 
us to ``seek necessary relief from Congressional mandates, system 
transitions and version releases to allow near-term, focused attention 
to achieving Y2K compliant systems.'' This includes projects that are 
complex, or which would occur during a critical window between October 
1999 and March 2000. Otherwise, they warned, ``many of your most 
critical system renovations have risk of significant schedule 
slippage.''
    Most of the more than 300 provisions affecting HCFA in the Balanced 
Budget Act of 1997 do not have to be delayed. That is because they are 
already complete, or can be completed before major systems must be 
frozen for the critical Year 2000 transition period.
    Projects affected by the Year 2000 include both Balanced Budget Act 
provisions and other Agency priorities. For example, in April, we made 
the difficult decision to postpone final transitions to uniform systems 
for Part A and Part B contractors. Over the past two years we have 
whittled the number of different computer systems used by our 
contractors down to six from nine. Uniform systems will go a long way 
in helping us to streamline Agency operations and provide better access 
to program data. But the delay is essential if our contractors are to 
renovate and test systems before our December 31, 1998 deadline. 
Postponing this activity allowed us to redirect both valuable 
programmer time and $20 million in fiscal year 1998 appropriated funds 
to Year 2000 work.
    At present, Balanced Budget Act provisions whose implementation we 
believe must be postponed include:
  --prospective payment systems for outpatient hospital care and home 
        health services;
  --consolidated billing for physician and other Medicare Part B 
        services in nursing homes; and,
  --a new fee schedule for ambulance services.

    These activities must be postponed because they involve complex 
systems changes and interactions with other systems that would 
interfere with critical Year 2000 work. Our claims processing 
contractors concur with the decision to postpone these activities; a 
July 7, 1998 letter expressing their support is attached to my 
testimony.
    We may also need to delay some activities that are not complicated 
but which involve changes that could create an unstable environment 
during a critical window of Year 2000 activity, such as provider 
payment updates. We will work with Congress and providers to evaluate 
our options and ensure that any necessary delays in provider updates do 
not create a hardship.
    If Year 2000 system renovations are completed ahead of schedule, we 
will make every effort to put these provisions back on their original 
schedule. But at this time it appears that postponing some projects is 
necessary to focus resources and freeze systems so essential Year 2000 
work can be done, and thereby avoid complicating factors in the 
critical months right before and after the new year.
                          contractor amendment
    As mentioned above, we have developed with our claims processing 
contractors an amendment to their contracts articulating the 
requirement that they be Year 2000 compliant by December 31, 1998. It 
includes a clear definition of Year 2000 compliance, a clear statement 
that contractors will not be held accountable for factors beyond their 
control, and expressly states that Year 2000 activities are functions 
under the contract for which the Indemnification and Limitation of 
Liability provisions will apply. It also acknowledges our 
responsibility to provide adequate funding. All contractors with whom 
we have spoken about this indicate that they will sign the amendment.
                                 budget
    HCFA began funding millennium efforts to renovate both its internal 
and external systems in fiscal year 1996. The Agency spent $7.6 million 
in fiscal year 1996 and $14.5 million in fiscal year 1997 on millennium 
related activities.
    The continually evolving definition of what is required to meet 
millennium requirements has a significant impact on the budget process. 
This year, we recognized that the fiscal year 1998 funding of $45 
million we had allocated was not enough to support millennium efforts 
at our claims processing contractors. We reallocated $62.1 million in 
additional funds from within the Agency and the Department to fund 
these essential activities. We have already spent approximately $53.4 
million of the $107.1 million we have budgeted for millennium 
activities in fiscal year 1998.
    The constantly evolving definition of millennium compliance also 
impacts our fiscal year 1999 budget estimate. The President's budget 
requests $37.5 million to support millennium activities. We are working 
with Congress to acquire an additional $61.5 million, which would 
provide a total of $99 million to continue millennium code renovation 
and other millennium related activities. It is also likely that we will 
need additional funding in fiscal year 1999 and fiscal year 2000 to be 
prepared for the possibility that not all our remediation efforts will 
be completely successful. As we continually reassess our millennium 
compliance funding needs, we will work with Congress to ensure that 
funding will be available to support this critical project.
                               conclusion
    We are making solid, steady progress in preparing for the Year 
2000. We have taken steps to obtain and direct necessary resources. We 
have made difficult decisions to delay other priorities in order to 
clear the decks for necessary Year 2000 work. We are closely monitoring 
our own efforts and those of our contractors to ensure that we are on 
track. And we are making necessary contingency plans to prepare for any 
unexpected problems. We appreciate this committee's support, and I am 
happy to answer any questions you might have.
                                 ______
                                 
                                                      July 7, 1998.
Nancy-Ann Min DeParle, Administrator,
Health Care Financing Administration, 7500 Security Boulevard 
        Baltimore, MD.
    Dear Ms. DeParle: We are writing in our capacities as the 
contractor members of the Joint HCFA/Contractor Y2K Steering Committee 
to comment upon the ``HCFA Year 2000 Fact Sheet'' which describes the 
priorities HCFA has established to balance the resource requirements 
demanded by:

  --Y2K modifications to the numerous inter related systems;
  --Testing the systems against one another to assure Y2K readiness; 
        and
  --Managing the numerous program, HIPAA change requirements and 
        initiatives which will be implemented while these Y2K 
        modifications and testing are occurring.
    As you know, we have been working with senior HCFA management to 
help develop the HCFA/Contractor collaboration which will assure that 
fee for service Medicare claims will be processed timely and accurately 
on January 1, 2000.
    A substantial portion of our advisory work with HCFA has been 
devoted to examining the critical processes in assuring Y2K readiness. 
We concluded, and recommended to HCFA, that as many non Y2K system 
changes as possible should be removed from contractor workloads so that 
technical resources could be devoted to assuring Y2K readiness. Non Y2K 
systems development work should be added back only after HCFA is 
satisfied that the contractors' and HCFA's systems are certified Y2K 
ready. We also recommended that no material system changes be 
introduced between October 1, 1999 and February 1, 2000.
    The priorities described in the HCFA Year 2000 Fact Sheet are 
consistent with advice from our technical experts that resources must 
be focused on the Y2K effort. We believe that prioritization 
established by HCFA is an aggressive but feasible workload that is 
consistent with the availability of systems technicians and Medicare 
``subject matter experts.'' However, there is little doubt that even 
these priorities will require HCFA and its Medicare contractors to 
manage resources to very high levels of productivity. Also, additional 
funding for contractors will be necessary to assure that sufficient 
resources can be acquired, and we appreciate the progress HCFA has made 
in acquiring that funding.
    We appreciate the difficult decisions involved in HCFA's 
prioritization effort and look forward to a collaborative and intensive 
working relationship to assure that claims are paid accurately and 
timely in the Year 2000.
            Sincerely,
                                   Bruce A. Davidson,
                                           Blue Cross & Blue Shield of 
                                               Florida.

                                   Barbara Gagel,
                                           Administar Federal, Inc.

                                   George Garcia,
                                           Transamerica Occidental Life 
                                               Insurance Company.

                                   Harvey Friedman,
                                           Blue Cross & Blue Shield 
                                               Association.

                                   Gil R. Glover,
                                           Blue Cross & Blue Shield of 
                                               Texas.

                                   Edward Burrell,
                                           CIGNA.
                                           [GRAPHIC] [TIFF OMITTED] T3JL98G.001
                                           
                      Processing a Medicare Claim

                         a systems perspective
    (1) Providers or their billing agents submit claims.
    (2) ``Front End'' Systems at each local contractor collect, format, 
and edit claims data.
    (3) Standard Systems--two for Part A, three for Part B, and one 
that is a combined Part B/Durable Medical Equipment system--validate 
claims data, put claims through medical review screens, make sure 
claims are not duplicates, validate services, check for fraud and 
abuse, assign payment rates, and compute any patient financial 
liability.
    (4) HCFA-furnished Software is integrated into the claims process 
at each operating site to address provider codes, service groupings, 
payment rates and fee schedules, and reimbursement statistics.
    (5) The Common Working File (CWF) maintains information about 
Medicare beneficiary entitlement, eligibility, deductibles, payment 
limits for specific services, whether they have other insurance that 
has to pay before Medicare does, hospice enrollment, end-stage renal 
disease status, and managed care enrollment status.
    (6) HCFA Internal Systems collect information from the CWF and the 
contractors' systems when the processes are completed. (7) HCFA 
Enrollment Systems interface with Social Security for new enrollees, 
changes in beneficiary data, and billing of beneficiaries and states, 
and they track managed care enrollments.
    (8) ``Back End'' Systems at each local contractor issue payments, 
explain benefits to beneficiaries, settle provider cost reports, 
coordinate with other insurers, maintain history files, and perform 
interim rate reviews and payment adjustments.
                                 ______
                                 

      Responses of Nancy-Ann Min DeParle to Questions Submitted by

                            Chairman Bennett

    Question. Lines of Code
    What do the different numbers on lines of code to be renovated--30 
million, 42 million, 50 million--mean? Is the Y2K problem growing 40 
percent weekly?
    Answer. HCFA has approximately 49 million lines of code that must 
be reviewed to see if they need renovation. The estimated number has 
increased as we and our independent verification and validation 
contractor have conducted more thorough assessments of the situation.
    Question. IV&V Reports
    Submit for the record reports by our IV&V contractor that display 
the status of the Y2K Medicare renovation, including the 64 fiscal 
intermediaries, carriers, and Central Working File?
    Answer. A hard copy of the most recent monthly status report is 
attached.\1\ All IV&V reports on fiscal intermediaries, carriers and 
standard system maintainers are shared with the General Accounting 
Office (GAO) as they are received. If the committee wishes to have 
earlier reports, HCFA will be happy to provide them.
---------------------------------------------------------------------------
    \1\ The copy of the status report has been retained in committee 
files.
---------------------------------------------------------------------------
    Question. Year 2000 Workload Implications
    What are the Medicare Y2K remediation and testing workload 
implications, including meeting deadlines, staffing, and budget?
    Answer. Our Year 2000 effort will likely be the single most 
extensive and expensive information systems effort since the inception 
of the Medicare program. It has required us to postpone many other 
information system initiatives because we must keep systems changes to 
an absolute minimum so Year 2000 work can be done on time. We have 
taken the unprecedented step of rehiring several federal retirees, 
without reducing their retirement pay, to ensure that we have 
sufficient staff to complete Year 2000 work on time. We have 
transferred funds and staff from the Medicare standard systems 
transition project in order to add resources to the Year 2000 effort. 
We reallocated a total of $62.1 million in additional funds from within 
the Agency and the Department so we have a total of $107.1 million to 
fund these essential activities this fiscal year. The continually 
evolving definition of what is required to meet millennium requirements 
has a significant impact on the budget process. The President's fiscal 
year 1999 budget requests $37.5 million to support millennium 
activities. Since the hearing in July, we have estimated an additional 
$204.1 million will be needed in fiscal year 1999 to support our Y2K 
efforts. It is also likely that we will need additional funding in 
fiscal year 2000 to be prepared for the possibility that not all our 
remediation efforts will be completely successful. As we continually 
reassess our millennium compliance funding needs, we will work with 
Congress to ensure that funding will be available to support this 
critical project.
    Question. Common Working File Software
    What are the problems for HCFA to monitor the status of Y2K 
renovation if there are multiple versions of CWF software throughout 
the payment system? Does HCFA have any plans to standardize on a single 
controlled version of CWF prior to the Year 2000 in order to assure 
reliability of Y2K performance?
    Answer. There is only one version of the Common Working File system 
in use. It does not present any special problem for monitoring 
renovation. The most recent version, installed in July, has been 
renovated for Y2K and will be installed in test mode at the four CWF 
test Host sites for shared systems and contractors to self-certify Y2K 
compliance. This version includes the most complex of the Balanced 
Budget Act changes. It will be installed in test mode at our four CWF 
test sites. All claims processing centers will use it to verify that 
shared systems and local processing systems are Year 2000 compliant.
    Question. IV&V Monitoring
    How does the IV&V contractor effectively monitor the status of Y2K 
renovation at all the disparate sites (CWF, shared systems, 64 
contractors) when the Medicare payment systems appear to lack 
standardization or uniformity?
    Answer. Intermetrics performed a Criticality Analysis and Risk 
Assessment (CARA) of all standard systems maintainers and claims 
processing contractors. The CARA results were used to determine the 
level of IV&V attention for each site. Sites with the highest scores 
require the most or ``comprehensive'' IV&V attention, sites with scores 
in the middle range receive ``focused'' IV&V scrutiny and sites with 
the lowest scores receive ``limited'' IV&V scrutiny.
    Regardless of the level of IV&V attention, each site is assessed 
using a standardized site visit protocol and agenda. The agenda is 
designed to obtain answers to the questions from the Intermetrics risk 
assessment database. The risk assessment answers from each site visit 
are reviewed by the same panel of Intermetrics staff in order to obtain 
risk assessment scores. Risk scores are updated following each site 
visit.
    Question. Credibility of Compliance Reports
    On a scale of 1 to 10, rate the level of credibility on reports of 
Y2K compliance meeting the time deadline?
    Answer. Review by our independent validation and verification 
contractor indicates that the reports of progress in systems renovation 
are credible. Testing to confirm Year 2000 compliance is just getting 
under way. Problems in meeting deadlines are possible. However, they 
would result from the complexity of the problem and would not be a 
reflection on the credibility of current reporting.
    Question. Renovation Completion
    By what date does your IV&V contractor estimate that all systems 
will be renovated?
    Answer. The Y2K status reports as of August 25, 1998 show that 
renovation of all internal mission-critical systems will be completed 
by September 30, 1998. Renovation is already completed for 20 of these 
25 systems. All external mission-critical systems will be renovated by 
December 31, 1998. Renovation is already completed for 30 of these 78 
systems. However, our IV&V contractor cautions that some test plans are 
incomplete and that other test plans concentrate a great deal of work 
in a short time frame, thereby increasing the risk that some systems 
may not be certified by December 31, 1998.
    Question. Testing Renovated Systems
    How will HCFA test the renovated Medicare payment systems, 
considering the diversity of 64 sites and 6 shared systems and the CWF?
    Answer. We are requiring claims processing contractors, including 
maintainers of shared systems and the Common Working File, to self-
certify each of their systems. They must use a compliance definition 
and testing guidelines approved by our IV&V contractor. All systems 
will be subject to repeated testing by both us and our independent 
testing contractor, the SETA Corporation. We also are establishing an 
independent telecommunications network that mirrors key components of 
the normal Medicare network to allow us to test all pieces of our 
operation in a future date environment.
    Question. Integrated Testing with Providers
    How will HCFA contractors conduct integrated testing with 
providers, the 6 shared systems and CWF to ensure that all Y2K changes 
are correct and that the payment system works?
    Answer. From September through December of this year, each 
contractor will identify applicable test data cases and test those 
cases to validate that information will flow properly on renovated 
systems from the providers' initial submission of a claim through their 
entire payment system.
    Question. Contingency Plans
    What are your contingency plans for eligibility determination and 
medical payments in the event that one or more of the 64 contractors 
cannot function Jan. 1, 2000?
    Answer. Eligibility is determined by HCFA and the Social Security 
Administration and is not dependent upon Medicare contractors. However, 
possible contingencies for claims processing include making estimated 
payments based on historical payments to individual providers, or 
routing claims to another contractor that is able to process payments. 
On August 13, 1998, HCFA sent a draft program memorandum to all 
Medicare intermediaries and carriers detailing the requirements for 
contingency planning. This draft was shared with Committee staff. 
HCFA's Chief Information Officer, Gary Christoph, and other HCFA staff 
briefed the Committee's staff on contingency planning efforts on August 
24, 1998. We will continue to keep the staff apprised of our efforts 
and have committed to meet with them again in 6 to 8 weeks.
    Question. Preventing Fraud and Abuse
    Has the HHS Inspector General conducted any analysis on HCFA's 
ability to prevent flagrant Medicare fraud and abuse during the period 
of Y2K vulnerability?
    Answer. We are not aware of any Y2K Medicare fraud and abuse 
initiatives planned by the HHS Inspector General. Our greatest 
vulnerability would occur if we have to issue payments to providers 
outside of normal payment systems. HCFA's Director of Program 
Integrity, Penny Thompson, is developing a strategy to address 
potential vulnerabilities. Contingency plans for issuing provider 
payments will assure that providers are accurately identified and 
payment information properly recorded before payments are issued thus 
minimizing the potential for fraud and abuse.
                                 ______
                                 

      Responses of Nancy-Ann Min DeParle to Questions Submitted by

                            Senator Collins

    Question. Lines of Code
    How many lines of code does HCFA have to renovate?
    Answer. HCFA has approximately 49 million lines of code that must 
be reviewed to see if they need renovation. The estimated number has 
increased as we and our independent verification and validation 
contractor have conducted more thorough assessments of the situation.
    Question. Progress to Date
    How far along is your agency in this process?
    We have:
  --completed renovation of five of our six standard contractor claims 
        processing systems;
  --completed renovation of 20 of our 25 most critical internal 
        systems;
  --initiated testing of renovated systems;
  --conducted at least one site visit to every claims processing 
        contractor, and at least two site visits to every systems 
        maintainer for Independent Verification and Validation (IV&V);
  --provided clear instructions to contractors on everything they must 
        do to be Year 2000 compliant, and made sure they assessed their 
        status based on those instructions;
  --negotiated a contract that makes clear the responsibility Medicare 
        claims processing contractors have in ensuring that their 
        systems are Year 2000 compliant;
  --developed more realistic cost estimates for Year 2000 work after 
        contractors reassessed their workload based on the instructions 
        we provided;
  --conducted outreach to States, providers, and other health care 
        entities; and
  --gathered data from States on Medicaid system Year 2000 status.
    Question. Expected Completion Date
    How long do you estimate it will take your agency to complete the 
Y2K remediation and testing process?
    Answer. We are requiring contractors to be in full compliance with 
Year 2000 requirements, with all code renovated and fully future date 
tested, by December 31, 1998. Renovations to mission critical internal 
systems also must be complete by December 31, 1998. We expect to 
complete end-to-end testing of how claims are processed through our 
entire network of renovated systems in the Spring, and then have the 
rest of 1999 to fix any remaining glitches and take any additional 
corrective action that might be necessary.
    Question. Home Health Agencies
    In your estimate, what percent of home health agencies will not be 
able to stay in business if the prospective payment system is not 
implemented on October 1, 1999?
    Answer. We are working with Congress to address concerns raised by 
providers about the interim payment system and ensure that they can 
continue providing appropriate care.
    Question. Provider Payment
    Will HCFA's efforts to solve its Y2K problems jeopardize or delay 
physician, home health agency, or hospital payments? If so, how will 
that affect patient care?
    Answer. Our Year 2000 renovation, testing and certification process 
will not affect provider payments. Provider payments would be 
jeopardized only if we do not succeed in renovating claims processing 
systems. However, Year 2000 work is delaying changes in how providers 
are paid that were enacted in the Balanced Budget Act. These include 
prospective payment systems for outpatient hospital care and home 
health services, consolidated billing for physician and other Medicare 
Part B services in nursing homes, and a new fee schedule for ambulance 
services. These activities are being postponed because they involve 
complex systems changes and interactions with other systems at the very 
time such activity would interfere with critical Year 2000 work. Year 
2000 work may also require use to delay updates to provider payments 
during a critical window of Year 2000 work from October 1999 through 
April 2000.
    Question. Cost Estimate
    What is your cost estimate for Y2K? Do you believe the agency has 
sufficient funding to resolve the problem?
    Answer. We spent $7.6 million in fiscal year 1996 and $14.5 million 
in fiscal year 1997 on millennium related activities. The continually 
evolving definition of what is required to meet millennium requirements 
has a significant impact on the budget process. This year, we 
recognized that the fiscal year 1998 funding of $45 million we had 
allocated was not enough to support millennium efforts at our claims 
processing contractors. We reallocated $62.1 million in additional 
funds from within the Agency and the Department to fund these essential 
activities. We have already spent approximately $53.4 million of the 
$107.1 million we have budgeted for millennium activities in fiscal 
year 1998. The President's fiscal year 1999 budget requests $37.5 
million to support millennium activities. Since the hearing in July, we 
have estimated an additional $204.1 million will be needed in fiscal 
year 1999 to support our Y2K efforts. This increased request results 
from better information about the size of the Year 2000 task, 
especially the testing effort, and also because the cost of resources 
continues to rise. It is also likely that we will need additional 
funding in fiscal year 2000 to be prepared for the possibility that not 
all our remediation efforts will be completely successful. As we 
continually reassess our millennium compliance funding needs, we will 
work with Congress to ensure that funding will be available to support 
this critical project.
                               __________

        Prepared Statement of Vice Chairman Christopher J. Dodd

    Thank you Mr. Chairman. I believe that this is a very important 
hearing and I appreciate that you've scheduled it early in the special 
committee's oversight of the readiness of the Nation to meet the Year 
2000 challenge.
    There's no sense in beating around the bush: The question that 
everyone wants answered is:
    ``Are people going to die as a result of Year 2000 complications in 
the medical industry?''
    To be honest, I don't think so.
    But its entirely possible that millennium conversion could put the 
health care industry into intensive care.
    The health care industry faces significant Year 2000 challenges, 
which could result in significant disruptions in medical service across 
the Nation.
    As I said at our hearing on the utility industry, we're no longer 
talking about whether there will be any disruptions, but we are talking 
about how severe those disruptions will be.
    While I am very hesitant to say that these disruptions will be 
life-threatening, there is a reasonable chance that they will 
compromise the quality and extent of patient care in all parts the 
country.
    My concerns are based upon three factors that I hope will be 
addressed in some detail today:
    First, there is a serious Year 2000 problem for all sorts of 
medical devices, from diagnostic tools to dialysis machines.
    I am deeply disturbed by the fact that instead of taking steps to 
deal with this problem, the medical device industry, as a whole, seems 
to be exacerbating the problem by refusing to provide information 
either to the FDA, which regulates device safety, or even to the 
hospitals and clinics which use the devices every day.
    This attitude is stunningly short-sighted and can only cause harm 
to both the makers and users of these devices.
    My second area of concern is that the Medicare system--which 
process nearly a billion claims a year and pays health providers nearly 
a billion dollars a day--won't be ready.
    If there are disruptions in the Medicare system--and I should also 
include the state-run Medicaid programs in this area--many health care 
providers, some of whom depend on Medicare payments for as much as 40 
percent of their operating budget, will not be able to operate.
    Lastly, I am deeply concerned that rural hospitals, municipal 
hospitals, or other institutions that are strapped for resources, will 
not be able to undertake renovations or replacements necessary to fix 
the year 2000 problem, even if they have the time and funds to make a 
comprehensive assessment in the first place.
    Senator Bennett and I toured a large, well-equipped and well-funded 
hospital in the DC suburbs on Tuesday morning.
    While I was very impressed by the steps the hospital was taking to 
deal with the Year 2000 problem, like replacing or renovating 35 
percent of their medical devices, I couldn't help but wonder how 
hospitals that are already stretched to the limits are dealing with 
this problem.
    For example, the hospital that we were touring is planning to 
replace its kidney-dialysis machines, bought just 2 years ago at a cost 
of $14,000 per machine, because those machines are not y2k compliant.
    But can an inner city hospital afford to do that? Can a hospital 
serving rural communities in South Dakota afford to do that? Or will 
those hospitals be forced to stop providing those services dependent on 
high-technology machines until their budget allows them to purchase 
compliant equipment?
    The possible answers to those questions are chilling.
    These are just a few of the critical areas that I expect to begin 
addressing here today; and while I don't expect comprehensive answers 
yet, I hope that will get a blueprint of where the committee needs to 
go from here on this significant issue.
    Again, Chairman Bennett, I thank you for devoting the time and 
resources to bring this hearing about in such an expeditious manner.
                               __________

               Prepared Statement of Michael A. Friedman

                              introduction
    Good morning, my name is Michael A. Friedman, M.D., Acting 
Commissioner, Food and Drug Administration (FDA). I am pleased to be 
here today to provide information on the Year 2000 date issue as it 
relates to medical devices. This is an important issue and FDA has 
taken a number of steps to ensure that medical devices are Year 2000 
compliant and I will describe those steps to you today.
                       what is a medical device?
    According to the definition in the Federal Food, Drug, and Cosmetic 
(FD&C) Act, a ``device'' is:

        an instrument, apparatus, implement, machine, contrivance, 
        implant, in vitro reagent, or other similar or related article, 
        including any component, part or accessory, which is intended 
        for use in the diagnosis of disease or other conditions, or in 
        the cure, mitigation, treatment, or prevention of disease, in 
        man or other animals, or intended to affect the structure or 
        any function of the body and which does not achieve its primary 
        intended purposes through chemical action and which is not 
        dependent upon being metabolized for the achievement of its 
        primary intended purposes.

    As this definition suggests, many different types of products are 
properly regulated as medical devices. Medical devices include over 
100,000 products in more than 1,700 categories. The products regulated 
by FDA as medical devices range from simple everyday articles, such as 
thermometers, tongue depressors, and heating pads, to the more complex 
devices, such as pacemakers, intrauterine devices, fetal stents, and 
kidney dialysis machines.
    FDA is responsible for promoting and protecting public health by 
helping to ensure that medical devices are safe and effective. FDA 
carries out its mission by evaluating new products before they are 
marketed; assuring quality control in manufacture through inspection 
and compliance activities; and monitoring adverse events in already 
marketed products, taking action, when necessary, to prevent injury or 
death. A device manufacturer must comply with all the requirements of 
the FD&C Act, including: establishment registration and device listing, 
premarket review, use of good manufacturing practices (GMPs), reporting 
adverse events, and others.
    As diverse as medical devices are, so are the range and complexity 
of problems which can arise from their use. These problems include 
mechanical failure, faulty design, poor manufacturing quality, adverse 
effects of materials implanted in the body, improper maintenance/
specifications, user error, compromised sterility/shelf life, and 
electromagnetic interference among devices.
                           computer software
    Any computer software which meets the legal definition of a medical 
device is subject to applicable FDA regulations. Medical devices which 
use computers or software can take several forms including: embedded 
microchips which are part of, or components of, devices; non-embedded 
software used with, or to control, devices or record data from devices; 
or individual software programs which use or process patient data to 
reach a diagnosis, aid in therapy, or track donors and products.
Embedded software
    Computer software frequently is embedded as a ``component'' of 
devices, i.e., software contained on a microchip to control device 
operation. Examples of such common, important devices are: pacemakers, 
infusion pumps and ventilators. The majority of these products would 
not be impacted by the Year 2000 problem since almost none of them 
require knowledge of the current date to operate safely and 
effectively. For example, pacemakers do not use the current date in 
their operation.
Non-embedded software
    Non-embedded software is intended to be operated on a separate 
computer, often a personal computer or work station. Such software 
devices may be used to enhance the operation of another device or 
devices and, further, may use the two-digit year format. It is possible 
that non-embedded software devices may rely on the current date for 
proper operation and might be affected by the Year 2000 date change.
    An example of non-embedded software is a computer program used to 
plan radiation therapy treatments delivered using radioactive isotopes 
as the radiation source (teletherapy or brachytherapy). These 
treatments possibly could be affected if the computer program that 
calculates the radiation dose parameters uses only a two-digit year 
representation. The calculation of the length of time since the source 
was last calibrated could be in error and thus lead to an incorrect 
treatment prescription.
    Other examples of non-embedded software devices include: conversion 
of pacemaker telemetry data; conversion, transmission, or storage of 
medical images; off-line analysis of ECG data; digital analysis and 
graphical presentation of ECG data; calculation of rate response for a 
cardiac pacemaker; perfusion calculations for cardiopulmonary bypass; 
and calculation of bone fracture risk from bone densitometry data. 
Since there is a chance that the two-digit format may affect the 
performance of these software devices, we believe that the Year 2000 
risk needs to be mitigated through proactively working with 
manufacturers.
                   potential impact of the year 2000
    An issue which has been identified as warranting review is the 
impact of the Year 2000 on some medical device computer systems and 
software applications. These products could be impacted by the Year 
2000 date problem if they use a date in their algorithm or 
calculations, in record keeping or in the computer's operating system 
and system clocks; and a two-digit year format was used in their 
design. Manufacturers of such products are the only reliable source of 
information as to the details of the methods used in the programming 
and whether these two conditions are met.
Letter to medical device manufacturers
    In light of the review of the impact of the Year 2000 on some 
medical device computer systems and software applications, FDA sent a 
letter dated June 25, 1997, to 13,407 medical device manufacturers 
(8,322 domestic and 5,085 foreign) to ensure that manufacturers address 
this issue and review both embedded and non-embedded software products. 
We reminded manufacturers that, in addition to potentially affecting 
the functioning of some devices, the two-digit year format also could 
affect computer-controlled design, production, or quality control 
processes. We requested that the manufacturers review the software used 
to determine if there is any risk.
    FDA recommended specific actions to ensure the continued safety and 
effectiveness of these devices. For currently manufactured medical 
devices, manufacturers should conduct hazard and safety analyses to 
determine whether device performance could be affected by the Year 2000 
date change. If these analyses show that device safety or effectiveness 
could be affected, then appropriate steps should be taken to correct 
current production and to assist customers who have purchased such 
devices. For computer-controlled design, production, and quality 
control processes, manufacturers should assure that two-digit date 
formats or computations do not cause problems beginning January 1, 
2000.
    In our letter to industry, we reminded manufacturers that under the 
GMP regulation and the current Quality System Regulation (which 
incorporates a set of checks and balances in manufacturers' design 
processes to assure a safe, effective finished product), they must 
investigate and correct problems with medical devices. This includes 
devices which fail to operate according to their specifications because 
of inaccurate date recording and/or calculations.
    We expect manufacturers who identify products which have a date-
related problem which can pose a significant risk to the patient to 
take the necessary action to remedy the problem. This might include 
notification of device purchasers so that their device can be 
appropriately modified before the Year 2000.
    Manufacturers who discover a significant risk presented by a date 
problem are required to notify FDA and take appropriate action. Again, 
we do not anticipate any significant problems with individual medical 
devices provided appropriate corrections are made, however, we want to 
ensure the continued safety and effectiveness of these devices.
    For future medical device premarket submissions, manufacturers of 
devices whose safe operation could be affected by the Year 2000 date 
change will be required to demonstrate that the products can perform 
date recording and computations properly, i.e., Year 2000 compliant.
      data collection and establishment of the world wide web site
    In a letter dated January 21, 1998, Department of Health and Human 
Services (DHHS) Deputy Secretary Kevin Thurm, asked approximately 
16,000 biomedical equipment manufacturers to voluntarily provide 
information on the Year 2000 compliance status of their products. 
Included in the mailing were all registered manufacturers irrespective 
of the specific kind of device produced, even though only about 2,700 
manufacturers are believed to produce computerized products which might 
be sensitive to Year 2000 problems. Approximately 3,000 of the 
manufacturers included in the mailing are not regulated by FDA; for 
example, scientific instrument manufacturers. The letter gave 
instructions on ways to submit the data and explained that to be Year 
2000 compliant products must function as intended regardless of the 
date. Manufacturers also were given the opportunity to certify that 
their products are not affected, if that is the case, or certify that 
none of their products use computers or date information.
    The product database was established and is being maintained by FDA 
on its World Wide Web site at the request of the Interagency Biomedical 
Equipment Working Group. This Working Group was organized under the 
Chief Information Officer's Councils' Subcommittee on the Year 2000. 
The web site is intended to give the general public, government 
agencies, and the healthcare and research communities one comprehensive 
source of information about this issue. The web site is found at: 
http://www.fda.gov/cdrh/yr2000/year2000.html. Manufacturers also may 
establish a World Wide Web link to their own web site where the 
requested information is provided to the public, if they so choose.
    So far, the overall response from manufacturers has been 
incomplete. As indicated above, FDA believe that approximately 2,700 
manufacturers may produce equipment that may be impacted by the Year 
2000 problem. We believe approximately 500 of that 2,700 have 
responded. To date, approximately 10 percent of the total 16,000 
manufacturers (many of which do not produce medical devices which could 
be affected by a Year 2000 problem) contacted through the January 21 
letter have provided the information requested. We know, however, that 
there are companies still in the process of assessing their devices, 
and we requested that complete information be submitted. While 
manufacturers may report that specific products have not been assessed, 
we expect that some companies prefer to complete assessment before 
reporting.
    FDA's Center for Devices and Radiological Health's (CDRH) Division 
of Small Manufacturers Assistance recently provided an article entitled 
``Biomedical Equipment Manufacturers Urged to Share Year 2000 
Information'' to 12 Medical Device Trade Press contacts and to 65 
United States and 35 foreign medical device trade associations in order 
to facilitate the dissemination of information to their members 
regarding the web site database and to encourage the posting of data by 
manufacturers.
    In addition, the web site and database are mentioned in the FDA 
Column of the June 3, 1998, Journal of the American Medical Association 
and in an article in FDA's Medical Bulletin that was sent to 
approximately 700,000 healthcare practitioners this summer.
    In addition to the informational efforts, FDA issued a targeted, 
follow up letter to about 2,732 specific manufacturers of computerized 
devices urging that they respond to the January 21 request to submit 
product data. This letter was sent out on June 29, 1998, and is another 
request for voluntary submission of data. FDA will continue to work 
with manufacturers to obtain product data.
                 what is the data telling us thus far?
    As of July 16, FDA has received 1,790 responses from manufacturers. 
Of these, data from 1,782 manufacturers had been entered into the 
database served on the FDA web site. These numbers change daily as data 
is entered, corrected or even removed at the request of manufacturers. 
Of the manufacturers, 1,649 have reported that their products do not 
use date-related data or are compliant. Of the 1,649, 392 manufacturers 
have reported that all of their products are compliant. Eighty-eight 
manufacturers have reported one or more products with date-related 
problems. Fifty-three manufacturers have provided World Wide Web links 
(URLs) to data provided on their own manufacturer-operated Web Sites. 
There are submissions for which the data submitted were incomplete or 
unclear in some manner. We are communicating with these manufacturers 
to obtain clarification before entering the data into the database.
    With regard to the data submitted, the great majority of the 
problems described are of minor importance, typically involving 
incorrect display or printing of a date. There are a few reported 
instances where the device will not function or operate at all unless 
the date problem is corrected. There are also a number of reports which 
indicate that the device will function correctly, provided the personal 
computer (PC) with which it is used is compliant. For many of these 
PCs, the correction required to correct the date is a rather 
straightforward operation. In general, manufacturers are indicating 
that currently or recently produced products will be corrected at no 
cost. For devices produced some years ago, the response is quite 
varied, i.e., free upgrades, upgrades at a cost, or no upgrade or 
solution being offered.
    In reviewing the data received from the manufacturers so far, we 
see no indications that there will be significant problems which will 
place patients at risk, assuming the solutions being developed and 
offered by manufacturers are implemented. Of course, we can not make 
assurances about manufacturers who have not reported product status to 
us. We believe that the data received to date confirm our original 
expectations that the Year 2000 problems with medical devices are not 
significant or widespread problems, although there will be specific 
problems which need correction. With only a 10 percent response rate, 
however, it is not possible to draw definitive conclusions at this 
point. We will continue to emphasize to manufacturers the importance of 
reporting and have taken additional steps to boost the response rate. 
Healthcare facilities need information from all manufacturers to 
properly prepare and plan for any actions they need to take to assure 
their devices needing corrections or updates receive these well before 
the Year 2000.
                           other initiatives
    In January 1998, FDA's Center for Biologics Evaluation and Research 
(CBER) posted a guidance for industry entitled ``Year 2000 Date Change 
for Computer Systems and Software Applications Used in the Manufacture 
of Blood Products'' on the FDA web site. The guidance provided specific 
recommendations to assist industry in its evaluation of computer and 
software systems used in the manufacture of blood products and to 
assist in evaluating the impact of potential Year 2000 problems. In the 
Spring of 1998, CDRH developed a Guidance Document on the Agency's 
expectations of medical device manufacturers, concerning the Year 2000 
date problem. The guidance already has been made public and is 
available on the FDA web site. The guidance also was published in the 
Federal Register on June 24, for greater dissemination. The guidance 
re-emphasizes the requirements in existing regulations that require 
manufacturers to address any date problems which may present a 
significant risk to public health.
    FDA staff organized, with the staff of the Emergency Care Research 
Institute, a half-day session on the Year 2000 date problem at the June 
2, 1998 annual meeting of the Association for the Advancement of 
Medical Instrumentation. This meeting was attended by hospital clinical 
engineers, representing the device purchasers and users, medical device 
researchers and developers, and device manufacturers. The session 
permitted an exchange of information on all aspects of the Year 2000 
problem as it relates to medical devices and the actions healthcare 
facilities should be taking to address this issue.
    A video teleconference on the Year 2000 issue for device 
manufacturers is planned for September 1998.
                               conclusion
    Thank you, for the opportunity to update you about the issue of the 
Year 2000 and medical devices. Let me assure you, we at FDA take this 
issue very seriously as we do all problems which could affect the 
public health. We are committed to a scientifically sound regulatory 
environment which will provide Americans with the best medical care. In 
the public interest, FDA's commitment to industry must be coupled with 
a reciprocal commitment: that medical device firms will meet high 
standards in the design, manufacture, and evaluation of their products. 
We recognize that this can only be attained through a collaborative 
effort--between FDA and industry--grounded in mutual respect and 
responsibility. The protections afforded the American consumer, and the 
benefits provided the medical device industry, cannot be 
underestimated.
    FDA's role is to assure that medical devices are safe and effective 
and manufactured in accordance with their specifications. The Agency, 
of course, will provide any assistance it can to address any specific 
problem any other agency, such as the Department of Veterans Affairs, 
identifies. FDA also is working with other agencies, patient groups, 
medical associations and industry to optimize data collection and 
information sharing. FDA also will continue urging manufacturers to 
ensure the continued safety and effectiveness of their medical devices 
by ensuring that their devices can perform date recording and 
computations that will be unaffected by the Year 2000 date change.
    Thank you for the opportunity to testify.
                                 ______
                                 
             Department of Health & Human Services,
                              Food and Drug Administration,
                                                      Rockville MD.
Hon. Christopher Dodd,
Vice Chairman, Special Committee on the Year 2000 Technology Problem,
U.S. Senate,
Washington, DC.
    Dear Vice Chairman Dodd: Thank you for the opportunity to testify 
before your Committee at the July 23 hearing on the impact of Year 2000 
computer problems on health care issues. You asked important questions 
concerning the preparedness of the health care system, particularly 
with respect to the need for information from medical device 
manufacturers on Year 2000 compliance. This letter responds to the 
particular question you posed concerning the extent of the legal 
authority the Food and Drug Administration (FDA or Agency) has to 
require responses from medical device manufacturers on Year 2000 
compliance of medical devices. You referenced the enclosed April 1, 
1998, letter from the Health Industry Manufacturers Association 
asserting that FDA had no legal authority to require such submissions 
(Tab A).
    Enclosed is a list of manufacturers who have not responded to FDA 
as of July 20, 1998, with information on Year 2000 compliance (Tab 
B(1)).\1\ A cover sheet also is provided with Tab B which explains the 
data presently available on the FDA Year 2000 web site. The list of 
non-responders is compiled from those manufacturers which were sent 
FDA's letter mailed on June 29, 1998, a follow-up to the January 21, 
1998, letter from the Department of Health and Human Services 
requesting information on Year 2000 compliance status of medical 
devices. At Tab B(2) \1\ is the list of manufacturers to whom the FDA 
follow-up letter was mailed. Also attached at Tab B(3) \1\ is a listing 
of all the manufacturers who have responded to FDA and are listed on 
the FDA Year 2000 web site.
---------------------------------------------------------------------------
    \1\ Retained in committee files.
---------------------------------------------------------------------------
    Please be assured that FDA is working with the Department of 
Veterans Affairs and others to compare and coordinate information 
received from all sources so that the web site can include all know 
information on the compliance status of medical devices. We are also 
working with other executive branch agencies, manufacturers, trade 
associations and others to obtain information from more companies and 
on more medical devices. Your hearing helped publicize the lack of 
response from the industry and we believe it will encourage additional 
cooperation from the manufacturers who have the information on the Year 
2000 status of their medical devices.
                          fda legal authority
    Under its current regulations, FDA does not have the authority to 
require all device manufacturers to submit reports on whether their 
devices are Year 2000 compliant.
    FDA's Quality System Regulation (QSR) does impose a continuing 
requirement on manufacturers to identify, investigate, and correct 
problems or potential problems with devices covered by the regulation. 
21 CFR Part 820. Devices automated with computer software are subject 
to all requirements of 21 CFR Part 820 unless expressly exempted by 
regulation. Under the QSR, manufacturers must document and correct 
problems with covered devices, including problems arising from the use 
of two digits to represent the year. 21 CFR Sec. 820.100. Manufacturers 
must make records of such corrective actions available to FDA during 
facility inspections. Manufacturers are required to report recalls and 
corrective actions they have undertaken to reduce a risk to health or 
prevent a violation of the Act that may present a risk to health. 
Manufacturers that have corrected a Year 2000 problem with their device 
that, if not corrected, could present a risk to health must report the 
correction to FDA. When we receive such information, we will include it 
on our web site.
    FDA does not have explicit statutory authority to order all device 
manufacturers to submit information immediately on Year 2000 compliance 
status for all medical devices. The Agency does have general statutory 
authority to require reporting and recordkeeping for medical devices 
under section 519(a) of the Food, Drug, and Cosmetic Act (FD&C Act). 
The Agency may implement this statutory authority, however, only by 
regulation. Appropriate implementing regulations setting forth a Year 
2000 reporting requirement have not been promulgated. The Agency has 
promulgated regulations using the reporting authority under section 
519(a) in only limited circumstances in which adverse events have 
already occurred. To have any regulation in effect concerning the 
submission of information on Year 2000 compliance status in time for 
the reports to be of value to the Agency and the public, FDA would need 
to establish that complying with the Administrative procedure Act's 
requirements for prior notice and comment would be impractical, 
unnecessary, or contrary to the public interest.
    Moreover, even if the threshold for waiving prior notice and 
comment could be met, section 519(a)(4) requires that any regulation 
promulgated under it may not impose unduly burdensome requirements on 
the regulated industry, taking into account the cost of complying, the 
need for protection of the public health, and the implementation of the 
FD&C Act. The legislative history of section 519(a) expresses a 
particular concern that regulatory agencies not impose industry wide 
requirements for reporting when the requirement pertains to only a 
segment of the industry. Hence, FDA would either need to demonstrate 
that the public health risk of Year 2000 compliance justified a 
reporting requirement on the entire industry, or the Agency would need 
to develop reliable criteria for narrowing the population of 
manufacturers and devices to those likely to be affected by the Year 
2000 issue. Identifying only the affected segment of industry has been 
difficult since device information already provided to FDA under the 
medical device review process does not always contain specific data 
which would allow identification of all devices that might be impacted 
by the Year 2000 date change.
    FDA believes section 519(a) provides statutory authority to require 
(through implementing regulations) device reports in the absence of 
adverse events. The device industry, however, might challenge in court 
FDA's promulgation of regulations under this authority to require 
reports of Year 2000 compliance for all medical devices because of the 
strong concern on the part of some in the industry about the burdensome 
nature of such reporting requirements. Such a challenge could delay 
significantly, and thereby reduce the effectiveness of, the subject 
reporting requirement.
    Finally, even if FDA were able to develop a regulation that could 
meet the standards of section 519(a), FDA would still have the burden 
to demonstrate that the regulation met other statutory requirements, 
such as the Paperwork Reduction Act and Regulatory Flexibility Act 
requirements.
                               resources
    Finally, requesting, receiving, analyzing and posting information 
on Year 2000 compliance on a significant number of devices and 
manufacturers is resource intensive. We are working with the Department 
of Health and Human Services and the Administration to identify those 
resources necessary to ensure the completeness of the Year 2000 effort.
    We hope this information is helpful. We will be glad to work with 
you in addressing this issue. A similar letter has been sent to Senator 
Robert F. Bennett.
            Sincerely,
                                 Michael A. Friedman, M.D.,
                             Acting Commissioner of Food and Drugs.

Enclosures.
                                 ______
                                 
                                   James S. Benson,
       Executive Vice President, Technology and Regulatory 
                                             Affairs, HIMA,
                                                     April 1, 1998.
Mr. Kevin Thurm,
Deputy Secretary, Health and Human Services,
Hubert H. Humphrey Building,
200 Independence Avenue, S.W. Room 606G,
Washington, DC.
    Dear Mr. Thurm: On behalf of the members of the Health Industry 
Manufacturers Association, I am writing in response to the January 21, 
1998 ``Dear Biomedical Equipment Manufacturer'' letter that you sent 
regarding Year 2000 computer issues. As you know, HIMA is a Washington, 
D.C.-based trade association and the largest medical technology 
association in the world. HIMA represents more than 800 manufacturers 
of medical devices, diagnostic products, and medical information 
systems.
    HIMA's members share the Department's goal of providing quality 
health care services without significant interruption caused by Year 
2000 computer limitations. To that end, manufacturers are diligently 
working to ensure that medical device products will operate safely and 
effectively in the Year 2000 (and beyond). Due to the diversity of the 
medical device manufacturing industry, one approach will not fit all 
products. Each manufacturer will need to develop its own plan to 
evaluate the systems in current use and determine the actions to be 
taken to negotiate Year 2000 requirements.
    HIMA's members understand the Department's interest in this issue. 
Nevertheless, we do not agree that a federal government Internet web 
site listing Year 2000 compliance status of various products is an 
appropriate or necessary step. Instead, manufacturers should be 
encouraged to address Year 2000 issues with customers (including the 
federal government) directly, in one-on-one interactions discussing 
particular products. This type of interaction is the hallmark of 
quality business practices that are a traditional part of our free 
enterprise economic system in the United States. Such direct 
interactions ensure that customers receive adequate and complete 
information, and have an opportunity actively to ask questions and 
receive responses. Indeed, many medical device manufacturers have 
Internet web sites of their own that are a source of Year 2000 
information and encourage direct interaction with customers.
    HIMA's members note that the Department has no legal authority to 
require the submission of the Year 2000 information that is the subject 
of your January 21, 1998 letter. This is also obvious from the fact 
that the Department's letter is ``requesting'' this information. In 
view of this, HIMA believes that the statement in the letter that 
``there will be targeted follow-up regarding non-respondents'' is 
inappropriate.
    Even if ``requesting'' this information for listing on an Internet 
web site to be operated by the federal government were a good idea, the 
sixty-day time limit given in the letter is not nearly sufficient and 
does not further a sense of goodwill and cooperative interaction 
between industry and government. As stated above, manufacturers are 
currently engaged in determining whether their products will face Year 
2000 computer issues and developing appropriate solutions. Therefore, 
much of the information requested by the January 21, 1998 letter will 
not be available in a sixty-day time frame, or even in the near future.
    As you may know, the Internet web site maintained by the FDA's 
Center for Devices and Radiological Health (CDRH) also contains some 
information and requests on Year 2000 issues. These do not seem to be 
coordinated with the items specified in the Department's January 21, 
1998 letter. Accordingly, manufacturers are confused by the 
inconsistency and the Department should work with CDRH to resolve these 
differences.
    In conclusion, HIMA's members view the Year 2000 issues as vitally 
important to pursue in order to continue to provide safe and effective 
products to promote the public health. While we agree with the concern 
that the Department expresses to ensure that appropriate activities are 
undertaken to develop ``Year 2000 compliant'' products, we do not agree 
with the method described in the January 21, 1998 letter. Instead, 
HIMA's members will continue to develop, on a company-by-company basis, 
appropriate implementation plans to address the Year 2000 issues. In 
addition, companies will continue to provide customers directly with 
information on their products, including the Year 2000 issues, through 
traditional business interactions on a company-by-company basis.
    HIMA would be willing to meet with the Department and CDRH to 
discuss Year 2000 issues. Please feel free to contact me if you would 
like to arrange such a meeting.
            Sincerely,
                                                   James S. Benson.
                                 ______
                                 

            Explanation of Food and Drug Administration Data

    The testimony provided by the Food and Drug Administration 
contained approximate figures concerning the number of manufacturers 
who had received a mailing from FDA on June 29, 1998 and the number of 
response received. In reviewing the data, accurate numbers were 
determined and are provided in this explanation.

    MANUFACTURERS DETERMINED BY FDA TO BE MOST LIKELY TO HAVE MEDICAL
       DEVICES THAT COULD BE AFFECTED BY THE YEAR 2000 DATE CHANGE
------------------------------------------------------------------------
2,232..................  Addressees of June 29, 1998 FDA letter
                          requesting Year 2000 compliance
                          information.\1\
297....................  Duplicate addressees.
1,935..................  Distinct addresses used for the June 29, 1998
                          letter.
------------------------------------------------------------------------
\1\ It should be noted that FDA has received approximately 50 returned,
  non-deliverable letters from the June 29, 1998 mailing. These returns
  are reflected in the ``no responses'' list.

    As of July 20, the total data in the FDA Year 2000 database 
reflects the following information:

----------------------------------------------------------------------------------------------------------------
93...........................................................  Total number reporting Year 2000 date related
                                                                problems.
(58).........................................................  (Addressees of June 29, 1998 mailing.)
423..........................................................  Total reporting products are compliant.
(150)........................................................  (Addresses of June 29, 1998 mailing.)
63...........................................................  Total providing Web Links.\1\
(48).........................................................  (Addressees of June 29, 1998 mailing.)
1,287........................................................  Total indicating no date or computer used in
                                                                product.
176..........................................................  (Addresses of June 29, 1998 mailing.)
----------------------------------------------------------------------------------------------------------------
\1\ The 63 manufacturers providing WEB links may also be included in the other database categories, as some have
  provided both product data and a WEB link.

                                 ______
                                 

  Responses of Michael A. Friedman to Questions Submitted by Chairman 
                                Bennett

    Question. Mr. Commissioner, FDA waited until January 1998 to ask 
the industry for non mandatory Y2K compliance data for biomedical 
devices.
  --FDA is usually very assertive in following up on patient safety and 
        regulatory programs. Why has FDA been so passive in its follow-
        up on the biomedical Y2K issue?
    Answer. In order to ensure Year 2000 (Y2K) compliance of medical 
devices that use computer software, FDA sent a letter dated June 25, 
1997, to 13,407 medical device manufacturers to ensure that 
manufacturers reviewed this issue and reviewed both embedded and non-
embedded software products. FDA recommended specific actions to ensure 
the continued safety and effectiveness of these devices and to remind 
manufacturers of their responsibility to ensure that their products 
will not be affected by the century change.
    Because we must assist medical providers and physicians avoid 
injuries from medical devices with embedded microchips which may not 
function at the turn of the century, the Department of Health and Human 
Services (HHS) also has been involved in the effort to ensure the 
compliance of biomedical equipment (includes medical devices regulated 
by FDA and other medical equipment not regulated by FDA). On January 
21, 1998, Deputy Secretary Kevin Thurm issued a letter to 13,000 
manufacturers of medical devices and, working through professional 
associations, approximately 3,000 manufacturers of scientific 
laboratory equipment. This letter asked the manufacturers to provide 
information concerning the compliance status of their products.
    In addition, on June 29, 1998, Dr. D. Bruce Burlington, Director of 
the Food and Drug Administration's (FDA) Center for Devices and 
Radiological Health (CDRH) issued a follow-up letter to approximately 
1,935 manufacturers. This letter was targeted to manufacturers of 
computerized devices urging again that they respond to the January 21 
request to submit product data. The Agency will continue to 
periodically remind manufacturers of this program.
    Finally, on September 2 Dr. Michael Friedman sent a letter to the 
Health Industry Manufacturers Association (HIMA) to get their input on 
how to eliminate the disincentives so that manufacturers will be more 
forthcoming with product status information and urges HIMA to develop a 
plan of specific actions to increase progress by industry.
    FDA's Center for Devices and Radiological Health's (CDRH) Division 
of Small Manufacturer's Assistance recently provided an article 
entitled ``Biomedical Equipment Manufacturers Urged to Share Year 2000 
Information'' to 12 Medical Device Trade press contacts and to 65 U.S. 
and 35 foreign medical device trade associations in order to facilitate 
the dissemination of information to their members regarding the web 
site database to encourage the posting of data by manufacturers. In 
addition, the web site and database are mentioned in the FDA Column of 
the June 3, 1998, Journal of the American Medical Association and in an 
article in FDA's Medical Bulletin that was sent to approximately 
700,000 health care practitioners this summer.
    FDA's objective remains the provision of a comprehensive, 
centralized national source of information on the Y2K compliance status 
of medical devices used in the United States and to make this 
information publicly available through its web site. Our joint efforts 
with the VHA and OASD/HA are designed to better leverage our collective 
information and influence. We are already working together to enhance 
the existing web site to be the national biomedical equipment 
clearinghouse by adding equipment inventories from other organizations 
and by conducting additional follow-up activities. These activities 
include checking whether a medical device manufacturer has met a 
planned date for availability of a compliant product version, and 
inspecting records relating to the Y2K compliance of computerized 
medical devices during FDA medical device facility inspections.
    We believe that this series of actions demonstrates FDA's 
commitment to ensuring that adequate public information becomes 
available to the public on a timely basis.
    Question. Mr. Commissioner, the Committee is concerned with the 
safety of patients dependent on Y2K compliant medical devices. We know 
there are millions of these devices in current use. We are concerned 
that the FDA biomedical device web site for the Center for (Medical) 
Devices and Radiological Health (CDRH) is incomplete (only 1,000 
companies) and has inadequate data to assist potential users.
  --Do you have any plans to establish a complete database for all 
        biomedical devices with product descriptions, ID numbers, and 
        software versions?
    Answer. Many different types of products are regulated as medical 
devices. Medical devices include over 100,000 products in more than 
1,700 categories. Most of these have no microprocessors, software, or 
computer linkage. We do not believe that listing all compliant products 
is either necessary or cost-effective. We do not believe anyone could 
reasonably want information on Y2K compliance on such products as: 
crutches, hip implants, sutures, or a dip stick test for pregnancy. In 
addition, even for potentially Y2K vulnerable products, the FDA web 
site already includes a certification statement assuring total 
compliance from those manufacturers who report all of their products 
are compliant. FDA believes information at the individual model level 
is needed for non-compliant products only. If a manufacturer's entire 
product line is compliant, users of the clearinghouse would receive no 
additional benefit from the model-level information, which would be 
quite expensive to obtain and enter into the database. Furthermore, 
manufacturers also may establish a World Wide Web link to their own web 
site where the requested information is provided to the public, if they 
so choose.
    HHS and the Veterans Administration already are working as a 
Federal partnership to develop a single data clearinghouse. Our private 
sector associates, mostly professional associations such as the 
American Medical Association, the American Hospital Association, and 
the Joint Commission on Health Care Accreditation, will provide advice 
and assistance as requested. It would be useful to provide an 
indication of whether a particular manufacturer has or has not provided 
information on Y2K compliance for manufacturers of electronic products 
that are susceptible to Y2K concerns. To that end, FDA will post on the 
web site the identity of manufacturers who have not provided compliance 
certification.
  --Do you require legislative assistance to acquire the data from 
        manufacturers or budget help to promptly establish and maintain 
        the biomedical database until after Y2K?
    Answer. Under its current regulations, FDA does not have the 
authority to require all device manufacturers to submit reports on 
whether their devices are Year 2000 compliant. FDA's Quality System 
Regulation (QSR) does impose a continuing requirement on manufacturers 
to identify, investigate, and correct problems or potential problems 
with devices covered by the regulation (21 CFR Part 820). Devices 
automated with computer software are subject to all requirements of 21 
CFR Part 820 unless expressly exempted by regulation. Under the QSR, 
manufacturers must document and correct problems with covered devices, 
including problems arising from the use of two digits to represent the 
year. Manufacturers must make records of such corrective actions 
available to FDA during facility inspections. Manufacturers are 
required to report recalls and corrective actions they have undertaken 
to reduce risk to health or prevent a violation of the Act that may 
present a risk to health. Manufacturers that have corrected a Year 2000 
problem with their device that, if not corrected, could present a risk 
to health must report the correction to FDA. When FDA receives such 
information, FDA will include it on the web site. FDA sent a letter to 
the Committee on July 31, 1998, and provided a more detailed response 
regarding the full extent of the legal authority FDA has to require 
responses from medical device manufacturers on Y2K compliance of 
medical devices. FDA has been providing technical assistance to the 
Committee regarding possible legislation, and will gladly continue to 
provide assistance if the Committee determines that legislative 
assistance is necessary.
    Requesting, receiving, analyzing and posting information on Y2K 
compliance on a significant number of devices and manufacturers is 
resource intensive. We are working with the Department of Health and 
Human Services and the Administration to identify those resources 
necessary to ensure the completeness of the Y2K effort.
    Let me assure you, we at FDA take this issue very seriously as we 
do all problems which could affect the public health. We are committed 
to continue working with the Committee to urge manufacturers to ensure 
the continued safety of their medical devices by ensuring that their 
devices can perform date recording and computations that will be 
unaffected by the Y2K date change.
                               __________

                  Prepared Statement of Gil R. Glover

    Mr. Chairman and members of the committee, I am Gil Glover, 
Director for Projects and Planning in Medicare Operations for Blue 
Cross and Blue Shield (BCBS) of Texas. I am testifying on behalf of the 
Blue Cross and Blue Shield Association, the organization representing 
54 independent Blue Cross and Blue Shield Plans throughout the nation.
    Each independent Blue Cross and Blue Shield Plan is actively 
working to ensure that its information system and business operation 
will function properly in the Year 2000 and beyond. One of the 
strengths of the Blue Cross and Blue Shield system is the ability of 
these independent Plans to inter-operate in support of local, national 
and international customers. Therefore, the Year 2000 readiness of the 
information systems that support inter-Plan transactions is a top 
priority for the Blue Cross and Blue Shield system.
    The Blue Cross and Blue Shield system is a major presence in the 
Medicare program. Blue Cross and Blue Shield Plans process 85 percent 
of Medicare Part A claims and about two-thirds of all Part B claims. 
Blue Cross and Blue Shield Plans also provide Medicare HMO coverage to 
more than three-quarters of a million Medicare beneficiaries, which 
makes the Blue Cross and Blue Shield system the second largest Medicare 
HMO provider in the country. At BCBS of Texas, we process about 7.7 
million Part A claims and 47.6 million Part B claims a year.
    Like any other health insurance company, our Medicare business and 
our commercial business face the challenge of becoming Year 2000 
compliant. I appreciate the opportunity to testify before the committee 
today on the progress Medicare contractors have made toward becoming 
Year 2000 compliant.
    medicare contractors' commitment to becoming millenium compliant
    Since its inception, the traditional Medicare fee-for-service 
program has been administered through a successful partnership between 
private industry and the Health Care Financing Administration (HCFA). 
Blue Cross and Blue Shield Plans and commercial insurers contract with 
HCFA to handle much of the day-to-day work of paying Medicare claims 
accurately and in a timely manner.
    Medicare contractors have successfully met many significant 
challenges over this thirty-three year partnership with HCFA. These 
include:
  --Handling a dramatic increase in workload that has grown from 61 
        million claims in 1970 to 889 million in 1998.
  --Quickly implementing major programmatic changes under extremely 
        tight time frames, such as the institution and refinement of 
        the Medicare prospective payment system for hospitals and the 
        physician resource-based relative value payment system.
    We are very proud of our role as Medicare administrators and our 
record of efficiency and cost effectiveness.
    One of our next major challenges is to assure that Year 2000 
computer adjustments are made accurately and in accordance with the 
timetable set out by HCFA. There are three specific points I would like 
to make today:

    1. Year 2000 compliance is a top priority for Medicare contractors.
    2. New contracting legislation is unnecessary, and actions arising 
out of such changes could actually make Year 2000 compliance more 
difficult.
    3. Stable and adequate funding for Medicare contractors is critical 
to administering the traditional Medicare program efficiently and 
effectively through the Year 2000 readiness phase and beyond.
Year 2000 compliance is a top priority
    Year 2000 compliance is a top priority for Medicare contractors. 
Despite the significant challenges, let me assure you that Medicare 
contractors are working toward becoming compliant on a timetable that 
will meet HCFA's deadline of December 31, 1998, which is two months 
earlier than the government-wide target date set by the Office of 
Management and Budget (OMB).
    Medicare contractors will make every effort to meet this challenge 
just as they have successfully met other challenges in the past. It is 
in everyone's interest--Blue Cross and Blue Shield Plans, the 
government, providers and beneficiaries--for contractors to become 
millenium compliant on time. For Blue Cross and Blue Shield Plans, both 
their Medicare and private business depend on meeting this challenge.
    I want to state clearly that Medicare contractors are committed to 
Year 2000 compliance. In recent congressional hearings and press 
reports, it has been suggested that contractors are not being diligent 
in their efforts to meet this requirement and that HCFA needs 
additional authority to assure compliance. Nothing could be further 
from the truth.
    The Blue Cross and Blue Shield Association and Medicare contractors 
have been working closely with HCFA on compliance issues. As part of 
this process, BCBSA has been working with HCFA to find an agreeable 
contract amendment related to Year 2000 compliance. Last fall, HCFA 
sent all Medicare contractors a contract amendment intended to assure 
Year 2000 compliance. BCBSA had several concerns with the amendment, 
including concerns that it would have required contractors to assume 
liability for compliance of all vendors (e.g., financial institutions, 
facilities managers who control elevator programming, etc.) or face 
civil monetary penalties. HCFA acknowledged that it had drafted the 
amendment too broadly and agreed to work with contractors to rewrite 
the amendment. I am happy to report that three weeks ago, HCFA and 
BCBSA developed a contract amendment agreeable to both parties.
    In addition to the work on the contract amendment, BCBSA has worked 
with HCFA on developing a regular, formal process to assure regular 
communication with HCFA. In response to a BCBSA recommendation, HCFA 
established a steering committee chaired by HCFA's chief operating 
officer and vice-chaired by BCBSA. The role of the steering committee 
is to:
  --Clarify Year 2000 compliance standards, time lines, and reporting 
        requirements;
  --Monitor progress; and
  --Facilitate coordination, cooperation, and communication among HCFA 
        and its contractors.
    I serve as the technical project management advisor to the steering 
committee. Let me briefly describe the accomplishments of the 
committee. The committee established eight working groups that are 
meeting to address the following areas:

    1. Progress Measurement--Monitors the progress of individual 
contractors and contractors as a whole.
    2. Critical Path--Identifies necessary activities, risk points, and 
key assumptions for Year 2000 compliance.
    3. Priorities--Evaluates competing program priorities, including 
standard system transitions, Balanced Budget Act (BBA) implementation, 
and Health Insurance Portability and Accountability Act (HIPAA) 
administrative simplification.
    4. Provider Relations--Informs providers about Year 2000 issues and 
provides training.
    5. Common Testing Protocols--Develops testing procedures.
    6. Common Efforts--Identifies areas of common interest and concern 
to contractors and looks for efficiencies.
    7. Contingency Planning--Determines processes and time frames for 
paying providers if systems are not Year 2000 compliant.
    8. Resource Allocation--Defines standard definitions for Year 2000 
activities and estimate costs.

    Very good progress is being made in these workgroups. As an 
example, the Contingency Planning group has developed a protocol that 
is supported by a comprehensive planning template applicable to any 
risk a Medicare contractor might identify in its operations. Use of the 
template is being piloted by work group contractor members, and is 
scheduled for release to all contractors in early August. While 
contractors are already performing contingency planning exercises, the 
work group's combined input into development of this protocol has 
produced a tool that can add significant value to this process and 
produce uniform planning documentation.
    Beyond the specific products of these work groups, operation of the 
steering committee has facilitated very constructive and useful 
dialogue between contractors and HCFA about Year 2000 compliance. The 
committee has met with the HCFA administrator, and meets regularly with 
many of the agency's key directors and other top management staff. We 
look forward to continuing these cooperative efforts with HCFA.
    In reviewing the issues related to Year 2000 compliance, the 
committee should be aware of four additional issues that have made Year 
2000 compliance activities even more challenging:
  --Significant Change in Direction.--Originally, many of the system 
        changes that were necessary for compliance would have been 
        accomplished by the conversion of all Medicare contractors to 
        the Medicare Transaction System (MTS). As you know, the MTS 
        initiative was dropped last year. As a result, contractors have 
        been required to make significant changes that, in the absence 
        of the MTS initiative, they would have been working on for a 
        long time.
  --Transition to New Standard Systems.--Instead of converting to the 
        MTS system, HCFA has directed contractors to transition to a 
        new single Part A and a new single Part B system. In some 
        cases, this conversion to different systems has complicated 
        efforts to focus on millenium compliance activities. As a 
        result, several contractors requested HCFA to delay transition 
        requirements so they could focus on Year 2000 issues. We are 
        very pleased that HCFA recently agreed to delay transitions for 
        some Medicare contractors.
  --Adequate Funding is Absolutely Critical.--We anticipate Year 2000 
        compliance to be very costly. We were very pleased that 
        Congress reprogrammed $20 million in the fiscal year 1998 
        supplemental appropriations bill to cover contractor millenium 
        costs. We also understand that HHS has taken administrative 
        actions to allocate another $41 million to cover Year 2000 
        costs. However, to date, contractors have received less then 
        the total amount allocated. We look forward to receiving full 
        funding.
  --Numerous and Broad Programmatic Demands.--Numerous initiatives 
        (e.g., HIPAA requirements and BBA) will be implemented while 
        Year 2000 modifications and testing are occurring. HCFA has 
        already said that it will not be able to implement all of the 
        BBA requirements because of the need to concentrate on Year 
        2000 efforts. We recommended to HCFA that as many non-Year 2000 
        system changes as possible should be removed from contractor 
        workloads so that technical resources could be devoted to 
        assuring Year 2000 readiness.
Contractor reform is not necessary and would jeopardize year 2000 
        efforts and BBA implementation
    HCFA is seeking legislation that would dramatically restructure the 
contracting process for Medicare intermediaries and carriers. It has 
been argued that contractor reform is necessary to assure Year 2000 
compliance. BCBSA believes that, in fact, contractor reform would not 
improve the Year 2000 problem, and could make it more difficult.
    Contractor transitions are significant technical projects in their 
own right, and add risk to Medicare processing stability even without 
Year 2000 factors. New contractors would have to learn Medicare's 
extremely complex and intricate rules and regulations while 
simultaneously working to achieve millenium compliance.
    HCFA is exercising extensive oversight of Medicare contractors' 
Year 2000 compliance efforts through the use of its own review teams 
and an independent verification and validation contractor. Most 
Medicare contractors have already been reviewed for Year 2000 
compliance progress with at least two comprehensive on-site reviews--
many contractors are at round three of these reviews. In addition, both 
the Office of the Inspector General (OIG) and the General Accounting 
Office (GAO) are conducting Year 2000 reviews at Medicare contractor 
sites. There is ample opportunity for identifying and correcting any 
deficiencies or problems in the Medicare contractor community through 
these processes.
    Moreover, contractor reform is not necessary to replace contractors 
that are not millenium compliant. HCFA currently has broad authority to 
sanction, replace, or terminate contractors that are not in compliance.
    Success in Medicare claims administration requires that HCFA and 
the contractors work together toward their mutual goal of accurate and 
timely claims payment. BCBSA does not believe these legislative changes 
are necessary to assure efficiency and high performance levels.
Stable and adequate funding is critical
    We strongly support HCFA's efforts to secure additional funding for 
Year 2000 activities in fiscal year 1999. While Medicare contractors 
must be Year 2000 compliant by the end of this calendar year, 
contingency planning and risk mitigation actions must continue 
throughout 1999 to ensure rapid, effective response to any problems 
actually encountered in calendar year 2000. Contingency plans that can 
not be deployed in 1999 may have little value if they must be started 
from scratch in 2000. Additionally, there is significant on-going 
system testing that must occur throughout 1999 even after Year 2000 
compliant systems have been implemented. This ``regression testing'' is 
essential to ensure that essential changes implemented in 1999 do not 
adversely effect Year 2000 readiness.
    Medicare contractors also need stable and adequate funding to 
fulfill the critical role as the program's first line of defense 
against fraud and abuse. We urge the committee to support the Medicare 
contractor funding level proposed in the fiscal year 1999 President's 
budget and approved by the House Appropriations Committee. The 
Committee recommended appropriating $1.27 billion, without the user 
fees proposed in the President's budget. We fully support this funding 
level without the user fees.
                               conclusion
    The Year 2000 compliance issue poses monumental challenges. Blue 
Cross and Blue Shield Plans and commercial contractors are committed to 
meeting these challenges just as they have done in the past.
    Let me reiterate that Medicare contractors are working diligently 
to become millenium compliant by December 31, 1998. We will continue to 
work with HCFA to resolve issues that arise and to ensure compliance. A 
cooperative approach between contractors and HCFA will achieve the best 
results. BCBSA feels that proposed contractor reform legislation raises 
fundamental issues and implications for the Medicare program that work 
against the cooperative effort needed at this critical time when 
experience and focus are so essential. The keys to Year 2000 compliance 
in the Medicare contractor community are stable, adequate funding for 
the required resources and consistent prioritization of Year 2000 
activities over any other potential changes in the Medicare program.
    Thank you for the opportunity to speak with you on these important 
issues.
                                 ______
                                 

 Responses of Gil R. Glover to Questions Submitted by Chairman Bennett

    Question 1. What is the status of Y2K discovery and renovation 
action?
    Answer. Year 2000 readiness status is gathered from contractors 
regularly by HCFA. In addition to their own analysis and feedback 
actions with contractors, HCFA regularly reports Y2K status to OMB, GAO 
and Congress. The Blue Cross and Blue Shield Association (BCBSA) does 
not independently collect readiness status from the Medicare 
contractors.
    Question 2. What is the BCBSA's plans for integrated testing?
    Answer. Integrated testing with providers is part of each 
contractor's Y2K Readiness Project Plan. All such project plans have 
been filed with HCFA and are a part of the formal Medicare Agreement 
between HCFA and its contractors. Integrated testing protocols will 
vary depending on the provider's choice of electronic media, the 
standard claims processing system in use for Medicare and the corporate 
front-end hardware/software configuration used for electronic data 
interchange.
    Question 3. What is the contingency plan if the providers can't do 
EDI?
    Answer. Contingency planning is being considered nationally by HCFA 
to insure that standardized responses and actions will be in place for 
all contractors in the event that some providers are not able to 
achieve Y2K readiness timely. It should be emphasized, however, that 
achieving Y2K readiness for billing Medicare claims is a provider 
responsibility.
    Question 4. What is the status of the BCBSA Y2K?
    Answer. The BCBSA is an association of 54 independent licensees. 
BCBSA itself is not an insurance company, and therefore does not 
process health claims. The Association is working to ensure that its 
inter-Plan programs, e.g., FEP, BlueCard, will function properly with 
respect to dates beyond December 31, 1999. Individual Plan management 
and boards of directors are responsible for ensuring Y2K readiness of 
their respective local Plan operations.
                               __________

                 Prepared Statement of Jennifer Jackson

    Mr. Chairman, I am Jennifer Jackson, General Counsel and Vice 
President, Clinical Services, at the Connecticut Hospital Association. 
I am here on behalf of the American Hospital Association (AHA), which 
represents 5,000 hospitals, health systems, networks, and other 
providers of care.
    We appreciate this opportunity to present our views on an issue 
that is of critical importance to our members and the patients they 
care for: the potential for the ``millennium bug''--the inability of 
computer chips to recognize the Year 2000--to interrupt the smooth 
delivery of high-quality health care. The AHA and its members are 
committed to taking whatever steps may be necessary to prevent 
potential Year 2000 problems from affecting patient care.
    Hospitals and health systems operate 7 days a week, 24 hours a day. 
Their doors are always open because the people they serve trust that 
they will be there whenever the need arises. Our number one concern is 
the health and safety of our patients, and that is why I am here.
    Hospitals and health systems face the same potential problems as 
most other institutions. Cellular phones, pagers, security systems, 
elevators--all could be affected by Year 2000 problems. However, 
hospitals are special places that also rely daily upon unique medical 
devices and equipment. We are concerned about the potential impact of 
Year 2000 computer problems on patient safety--and hospitals, health 
care providers and their associations cannot reduce, let alone 
eliminate, that risk by themselves. We need your help and cooperation, 
and that of the federal agencies that regulate the health care field: 
namely, the Food and Drug Administration (FDA) and the Health Care 
Financing Administration (HCFA).
    In particular, we need the federal government to exercise its 
authority in this area--now. We need the federal government to create 
an atmosphere in which everyone involved in the health care field will 
view the full and timely disclosure of Year 2000 computer problems not 
only as diligent and prudent behavior--the right thing to do--but also 
as mandatory conduct.
    In fact, our belief that medical device manufacturers, health care 
providers, consumers and the government must work together to solve 
this problem is one reason why we have joined the National Patient 
Safety Partnership, a voluntary public-private partnership of national 
health care organizations. The partnership, in a press conference just 
last week, called for a national clearinghouse for information about 
the Year 2000 compliance status of medical devices. The organizations 
also called for:
  --Medical device manufacturers to identify and provide Year 2000 
        compliance information about their devices to their health care 
        provider customers and the public;
  --Health care practitioners to become familiar with Year 2000 issues 
        and take steps to mitigate risks and inform the people they 
        serve; and
  --Health care consumers to become familiar with Year 2000 issues and 
        seek advice about equipment in personal and home use.
    One of the AHA's primary concerns has to do with potentially non-
compliant medical devices and equipment. Microchips (or 
microprocessors) that use date-sensitive logic are embedded in many 
medical devices, and we need to find out whether those devices will be 
affected by the date change to the Year 2000, and, if so, how we can 
fix them to avoid an interruption or other malfunction. The 
manufacturers of these devices are the best and, in some cases, the 
only source of this information. Assuming that prudent medical device 
and equipment manufacturers are engaging in Year 2000 testing, we need 
to know what they are discovering, especially if they are uncovering 
problems. Here lies the heart of our concern.
    While we as health care providers can ask manufacturers to disclose 
Year 2000 information to us, we cannot force them to do so. We do not 
have the legislative or regulatory authority to compel disclosure. We 
believe that is a job for Congress and the FDA.
            the role of aha and state hospital associations
    Hospitals and health systems are doing their part. Across the 
nation, hospitals are preparing for the date change, and making a 
commitment to take appropriate steps to avoid any disruption in patient 
care. Continuing a tradition of partnership in addressing issues that 
affect our mutual members, the AHA and the nation's state hospital 
associations are working together to inform and educate hospitals and 
health systems about the Year 2000 issue.
    We are committed to informing our members of the dangers of the 
millennium bug. We are making sure they have the latest information on 
what their colleagues and other organizations are doing to address the 
problem. And we are helping them learn about potential solutions.
    Our State Issues Forum, which tracks state-level legislative and 
advocacy activities, is hosting biweekly conference calls dedicated 
entirely to the Year 2000 issue. On these calls, state and AHA staff 
share information. A special AHA task force on the Year 2000 problem 
has been drawing up time lines for action to make sure our members get 
the latest information and know where to turn for help.
    Articles are appearing regularly in AHA News, our national 
newspaper, in Hospitals and Health Networks, our national magazine for 
hospital CEO's, in Trustee, our national magazine for volunteer 
hospital leadership, and in several other national publications that 
are published by various AHA membership societies. Several of these 
societies, such as the American Society for Healthcare Engineering and 
the American Society for Healthcare Risk Management, are deeply 
involved in helping their members attack the millennium bug in their 
hospitals.
    In addition, the AHA Web site has become an important clearinghouse 
of information on the Year 2000 issue, including links to other sites 
with information that can help our members.
              the role of the food and drug administration
    When it comes to medical devices, however, our efforts are not 
going to be sufficient to solve the problem, unless the manufacturers 
cooperate fully and quickly. While we anticipate that the number of 
devices that are affected may be limited, it is critical that accurate 
and thorough information be available from manufacturers. While health 
care providers can inventory their thousands of devices and pieces of 
equipment, the information about whether these devices are Year 2000-
compliant--that is, whether or not they will be affected by the date 
change--must come from the manufacturers. Several organizations, both 
public and private, have undertaken concerted efforts to collect this 
information. Key among them are the Veterans Administration, the FDA, 
and a consortium of state hospital associations and the AHA, through 
the Security Third Millennium product.
    The FDA has an especially key role to play in this area. The Center 
for Devices and Radiological Health (CDRH), the arm of FDA responsible 
for regulating the safety and effectiveness of medical devices, has 
taken a number of steps to ensure that manufacturers of medical devices 
address potential Year 2000 problems. We commend the center for its 
actions. Dr. Thomas Shope, who is heading FDA's efforts, has been very 
receptive to our concerns. We urge the FDA to work with other public 
and private parties in maintaining a national clearinghouse. Congress 
should provide the FDA with adequate resources to sustain and maintain 
this important effort.
    We believe that current regulations allow the FDA to require 
manufacturers of medical devices to perform Year 2000 testing and 
report adverse results. We urge Congress to speak directly to 
manufacturers on the need and expectation for prompt, sufficient 
disclosure. Congress also should provide FDA with the resources 
necessary to ensure timely reporting of Y2K compliance--including 
additional authority, if needed.
          the role of the health care financing administration
    On average, America's hospitals and health systems receive roughly 
half of their revenues from government programs like Medicare and 
Medicaid. If that much revenue were to be suddenly cut off, hospitals 
could not survive, and patient care could be jeopardized. Hospitals 
would not be able to pay vendors. They would not be able to purchase 
food, supplies, laundry services, maintain medical equipment--in short, 
they would not be able to do the job their communities expect of them. 
All this would occur even as hospitals and health systems faced the 
substantial costs of addressing their own Year 2000 system needs--costs 
that are not recognized in the calculation of current Medicare payment 
updates.
    We applaud HCFA's recognition that the Y2K issue must be dealt 
with. We urge the agency to take the steps necessary to also ensure 
that state Medicaid programs are Y2K compliant.
    With regard to Medicare, we are concerned about the agency's 
decision to delay the routine Year 2000 Medicare payment update while 
it works on its computers and those of its contractors. In addition, 
the agency has not yet committed to any provision to pay interest for 
that period. Hospitals are already trying to cope with the BBA's 
dramatic changes, including significant spending reductions. A delay in 
the Year 2000 update adds to their burden and causes unpredictability 
for them and their patients.
    HCFA's actions could affect hospitals' ability to provide the 
highest-quality care possible not just to Medicare beneficiaries, but 
to our other patients as well. Hospitals still must pay the bills 
associated with providing that care, and those bills will keep coming 
throughout HCFA's effort to update its computers. Routine updates in 
current PPS payments are not complex. However, if they cannot be 
provided as scheduled, then HCFA must quickly create an alternate 
payment method that ensures the smooth flow of funds even as it updates 
its computer systems, including paying hospitals prospectively.
    HCFA also must make sure its contractors--including Medicare+Choice 
plans--take steps to ensure that their performance will not be 
interrupted by Year 2000 problems caused by the millennium bug. HCFA 
should make readily available its work plan, and progress reports, for 
bringing the contractors and Medicare+Choice plans into compliance and 
monitor their efforts. Letting providers know what changes may be 
required of them is also important. This would allow providers, 
contractors and plans to prepare simultaneously and ensure that their 
systems are compatible.
    Even if HCFA and its contractors express confidence that their 
payment mechanisms will not be affected by the millennium bug, 
unforeseen problems could crop up. Therefore, it is imperative that 
HCFA establish a fail-safe contingency plan in case HCFA or its 
contractors' payment mechanisms somehow fail at the turn of the 
century. We would like to work with HCFA to ensure that these short-and 
long-term concerns about the Year 2000 are adequately addressed.
    Medicare beneficiaries' health care needs will remain constant, 
regardless of how well we are prepared for Year 2000 problems. If 
carrier and fiscal intermediary payment systems are clogged up by the 
millennium bug, hospitals' ability to continue providing high-quality 
health care could be severely affected. A system to provide periodic 
payments, based on past payment levels, is one way that this could be 
done. It would ensure that hospitals have the resources necessary to 
care for Medicare patients. We urge Congress to enact legislation to 
authorize such a system, and require that HCFA subject such contingency 
plans to public comment.
                          the role of congress
    As I have described, health care providers and the associations 
that represent them are devoting significant time, resources and energy 
to preventing potential Year 2000 problems from affecting patient 
safety. It is essential that we all look for ways to help prepare 
America's health care system for the turn of the century, and Congress 
can play an important role. Your attention to this issue, through 
hearings such as this, reflects your understanding of the gravity of 
the situation.
    We ask you to help America's health care system avoid Year 2000 
problems by taking several steps:
  --Congress should speak directly to manufacturers on the need and 
        expectation for prompt, sufficient disclosure of their medical 
        devices' Y2K compliance, and provide FDA with any additional 
        authority and support needed for the public/private Y2K 
        assessment effort to be a success.
  --Congress should enact some form of limitation on liability for 
        health care providers that have taken steps to prevent Year 
        2000 problems from affecting patient care. To a great extent, 
        hospitals must rely on manufacturers of medical equipment and 
        devices--and on vendors providing other systems and products--
        to disclose whether a Year 2000 problem may arise, and how to 
        correct the problem. In addition, some products and systems may 
        have been purchased by hospitals years ago, before the Year 
        2000 date change became a consideration. Providers should not 
        be liable for damages for the Year 2000 limitations of those 
        products and systems, especially when they have taken good 
        faith, reasonable steps to minimize the risk.
  --One way to approach this liability issue is to broaden the 
        president's recently announced ``Good Samaritan'' proposal. The 
        aim of the proposal is to shield from liability businesses 
        that, in good faith, share information on solving the Y2K 
        problem. First, we suggest also addressing in that legislative 
        vehicle our concerns about liability mentioned above. In 
        addition, protecting hospitals and health systems from 
        liability for treating a patient with a medical device that the 
        manufacturer has assured us is Y2K compliant, but turns out to 
        have caused harm because it is not compliant, is also 
        necessary.
  --Congress should authorize periodic payments under Medicare. These 
        payments, based on past payment levels, should be implemented 
        to ensure adequate cash flow for providers in case carrier and 
        fiscal intermediary payment systems fail due to the date 
        change. Congress also should ensure that HCFA has adequate 
        funding to ensure Y2K compliance, including the testing needed 
        to demonstrate that the claims processing and payment systems 
        work for the government, providers, contractors, and 
        beneficiaries alike.

    Mr. Chairman, the Year 2000 issue will affect every aspect of 
American life, but few, if any, are as important as health care. 
America's hospitals and health systems, their state associations, and 
the AHA are partners in the effort to prepare for the Year 2000. We 
encourage Congress and our federal agencies to work with us as well. 
Together, we can ensure a smooth--and healthy--transition into the new 
millennium.
                                 ______
                                 

   Responses of Jennifer Jackson to Questions Submitted by Chairman 
                                Bennett

    Question 1. [Status of biomedical device discovery, remediation, 
and testing in hospitals]
    Ms. Jackson, your testimony points out the potential patient safety 
problems with noncompliant Y2K biomedical devices, and you call for a 
national clearinghouse for information about compliant Year 2000 
biomedical products. As you stated, only the manufacturers of the 
devices have this Y2K data.

  --How do you recommend establishing and operating this clearinghouse?
  --What specific recommendations can you make to hospitals which may 
        be behind in their Y2K efforts or struggling to understand the 
        scope of biomedical devices?

    Answer. The emphasis should be on a public-private partnership. 
There are currently a number of data bases, including the FDA's, the 
Veteran Administration's, and the one developed by a consortium of 
state hospital associations and the AHA, the Security Third Millennium 
product, that can serve as a base for this effort. AHA plans to follow-
up with the FDA and others to explore the potential for sharing 
information and any legal or other impediments. Any clearinghouse 
effort, however, will be dependent on getting the needed information 
from the manufacturers. If the FDA believes it does not have the 
authority to mandate disclosure, we urge Congress to enact self-
implementing legislation that would mandate disclosure by the 
manufacturers.
    AHA offers a range of services through which members can access 
relevant literature, vendors and products, and be connected with their 
peers to exchange information about their experiences in addressing Y2K 
issues. A briefing book developed for members, Y2K: Mission Critical, 
provides a framework for approaching the full range of Y2K issues, 
starting with an inventory and assessment of what potentially may be 
affected. (A copy of this book has been shared with staff of the 
Special Committee and an additional copy will also be forwarded with 
this letter.) A hospital can either assign someone the responsibility 
to develop a plan based on the many resources available, or subscribe 
to a service that will bring together the specific information an 
individual hospital needs, like Security Third Millennium.
    Question 2. [Rural hospitals]
    Ms. Jackson, the Committee keeps hearing about potentially serious 
Y2K problems with hospitals serving rural populations. Reports to our 
staff indicate that the limited budgets of small hospitals make it 
difficult for them to adequately staff Y2K efforts. In addition, the 
fact that there may not be an alternative health care facility for many 
miles makes their situation even more dire.

  --Are these reports accurate? If so, what suggestions would you have 
        for small hospitals?
  --Do you see a role for the federal, state, or local government?

    Answer. Preliminary information from a survey conducted by AHA that 
accompanied the Y2K: Mission Critical briefing book, suggests that 
rural hospitals are not significantly different from others with 
respect to the issues they have been examining and the steps they are 
taking to become Y2K compliant. While rural hospitals do not have the 
staff and other resources available to larger hospitals, they also do 
not have the same scale of operation, nor the same high-tech equipment 
demands as larger hospitals. However, it is still too early to know 
what the ultimate cost or resource requirements will be. Small and 
rural hospitals that are part of larger systems will have the benefit 
of the system's expertise and resources. Coalitions of smaller entities 
are also being formed to share information.
    Small and rural hospitals are particularly concerned about the Y2K 
readiness of others upon whom they must depend and over whom they have 
no control. The uninterrupted flow of payments from Medicare, Medicaid 
and other payers is a top priority. All levels of government have a 
role to play in making sure that government programs pay on time, and 
have adequate contingency plans to ensure that this happens. In 
addition, the government can ensure that the basic services that help 
support the operation of hospitals is not interrupted (e.g. water, 
power, communications).
    Question 3. [Contingency Plans for Y2K hospital operations and 
Medicare payments]
    Ms. Jackson, your testimony raises the issues of Y2K contingency 
planning. Could you please share your thoughts on two specific ``What 
if something goes wrong?'' scenarios.

  --If Y2K disruptions prevent hospitals from being able to medically 
        function, what kind of contingency planning does AHA recommend? 
        For example, how would a hospital evacuate patients and where 
        would they take them?
  --What if HCFA cannot promptly pay Medicare health claims? What is 
        the recommendation of AHA on how the government should pay 
        Medicare health claims while protecting the fund against fraud 
        and abuse?

    Answer. Hospitals are routinely required to have disaster and 
contingency plans. The Joint Commission on Accreditation of Health Care 
Organizations also addresses the need for contingency plans. Y2K 
contingency planning would supplement what already exists. The 
specifics of a Y2K plan will vary depending on the Y2K compliance of 
the hospital and the readiness of its community. Hospitals need to be 
actively engaged with their public safety and public health partners. 
It is likely that hospital contingency plans will evolve as more and 
better information becomes known about the extent to which their own 
operation is Y2K compliant, as well as that of others within their 
community.
    HCFA should establish a fail-safe contingency plan to address 
potential noncompliance at all stages in the claims payment process. 
Advance periodic payments, based on past payment levels, is an 
important component of a contingency plan. AHA recognizes that the use 
of past payment levels could result in underpayments based on actual 
services delivered, as well as overpayments. Records would have to be 
maintained and a reconciliation would ultimately occur, based on the 
same standards as would otherwise apply. At the same time, many 
hospitals and health care organizations have established formal 
compliance programs designed to achieve the best possible compliance 
with the complex billing requirements and regulations of the Medicare 
program.
    Question 4. [Medicare Payments]
    Ms. Jackson, you stated that the Health Care Financing 
Administration will not meet some of the Balanced Budget Act of 1997 
changes in Medicare formulas and rates due to Y2K renovation and 
testing activities. Has AHA estimated how much the BBA delays will 
affect the hospital industry, and what do you propose as a solution?
    Answer. Because of its Y2K preparations, HCFA has proposed delaying 
both routine FY 2000 inpatient hospital Prospective Payment System 
(PPS) updates as well as implementation of PPS for outpatient hospital 
and home health payments. Each of these presents specific difficulties 
for hospitals.
    By our estimates, the proposed six-month delay in routine updates 
to Medicare hospital payments would total approximately $300 million, 
with an additional $40-$50 million accruing in interest owed to 
hospitals over this period. HCFA's Y2K efforts should be substantially 
complete by October 1, 1999. Moreover, AHA believes that HCFA should 
have no difficulty making these routine adjustments to a 15-year-old 
system of hospital payment. If in fact, they cannot, in the interim the 
current (FY99) standardized amount should be increased by the FY2000 
updates. Other required adjustments could be made retrospectively. This 
will help avoid causing cash flow problems in hospitals across the 
country.
    Home health presents a different set of problems. With PPS 
scheduled to take effect in FY2000, home health providers are being 
paid under an interim system that has produced very serious unintended 
consequences for efficient providers. Congress is currently struggling 
to refine this interim system during this legislative year, a task made 
much harder if that fix must cover a 3 or 4 year time frame, instead of 
2 years. AHA supports the solution embodied in H.R. 4252, introduced by 
Reps. English (R-PA) and Neal (D-MA).
    Hospitals supported the creation of PPS for outpatient payment in 
hopes of bringing predictability and simplicity to a very fragmented 
and confusing payment system. Until PPS is finally implemented, we 
would ask HCFA not to worsen our situation by requiring us to make 
further changes--such as implementing the new Ambulatory Surgery Center 
methodology--without the promised simplification. In addition, contrary 
to what Congress intended, hospital outpatient payments will be 
negatively affected by revisions to the physician payment. The best 
interim solution for outpatient payment is to freeze the system until 
PPS can be adopted.
    Question 5. [Strategic Risk Management]
    At what point should hospitals begin to determine whether or not 
they should refrain from scheduling routine procedures and elective 
surgeries during the first week of January 2000?
    Answer. Contingency planning will be an on-going process. Hospitals 
will want to minimize the demands on their systems while they begin 
actual operations in 2000. Their decisions about when to begin business 
as usual will depend on their own preparations, as well as the 
readiness of those on whom they must depend. It is certainly the goal 
of our members that they will not need to make scheduling changes for 
routine procedures and elective surgery.
    Question 6. [Information sharing]
    Are you aware of any large health organizations which are working 
to mitigate Y2K problems in concert with others in the private sector? 
If so do you know of any plans to share this information with smaller 
hospitals which may be struggling to afford Y2K programs?
    Answer. AHA and its state hospital and health care associations are 
working to assure that members have access to the information needed to 
meet the Y2K challenge. This ranges from culling relevant literature 
and sponsoring educational programs, to connecting hospitals with their 
peers to exchange expertise and information. Hospitals are getting 
together to seek information from vendors, as well those who would be 
interested in volunteering some of their staff to smaller organizations 
if their liability issues are addressed. The Y2K: Mission Critical book 
also provides samples of the variety of tools organizations are using 
to address Y2K issues.
                                 ______
                                 

Responses of Jennifer Jackson to Questions Submitted by Senator Collins

    Question. In your estimate, how much will it cost rural hospitals 
to become Y2K compliant?
    Answer. It is still too early to know what will be the ultimate 
cost for Y2K compliance. Anecdotal information indicates that however 
reasonable preliminary estimates may be, the actual amount will exceed 
those estimates. Rural hospitals will be in a better position to make 
informed estimates as information becomes available from the 
manufacturers and vendors about the Y2K status of their products and 
services, and the options for bringing those that are noncompliant into 
compliance.
    Question. What is your primary concern for rural hospitals?
    Answer. The primary Y2K concern related to rural hospitals is that 
they receive information from their vendors and others on which they 
depend for basic infrastructure support, early enough to permit them to 
obtain any needed financial resources to carry out their Y2K compliance 
plans. For the rural hospitals, assuring that there is no interruption 
in payments for health care services from the government or private 
payers is also of critical importance.
                               __________

                 Prepared Statement of Kenneth W. Kizer

                              introduction
    Good morning Mr. Chairman and members of the Committee. I 
appreciate the opportunity to testify before you on the healthcare 
issues and on the potential risks to patient safety that are posed by 
Year 2000 (Y2K) technology compliance problems. My comments are 
especially directed toward biomedical equipment and medical devices, 
and are based on the experience of the veterans healthcare system in 
defining the extent of the Y2K problem for hospitals and healthcare 
systems.
                               background
    Technology has been responsible for many of the advances of modern 
healthcare, so it is ironic that this same technology now may present 
hazards to patient care when the 21st century begins.
    Most medical devices, like other information technologies, were 
designed when there was little concern about how year references were 
reflected in hardware or software. Historically, most dates programmed 
in computers and medical devices have been based on a two-digit year--
i.e., ``97'' rather than ``1997.'' This was done in the early days of 
computing because of the high cost of data storage, and the practice 
was continued until relatively recently.
    The essence of the current Y2K problem stems from the fact that 
when the year ``2000'' is entered as ``00,'' systems and devices may 
not recognize this entry as a correct year, and thus, programs may 
fail, they may not perform as designed, they may reject legitimate 
entries or they may yield erroneous results. Thousands of medical 
devices may be affected by one or more of these problems that 
constitute what I have called the ``Millenium Bug Syndrome'' or 
``MBS''.
    The MBS may occur with technology-related processes that sort by 
date or that require a comparison by dates, processes that calculate 
age or processes that perform other date-related tasks. For example, an 
incorrect date or time sequence in the output of a blood gas analyzer 
could cause confusion when interpreting the sequential results, causing 
errors in diagnosis and treatment. Likewise, an incorrect age 
calculation which is stamped on an automated chest X-ray could prompt 
unnecessary further testing or even cause a misdiagnosis.
    Hospital information management systems; building systems 
controlling heating, ventilation and air conditioning, security, and 
elevators; and billing and accounting systems also are all subject to 
the MBS. All such systems and devices must be thoroughly checked, and 
repaired or replaced, as required, before January 1, 2000.
    While most of the problems identified to date are relatively minor 
and can be repaired, many healthcare institutions across the country 
are not positioned to accomplish these needed repairs. More 
importantly, though, is that at this time too many healthcare 
institutions do not yet know whether they have a problem, or how big of 
a problem they have.
                     general healthcare y2k issues
    For the healthcare industry, the inability of many computers to 
process date information later than December 31, 1999, is more than 
just a computer or information management problem. For hospitals and 
healthcare systems, Year 2000 problems originating from both internal 
and external sources may, if left unattended, threaten the whole 
institution, not just those departments that are concerned directly 
with information technology. Uncorrected Year 2000 problems could 
compromise patient care, disrupt core business functions and create 
substantial liability exposure.
    I believe the healthcare industry is at greater risk than many of 
the other industries that are also grappling with the Y2K problem 
because there are so many information systems in hospitals--from 
admissions to discharges, transfers, medical records, inventory 
control, clinical informatics and billing--which may be affected by Y2K 
problems and which may have both direct and indirect effects. For 
example, delays in payments from third-party payers could be crippling 
if cash-flow problems result in staffing shortages. Similarly, if a 
Year 2000-induced error causes a piece of laboratory equipment to skip 
a function, or perform a function twice, a patient could get the lab 
results of the patient who preceded or succeeded him or her, with 
potentially adverse consequences. Likewise, without proper dating 
systems, inventory reorder dates will be impacted with the consequent 
risk of running out of needed supplies. This could be particularly 
problematic for hospitals, since they typically maintain a minimal 
depth of inventory for perishable items such as sutures and blood 
products.
    Further, modern healthcare depends on many external information 
technology systems, so simply fixing a hospital's in-house systems and 
biomedical equipment will not necessarily guarantee a smooth transition 
into the new millennium. For example, every healthcare system depends 
upon suppliers for goods and services. What if the linen service, food 
suppliers, ambulance services, power management systems, oxygen 
suppliers and reference labs, to name some, have problems in their 
systems that make it difficult or impossible to take orders, to manage 
inventory and to deliver what a hospital and its ancillary systems 
need? Failure or malfunction of any of these systems could potentially 
disrupt patient care.
                   vha's approach to the y2k problem
VHA size and scope
    Within U.S. Department of Veterans Affairs (VA), the Veterans 
Health Administration (VHA) operates the largest fully integrated 
healthcare system in the United States. A wide range of electronic 
information systems, biomedical equipment, facility management systems 
and other computer-based system products provide vital support to the 
delivery of healthcare and other services to veterans at over 1,100 
sites of care delivery. (VA medical care assets include 171 hospitals, 
over 600 ambulatory and community-based clinics, 133 nursing homes, 40 
domiciliaries, 206 counseling centers and 73 home health programs, as 
well as various contract treatment programs.)
    VHA currently has an installed inventory of over 125,000 models of 
medical devices with an acquisition value of several billion dollars. 
The inventory is diverse and ranges from the most general, such as 
suction machines and sphygmomanometers to the more complex, such as 
magnetic resonance imaging systems and extracorporeal lithotripters.
    VHA's diverse systems and equipment inventory includes hospital 
information systems and applications, corporate information systems and 
databases, commercial off-the-shelf (COTS) hardware and software, 
communications systems and networks, biomedical equipment, laboratory 
and research systems and other computer-controlled facility equipment. 
There are many data interfaces among the systems and thousands of types 
of equipment and devices in this extensive inventory. At the core of 
VHA's systems environment is the Veterans Health Information Systems 
and Technology Architecture (VISTA). VISTA is a critical element of the 
total systems environment that provides information management support 
to VHA healthcare facilities. It is continually being developed and 
enhanced.
VHA approach
    To address potential Y2K problems, VHA established a Year 2000 
Project Office in 1996. The Project Office prepared The VHA Year 2000 
Compliance Plan in April 1997, which included a structured compliance 
plan for all categories of VHA's systems and equipment inventory, 
assigned responsibilities for all actions and provided performance 
tracking and reporting requirements.
    To ensure coverage of all affected VHA medical devices, systems and 
software, we prepared plans tailored to specific classes of products, 
as follows:

    VISTA software applications.--The Veterans Health Information 
Systems and Technology Architecture (VISTA) is the heart of VA medical 
facilities information resource management activities. VHA's VISTA 
application development requirements in effect since 1984 dictate a 
standard method of storing and deriving date information through the 
use of a pre-existing database management system known as VA File 
Manager.
    VA File Manager uses a seven digit date field that has three digits 
for the year (rather than the common two-digit year field in most 
legacy systems) and two digits each for the month and day (date format 
is YYYMMDD). The year is specified according to the number of years 
from the year 1700.
    Because of the decision to use the VA File Manager date standard, 
the core VHA application systems were expected to be able to support 
date information through the year 2699. This expectation was confirmed 
in our assessment phase. Our programming approach eliminated most of 
the two versus four digit year issues for the majority of software 
applications at VHA medical facilities. The databases used by and 
linked to these applications, interfaces between these applications and 
other systems and equipment, and other system products that do not use 
the VA File Manager date format, have been carefully assessed for Year 
2000 compliance. VISTA is a vital part of the total computer systems 
environment that provides information resources and support at VHA 
healthcare facilities.
    VHA in-house staff assessed, repaired, tested and are now 
installing needed repairs at our hospitals. Assessment, repair and 
testing were done centrally, while implementation is being done 
locally.
    Local software applications.--Many special purpose programs have 
been developed in VHA. These have been written by local Information 
Resource Management staff or other system users on-site, or they have 
been imported from other VA medical centers. These programs generally 
meet a local need or extend the functionality of nationally released 
software. These software applications have more non-compliant code, but 
have fewer users and less mission and financial impact. Such programs 
are being assessed and repaired at the local level, and many of these 
local applications have been discarded as a result of the Y2K analysis.
    VHA corporate systems.--These systems and databases involve a wider 
range of programming languages (including OS/VS COBOL, COBOL II, and 
ALC) than the VISTA application suite. VHA defines corporate systems as 
applications that gather information from one or more field facilities, 
and the supported database(s). An example would be the National Mental 
Health Database System, which runs on a PC at the Pittsburgh (Highland 
Drive) VA Medical Center. This system is used for performance 
measurement purposes, and it is updated weekly by 97 substance abuse 
treatment programs and 73 post-traumatic stress disorder (PTSD) 
programs that are located at 120 medical centers. These types of 
corporate systems are being assessed by their sponsors and repaired 
either by in-house staff or contractors.
    COTS software.--There are over 3,000 COTS software packages in use 
at VHA facilities. These include various versions of PC operating 
systems, office automation products, communications software, desktop 
publishing software and project management software. There are also 
clinical software packages for such applications as intensive care unit 
monitoring or nurse scheduling. In addition, there are server operating 
systems and utilities, Internet services packages, network management 
tools, database and software development environment tools, and 
operating systems utilities. While we have done some testing of these 
software packages ourselves, because of the number of such products, 
VHA, like other healthcare organizations, is dependent on manufacturers 
to disclose the Y2K compliance status of such products.
    Databases and data archives.--There may be as many database files 
as there are application programs in the VHA inventory. Today's 
relational database structures encourage large numbers of interrelated 
files. If any file has a two-digit year field, then it must be 
thoroughly assessed. If one database must be changed in order to be 
made Year 2000 compliant, then databases and programs linked to it may 
also need to be changed. Data archives might have to be converted if 
the databases to which they refer are upgraded for Year 2000 
compliance. Local owners of databases and files are responsible for 
their assessment and repair.
    Computer and communications hardware.--In addition to personal 
computers on employees' desks, there are servers for printer and file 
sharing, automated phone systems, voice mail and fax back services, 
computers for electronic mail, computers in fax machines and in-network 
hubs and switches, and computers that monitor system activity. These 
systems are often highly interlinked and interdependent.
    Assessment of said equipment has been done through testing and from 
information from manufacturers. Repair and replacement is a local 
business decision.
    Facilities-related systems and equipment.--Facilities-related 
equipment systems are vitally important to VHA in providing quality 
healthcare service. These include those systems that control elevators; 
heating, ventilating, and air conditioning equipment; lighting; 
security; and disaster recovery. Staff from engineering, information 
resources, facilities management, acquisition and administration are 
being involved to ensure that facility-related equipment will be Year 
2000 compliant.
    Biomedical equipment.--Biomedical equipment includes a myriad array 
of devices that record, process, analyze, display and transmit medical 
data. Examples of such equipment and devices include computerized 
tomographic (CT) and nuclear magnetic resonance imaging (MRI) systems, 
cardiac monitoring systems, tissue and blood gas analyzers, cardiac 
defibrillators and various laboratory analyzers, to name a few. Some 
devices interface and exchange data with VISTA application systems and 
other VHA system products. In addition to the medical devices used in 
clinical care, those devices and equipment used in medical research 
facilities also are being inventoried and assessed for Year 2000 
compliance.
    The Safe Medical Devices Act of 1990 requires manufacturers of 
medical devices to track and resolve problems with medical equipment 
that may threaten a patient's well being. As a result, most recently 
manufactured medical devices should be unaffected by the Year 2000 
problem. However, most hospitals and healthcare systems utilize a wide 
range of devices that have been manufactured over the past two or three 
decades. In an effort to define the extent of VHA's potential problem 
with biomedical equipment, early last summer, we identified over 1,600 
manufacturers from whom we had purchased equipment or devices over the 
years; this is out of a universe of over 16,000 medical supply and 
device manufacturers. Over the past 10 months, we have solicited data 
from these manufacturers as many as four times (depending on the 
manufacturer's response). The dialogue continues with manufacturers 
whom we have not heard from or who have advised us that their product 
is noncompliant.
    VHA has established multi-disciplinary oversight teams to 
investigate medical devices for compliance at each VA medical center. 
These Medical Devices Integrated Product Teams include a radiologist, a 
pathologist, a cardiologist, a surgeon, a nuclear medicine physician, 
engineers, acquisition specialists and administrative personnel.
    VHA has developed a process for identifying, inventorying, 
assessing, and evaluating VHA medical devices at risk for the millenium 
change. We have also developed a Year 2000 patch for the VISTA software 
module used in inventory and our preventive maintenance programs. The 
software patch for Y2K compliance provides additional fields needed to 
conduct assessment, track the status and complete necessary compliance 
reports for Y2K activities
VHA results
    VHA is currently on target to achieve Year 2000 compliance for its 
mission-critical systems within the schedule imposed by the Office of 
Management and Budget (OMB). This includes complete renovation of both 
VISTA and Corporate Systems, with implementation scheduled for March 
1999. The renovation of all VISTA and Corporate Systems applications is 
projected to cost less than $2 million.
    The results of VHA's assessment revealed that approximately 8 
percent of the total VISTA code required renovation to achieve 
compliance. Renovation was contained in 66 applications, with none of 
the renovation work being categorized as more than minor repair; 
renovation is now 100 percent complete. Hospitals are currently 
averaging 72 percent implementation of the 61 enhancement or 
modification patches released to bring VISTA applications into 
compliance.
    In the biomedical equipment and medical device area we can now 
report that:
  --694 manufacturers have certified to us that their products are Y2K 
        compliant, meaning that there should be no problems because the 
        device does not rely on date coding or they have already 
        addressed the issue. (Many of these devices are items 
        manufactured in recent years.)
  --34 manufacturers have reported that a total of 182 models of 
        equipment or devices are not Y2K compliant and are no longer 
        supported by the manufacturer. These models are considered 
        obsolete and will not be fixed by the manufacturer, even though 
        in many cases the device is still functional and commonly used.
  --102 manufacturers have reported that they produce a total of 673 
        models that currently are not Y2K compliant, but that they 
        intend to repair or otherwise fix the device. In most cases, 
        though, the manufacturer has not stated how the Y2K 
        noncompliance will affect the function of the device or exactly 
        what will be done to fix it. The manner in which the 
        manufacturers will be providing the fix--e.g., whether they 
        will charge for it, send a repair technician to the facility or 
        require the product be sent back, etc.--varies widely among the 
        manufacturers.
  --53 manufacturers reported they are still doing analyses of their 
        products and, thus, we don't know what to expect from them.
  --Inquiries to 201 manufacturers were returned to VHA marked ``Return 
        to Sender.'' After four tries over a 10-month period, we are 
        assuming, at this point, that we will never know about the 
        devices produced by these manufacturers.
  --We have also identified 96 manufacturers who we believe have gone 
        out of business or have been acquired by another entity since 
        we initially acquired their products.
  --The remaining 233 manufacturers have not responded to us despite 
        our multiple inquiries.
    Thus, overall, we know at this time that we have 855 models of 
devices and equipment that are not compliant, and about 20 percent of 
these will not be made compliant by the manufacturer. And even after 
four separate queries, we have not been able to get a response from 
about 30 percent of manufacturers. In interpreting these figures, 
please keep in mind the size of customer that VHA is and, thus, the 
business interest of the manufacturers to be responsive to us. Other 
than that, we have no reason to believe that our experience is not, or 
will not be, typical of other healthcare providers.
                             other efforts
    VHA is working closely with the Office of the Assistant Secretary 
of Defense for Health Affairs to optimize the sharing of information 
with the DOD healthcare system. VA is also working closely with the 
National Institutes of Health, Centers for Disease Control, and Food 
and Drug Administration within the Department of Health and Human 
Services, who share common Year 2000 problems in the areas of 
biomedical and clinical equipment and laboratory facilities.
    VHA has participated in national meetings and made presentations on 
our activities to the Association for Advancement of Medical 
Instrumentation, the American Society of Healthcare Engineers, and the 
Joint Commission on Accreditation of Healthcare Organizations' (JCAHO) 
Seminars on Y2K Compliance Activities.
    More recently, VHA has been working with other members of the 
National Patient Safety Partnership (NPSP) to increase awareness of the 
Millenium Bug Syndrome within the healthcare industry. For example, two 
weeks ago, we joined with the American Hospital Association, the 
American Medical Association, the American Nurses Association and JCAHO 
in calling on the nation's medical equipment manufacturers, medical 
equipment sales and retail industry, retail pharmacies and other 
organizations that place medical devices in use to join in the effort 
to identify and address potential patient safety problems resulting 
from Y2K problems.
    At the press conference 2 weeks ago the NPSP called for four 
things.
    First, the Partnership called on all healthcare practitioners and 
medical treatment facilities to survey their equipment and seek 
information from their relevant medical equipment, devices or systems 
manufacturers about their products' Y2K compatibility.
    Second, the Partnership called on all healthcare consumers who use 
medical devices at home to check with the healthcare provider about the 
product's Y2K compatibility. As you know, a very large amount of 
healthcare is now provided at home.
    Third, the Partnership called upon the nation's medical equipment 
manufacturers to take immediate action--if they have not done so 
already--to identify their devices' compliance. We urge in the 
strongest possible terms that equipment and device manufacturers 
provide this information no later than January 31, 1999, so that there 
will be ample time to address identified problems.
    And fourth, the Partnership calls for the establishment of a 
single, national clearinghouse from which this information can be 
readily accessed by anyone.
                               conclusion
    In closing, let me reiterate that while the Millenium Bug Syndrome 
has implications for nearly every industry and many households 
nationwide, it is particularly critical for healthcare, since 
healthcare today is so dependent on the use of biomedical equipment and 
medical devices that rely on embedded, date-dependent information 
technology. Moreover, we now know that many medical devices are not 
Year 2000 compliant, and a significant number of these will not be made 
compliant by their manufacturers.
    We also know that when the clock rolls forward to the 21st century, 
526 days from today, about 3.8 million Americans each day will receive 
healthcare at hospitals, clinics and nursing homes, with many more 
being treated at home; each of these patients will typically have 
multiple different interactions--sometimes hundreds--with equipment, 
devices and/or information technology systems. When you consider the 
extraordinary number of such interactions with technology, then it 
begins to become clear how large is the potential for adverse events to 
occur, even if the problem involves only a small percentage of devices 
or systems. Fortunately, we still have time to ensure that no patient 
suffers harm as a result of the Millenium Bug Syndrome if concerted and 
aggressive action is taken in the months ahead.
    We thank the Committee for its assistance in helping to resolve 
this technological problem.
                                 ______
                                 

           Year 2000 and Medical Devices: Demonstration Items

                 1. zoll defibrillator (model pd 1200)
  --Preliminary results indicate that functionality of the 
        defibrillator will not be affected
  --Date stamp 00, thus requiring manual dating and the attendant 
        increased opportunities for errors
  --Manufacturer has responded with a courtesy reply that they will get 
        back to VA, and so we characterize the compliance status of 
        this device as ``unknown''
         2. spacelabs patient monitor (model pc express 90308)
  --Cardiac monitor used in critical settings such as ICUs; 50,000 
        monitors of some type is probably a conservative estimate
  --Alarm will not sound unless a software problem is addressed
  --As part of a patient monitoring system connected via a local area 
        network, clinicians will not be able to correctly determine 
        when a patient alarm situation has occurred, dramatically 
        affecting care when a response measured in minutes is necessary
  --Company reports to VA that a patch will be available in January 
        1999, hence we characterize the device as ``conditional 
        compliant''
  --Company current states that the patch (free) must be ordered by 
        December 15, 1998; manufacturer's current policy as stated to 
        VA is requests after 12/15/98 will not be filled. Thus, 
        institutions need to be aware of the problem, survey their 
        equipment, and contact the manufacturer by the deadline
  3. varian linear accelerator (model clinac 18, software version 5.2)
  --Used in cancer therapy; designed to destroy tissue, so precision is 
        critical and under dosage or over dosage is not acceptable
  --Although Varian considers this an older, obsolete unit, the 
        manufacturer reports it will supply a patch at no charge--i.e., 
        the status currently is conditional compliant pending receipt 
        of patch and manufacturer's assurance that it addresses the 
        problem
            4. vernitron steam sterilizer (model r1626rpyi)
  --Sterilizers affect the whole operation of a facility, but VA 
        currently has no information as to the Y2K compliance status of 
        this equipment
  --Sterilizers were not part of the initial national oversight survey, 
        but have been added
  --VA (local facility) has made several attempts at contact the 
        company with no response to date
               5. alaris infusion pump (model gemini pc4)
  --Subtle, but significant Y2K problem. Proper service diagnostics 
        can't be performed on this pump. Since a valid date cannot be 
        entered following service activity or battery replacement, 
        proper and complete routine or emergency maintenance on the 
        device is not possible. This could then lead the device to 
        malfunction and result in patients getting improper doses of 
        medications and/or fluids. In other words, when someone 
        ``fixes'' or checks the device for routine ``maintenance'', 
        there will be uncertainty as to whether it has been ``fixed'' 
        or ``maintained'' correctly.
  --VA currently characterizes the document as conditional compliant
     6. marquette medical system electrocardiograph (model mac 12)
  --An error code is printed on the statement instead of a date. 
        Illustrates the problem of the lack of date stamp contributing 
        to a time-consuming, ``hassle factor'' for healthcare personnel
  --When the operator turns the machine off at the end of the day or 
        after use on a patient, the next time the equipment is turned 
        on the entire machine must be recalibrated before using the 
        device because the machine ``thinks'' it is new and resets its 
        internal clock to 1980
  --Recalibration (10-15 minutes) wastes valuable time, and the date 
        still won't print even after recalibration
  --Additionally, some devices in this model line are Y2K compliant and 
        will work without the upgrade--compliance depends on when the 
        device came off the assemby line. However, since some models 
        won't work without the upgrade, all machines will need to be 
        checked
  --Conditional compliant; company says patch will be available
    7. picker international, inc. ct scanner (model pq2000) picker 
            international, inc. mri system (model edge 1.5t)
  --Compliance had been unknown for these devices and models, although 
        Picker had been contacted by VA several times and even though 
        VA is a significant customer. VA has >100 Picker CT scanners 
        ($1.3 million per scanner) and dozens of MRIs at 
        approximately $1.7 million per unit.
  --The day after VA highlighted Picker's non-responsiveness at a press 
        conference, the manufacturer contacted us that it would soon be 
        providing VA with information about the Y2K compliance status 
        of these items. Then, the evening before the Senate hearing, 
        Picker informed VA it had a Web site and that its devices would 
        be compliant.
           8. physio-control defibrillator (model life pak 7)
  --Unlike the Zoll defibrillator, VA has identified this product as 
        non-compliant based on information provided by the 
        manufacturer. The model is more than 9 years old and no longer 
        produced, though still in use
  --The defibrillator is equipped with a real-time clock feature that 
        does not support the change to the Year 2000 and no 
        modifications are planned
  --Depending on the device, it either won't print a date or will print 
        an erroneous date, which could lead to subsequent treatment or 
        interpretation errors
  --Replacement cost is $10,000 per unit, and a typical VA 
        facility might have 10-30+
          9. densply/gendex dental x-ray (models 770 and 900)
  --Illustrates the difficulties in tracking down company information 
        due to the rapid changes in the industry--i.e., mergers, 
        acquisitions and bankruptcies
  --Original letter was sent to Gendex, but returned as unknown 
        addressee. Only after 10 months of repeated follow-up and 
        investigations was it learned that Gendex had merged with 
        Densply, which VA is now in the process of contacting for Y2K 
        compliance and assistance. Such follow-up would be difficult 
        for most small systems or individual providers
  --Compliance of this particular device is currently unknown
  --There will be, without doubt, devices for which compliance will 
        remain unknown on December 31, 1999, necessitating contingency 
        planning for those items
 10. computerized medical system radiation therapy treatment planning 
                 device (model cms modulex rtp system)
  --Used in radiation therapy (Cobalt 50), but manufacturer considers 
        this particular model obsolete and does not intend to provide a 
        patch; device is non-compliant
  --Manufacturer has been open and forthcoming, stating that VA should 
        ``turn this device off'' and not use it. After December 31, 
        1999, the device poses a harm to a patient because too much, or 
        too little, radiation could be delivered. Specifically: (i) an 
        incorrect date stamp indicating when the patient received 
        radiation therapy could affect the treatment plan for the 
        individual; and/or (ii) these units involve the use of a 
        ``live'' radioactive source to treat the patient. Such sources 
        lose their strength, i.e., decay, over time. Since information 
        affecting the strength of the source is entered into the system 
        and tracked by date, the calculation for a particular dosage 
        for an individual patient would be affected and an incorrect 
        dosage delivered
  --VA has 3 of these units, which originally cost 
        $150,000; replacement cost $200,000 to $250,000

                              VHA Y2K PROJECT OFFICE LIST OF MEDICAL DEVICE MANUFACTURERS WITH NO RESPONSE TO ALL 4 LETTERS
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                   Received
               Name of manufacturer                         Street address         response                 City                      State         ZIP
--------------------------------------------------------------------------------------------------------------------------------------------------------
ABTOX INC.........................................  104 Terrace Drive............  ........  Mundelein.........................  IL.............   60060
ACCUTOME..........................................  490 Lancaster Avenue.........  ........  Frazer............................  PA.............   19355
AEQUITRON MEDICAL.................................  14800 28th Avenue North......  ........  Minneapolis.......................  MN.............   55447
ALLERGAN INC......................................  92525 Dupont Drive, P.O. Box   ........  Irvine............................  CA.............   92713
                                                     19534.
ALTEC.............................................  1515 S. Manchester Ave.......  ........  Anaheim...........................  CA.............   92803
AMEDCO HEALTH CARE DIV. HEALTHCARE PRODUCTS INC...  739 Goddard Ave..............  ........  Chesterfield......................  MO.............   63005
AMERICAN ELECTROMEDICS............................  13 Columbia Dr. Suite 18.....  ........  Amherst...........................  NH.............   03031
ANGUS ELECTRONICS CO..............................  P.O. Box 24000...............  ........  Indianapolis......................  IN.............   46224
APEC..............................................  83 Pine Street...............  ........  Peabody...........................  MA.............   01960
API-LIRCO.........................................  118 Starlite Street..........  ........  South San Francisco...............  CA.............   94080
ARNDORFER INC.....................................  5656 Grove Terrace...........  ........  Greendale.........................  WI.............   53129
ASPECT MEDICAL SYSTEMS............................  2 Vision Drive...............  ........  Natick............................  MA.............   01760
AUTOMATED PRESCRIPTION............................  4333 Shreveport Highway......  ........  Pineville.........................  LA.............   71360
BALDOR ELECTRIC...................................  P.O. Box 2400................  ........  Fort Smith........................  AR.............   72901
BALLARD MEDICAL PRODUCTS..........................  12050 Lone Peak Parkway......  ........  Draper............................  UT.............   84020
BARRAMUNDI CORP...................................  P.O. Drawer 4259.............  ........  Homosassa Spring..................  FL.............   34447
BAXA CORPORATION..................................  13760 East Arapahoe Road.....  ........  Englewood.........................  CO.............   80112
BAYLOR BIOMEDICAL SERVICES........................  2625 Elm St. Suite 102.......  ........  Dallas............................  TX.............   75226
BETA TECHNOLOGY INC...............................  151 Harvey West Blvd.........  ........  Santa Cruz........................  CA.............   95060
BIOMARINE INCORPORATED............................  131 Wallace Avenue, Suite 3..  ........  Downingtown.......................  PA.............   19335
BURKE INC/BED DIV.................................  1800 Marriam Lane............  ........  Mission...........................  KS.............   66106
CARDIOVISTA SYSTEMS INC...........................  2691 Picker Ave., Suite 115..  ........  Irvine............................  CA.............   92714
CASCADE X-RAY SPECIALTIES.........................  P.O. Box 1605................  ........  Yakima............................  WA.............   98907
CEMAX-ICON INC....................................  47281 Mission Falls Ct.......  ........  Fremont...........................  CA.............   94539
CHIRON DIAGNOSTICS CORPORATION/CRITICAL CARE DIV..  115 Norwood Park South.......  ........  Medfield..........................  MA.............   02052
CLINICAL DYNAMICS CORP............................  12 Beaumont Road.............  ........  Wallingford.......................  CT.............   06492
CODONICS INC......................................  17991 Englewood Drive........  ........  Middleburg Heights................  OH.............   44130
CORDIS CORP A JOHNSON & JOHNSON CO................  P.O. Box 025700..............  ........  Miami.............................  FL.............   33102
CORPAK............................................  100 Chaddick Drive...........  ........  Wheeling..........................  IL.............   60090
CWE...............................................  25 St. Paul Road.............  ........  Ardmore...........................  PA.............   19003
DEBUSK TECHNOLOGY CORPORATION.....................  300 DeBusk Lane..............  ........  Powell............................  TN.............   37849
DIAGNOSTIC SONAR INC..............................  P.O. Box 456.................  ........  Cambridge.........................  OH.............   43725
DIGIVISION INC....................................  5626 Oberlin Drive...........  ........  San Diego.........................  CA.............   92121
DYNAMIC ENGINEERING CORP..........................  2575 West Beltline Highway...  ........  Middleton.........................  WI.............   53562
ECONOMICS LAB/ECON SYS............................  3508 Tchulahoma Road.........  ........  Memphis...........................  TN.............   38118
ELCONAP...........................................  413 Market Street............  ........  Newark............................  NJ.............   07105
ERIS MEDICAL TECHNOLOGY...........................  10 Summit Avenue.............  ........  Berkeley Heights..................  NJ.............   07922
FAIRBANKS SCALE...................................  1616 Toal Street.............  ........  Charlotte.........................  NC.............   28206
FISONS INSTRUMENTS INC............................  55 Cherry Hill Dr............  ........  Beverly...........................  MA.............   01951
FITNESS EQUIPMENT CORPORATION.....................  P.O. Box 167.................  ........  Clanton...........................  AL.............   35045
FOREDOM ELECTRIC..................................  Route 6 Stony Hill...........  ........  Bethel............................  CT.............   06801
FRANTZ IMAGING INC. (FRANTZ MEDICAL)..............  595 Madison Avenue...........  ........  New York..........................  NY.............   10022
GRASEBY MEDICAL INC...............................  3796 N. Dunlap Avenue........  ........  Arden Hills.......................  MN.............   55112
HARVARD BIOSCIENCE................................  22 Pleasant Street...........  ........  South Natick......................  MA.............   01760
HEALTHWATCH INC., CAMBRIDGE MEDICAL DIV...........  2445 Cades Way...............  ........  Vista.............................  CA.............   92083
HOME DIAGNOSTICS INC..............................  2300 NW 55 Ct................  ........  Ft. Lauderdale....................  FL.............   33309
HOSPEX FIBER OPTICS...............................  P.O. Box 353.................  ........  Chestnut Hill.....................  MA.............   02167
ISELL DIVERSATRONICS..............................  2430 Boulevard of the          ........  Norristown........................  PA.............   19403
                                                     Generals.
JFM ENGINEERING...................................  7880 N.W. 56 St..............  ........  Miami.............................  FL.............   33166
KASON INDUSTRIES..................................  57 Amlajack Blvd.............  ........  Shenandoah........................  GA.............   30265
KOWA OPTIMED......................................  20001 S. Vemmont Avenue......  ........  Torrance..........................  CA.............   90502
LIFELINE INSTS INC................................  3830F Charter Park Dr........  ........  San Jose..........................  CA.............   95136
LIONHART TECHNOLOGIES.............................  P.O. Box 1925................  ........  Carson City.......................  NV.............   89701
LUMEX INC.........................................  81 Spence Street.............  ........  Bay Shore.........................  NY.............   11706
MAC BETH DIV. INSTRUMENTS.........................  405 Little Britain Rd........  ........  New Windsor.......................  NY.............   12553
MANGUM SICKLES IND................................  1200 North Sickles Drive.....  ........  Tempe.............................  AZ.............   85281
MC KESSON AUTOMATED HEALTHCARE....................  261 Kappa Drive..............  ........  Pittsburgh........................  PA.............   15238
MEDICAL GRAPHICS..................................  350 Oak Grove Parkway........  ........  St. Paul..........................  MN.............   55127
MEDIMEX...........................................  P.O. Box 14..................  ........  West Hempstead....................  NY.............   11552
MEDSCO COMFORT POUCH..............................  185 N Park Blvd., Suite 262..  ........  Lake Orion........................  MI.............   48362
MESA INDUSTRIES...................................  143 South Jackson Street.....  ........  Elkhorn...........................  WI.............   53121
METERTECH INC.....................................  63-2 Cheng Kong Rd. Sec. 1...  ........  Nan Kang..........................  Taipei.........
MODERN ENGINEERING................................  3500 Bernard Street..........  ........  St. Louis.........................  MO.............   63178
MODULAR INSTRUMENTS INC...........................  81 Great Valley Pkwy.........  ........  Malvern...........................  PA.............   19355
NICHOLS INSTITUTE DIAGNOSTICS.....................  33608 Ortega Highway.........  ........  San Juan Capistran................  CA.............   92690
NORLAND MEDICAL SYS. INC..........................  106 Corporate Park Dr., Suite  ........  White Plains......................  NY.............   10604
                                                     106.
NOVA HEALTH SYSTEMS INC...........................  1001 Lower Landing Road,       ........  Blackwood.........................  NJ.............   08012
                                                     Suite 103.
NOVA MEDICAL INC..................................  150 Eaton Street.............  ........  St. Paul..........................  MN.............   55107
OMEGA ENGNEERING INC..............................  P.O. Box 4047................  ........  Stamford..........................  CT.............   06907
OMRON HEALTHCARE/BUFFALO MEDICAL..................  300 Lakeview Parkway.........  ........  Vernon Hills......................  IL.............   60061
ONCOR INC.........................................  209 Perry Parkway............  ........  Gaithersburg......................  MD.............   20877
ORTHO-KINETICS INC................................  P.O. Box 1647................  ........  Waukesha..........................  WI.............   53187
OXFORD MEDICAL....................................  11526 53rd Street North......  ........  Clearwater........................  FL.............   34620
PHYSITEMP INSTRUMENTS INC.........................  154 Huron Avenue.............  ........  Cliflon...........................  NJ.............   07013
PIONEER MEDICAL SYS. INC..........................  37 Washington Street.........  ........  Melrose...........................  MA.............   02176
RADIONICS INC.....................................  22 Terry Avenue..............  ........  Burlington........................  MA.............   01803
ROECO MANUFACTURING SERVICE.......................  P.O. Box 357.................  ........  Monterey Park.....................  CA.............   91754
ROGERS MACHINERY COMPANY..........................  P.O. Box 23279...............  ........  Portland..........................  OR.............   97223
SS WHITE BURS INC.................................  1145 Towbin..................  ........  Lakewood..........................  NJ.............   08701
SENTEC............................................  1218 Combermer...............  ........  Troy..............................  MI.............   48083
SIMS FORT MEYERS (INTERTECH)......................  5100 Tice Street.............  ........  Fort Meyers.......................  FL.............   33905
SOLOMAT A NEOTRONIC CO............................  The Waterside Bldg, 26 Pearl   ........  Norwalk...........................  CT.............   06850
                                                     Street.
SONY ELECTRONICS INC. MEDICAL SYS. INC............  3 Paragon Dr. Mail Drop S200.  ........  Montvale..........................  NJ.............   07645
STER-O-LIZER MANUFACTURING........................  P.O. Box 27488...............  ........  Salt Lake City....................  UT.............   84127
STROM CORP........................................  P.O. Box 109.................  ........  Seroggins.........................  TX.............   75480
SUN MICRO SYSTEMS.................................  2550 Garcia Avenue...........  ........  Mountain View.....................  CA.............   94043
SWAN TECHNOLOGIES.................................  3075 Research Drive..........  ........  State College.....................  PA.............   16801
SYNNEX INFORMATION TECHNOLOGIES...................  3797 Spinnaker Court.........  ........  Fremont...........................  CA.............   94538
TEK MARKETING.....................................  98 Railroad Drive............  ........  Warminster........................  PA.............   18974
TEKNIKA ELECTRONIC................................  333 Route 46 Gothic Plaza....  ........  Fairfield.........................  NJ.............   07006
THOMSON CONSUMER ELECTRONICS......................  600 N. Sherman Drive.........  ........  Indianapolis......................  IN.............   46201
TOMTEC IMAGING SYSTEMS INC........................  4775 Walnut Street, Suite C..  ........  Boulder...........................  CO.............   80301
TRIONIX RESREACH LABORATORY INC...................  8037 Bavaria Rd..............  ........  Twinsburg.........................  OH.............   44087
TUNTURI INC.......................................  P.O. Box 97047...............  ........  Redmond...........................  WA.............   98073
UNITED ELECTRONICS & CONTROL......................  1177 McCarter Highway........  ........  Newark............................  NJ.............   07104
UROHEALTH SYSTEMS INC.............................  5 Civic Plaza, Suite 100.....  ........  Newport Beach.....................  CA.............   92660
VOTRAX............................................  1394 Rankin..................  ........  Troy..............................  MI.............   48083
WALLACH SURGICAL DEVICES..........................  291 Pepe's Farm Road.........  ........  Milford...........................  CT.............   06460
WESTERN ELECTRIC..................................  Guilford Center P.O. Box       ........  Greensboro........................  NC.............   27420
                                                     20046.
      TOTAL = 99
--------------------------------------------------------------------------------------------------------------------------------------------------------

                 Prepared Statement of Senator Jon Kyl

    I would like to thank the Chairman and the Vice Chairman for their 
continued leadership on the Year 2000 Technology problem (Y2K). I would 
also like to thank our distinguished panel for attending and sharing 
their insight into the critical healthcare infrastructure.
    Arizona's healthcare and research facilities are among the best in 
the nation and include specialties in cancer research, cardiovascular 
treatment, respiratory treatment and geriatric care. Arizona maintains 
a world class healthcare system excelling in both care and 
accessibility. Arizona's large and small facilities maintain a standard 
of excellence and sophistication that is the envy of healthcare 
facilities across the U.S. Overall, our healthcare facilities comprise 
a mix of outstanding privately owned facilities and those serving our 
nation's veterans.
    But all of this may be put in jeopardy, if the vital information 
systems, supporting this excellent medical care infrastructure, are 
disrupted through Y2K failures. Arizona's healthcare system like many 
other states is a labyrinth of interdependent information systems. 
Having worked with some of the largest health organizations Arizona, I 
know first hand the complex process of ensuring patient safety, 
confidentiality, payment and quality assurance. As we focus on the 
condition of the healthcare industry today, we will try to develop an 
understanding of the scope and severity with which Y2K could impact 
healthcare operations. I would like to stress that the very possibility 
of a Y2K problem causing serious disruptions in hospitals and medical 
systems, should capture the full and immediate attention of the entire 
healthcare industry.
    We must also make every effort to ensure that fears of litigation 
do not impede the exchange of Y2K information needed to fix critical 
systems and develop contingency plans.
    I think it is important to remember that the Y2K problem is not a 
``bug'', like a 24 hour flu which arrives unexpectedly and departs 
quickly. Y2K is a serious affliction which has the potential to reek 
long term consequences on the healthcare industry. The only defense 
against Y2K is a strong preventive maintenance plan. Preventing Y2K-
related problems is a lot like preventing heart disease; it requires an 
informed and disciplined regimen to succeed.
    At this point, the readiness of the healthcare industry is largely 
unknown. Y2K disruptions could easily damage the complex medical 
payment process or even cause medical equipment to unexpectedly fail. 
The complexity of the Y2K problem exponentially increases with the 
number of interfaces and electronic data exchanges. Even if a hospital 
succeeds in solving its internal Y2K problems, it could still suffer 
unexpected Y2K problems from an unprepared source such as medicaid, 
equipment suppliers or a public utility. We must ensure that those who 
are in need of care such as the elderly, sick children and those in 
need of emergency services are not forced to deal with the consequences 
of a congenital but, very treatable computer problem.
    I am continuing to examine the liability issues wich impede the 
exchange of technical information between medical equipment 
manufacturers and the end users, such as hospitals and private 
physicians. Hospitals are struggling to identify and replace equipment 
which may not function because of the inability to process certain 
dates. On the other hand, manufacturers are reluctant to share 
information on products until they are certain of a Y2K solution.
    I look forward to today's testimony for there are far too many 
unanswered questions about the healthcare industry and the impact of 
Y2K.
                               __________

                   Prepared Statement of Ramin Mojdeh

    Mr. Chairman, my name is Ramin Mojdeh. I am director of research & 
development for the cardiac rhythm management group of Guidant 
Corporation. Headquartered in Indianapolis, Indiana, Guidant 
Corporation designs, manufactures and sells innovative products and 
technologies that improve the quality of care for persons with 
cardiovascular diseases. Guidant's lifesaving and life enhancing 
devices are manufactured in Minnesota, California and Puerto Rico and 
used by persons around the world.
    I want to thank you and the members of the committee for the 
opportunity to speak today on behalf of the Health Industry 
Manufacturers Association. HIMA is a Washington, DC-based trade 
association that represents Guidant and more than 800 other 
manufacturers of medical devices, diagnostic products, and medical 
information systems. HIMA's members make nearly 90 percent of the $58 
billion of health care technology products purchased annually in the 
United States, and more than 50 percent of the $137 billion purchased 
annually around the world. HIMA is the largest medical technology 
association in the world.
    We welcome this opportunity to provide information regarding both 
the impact of the Year 2000 computer problem on the medical device 
industry and the general readiness of this industry to ensure the safe 
and reliable operation of medical devices in the Year 2000 and beyond. 
The medical device industry recognizes and shares the concerns of 
health care providers, patients, and the public regarding the possible 
effects of the Year 2000 computer date problem. Affected medical device 
companies are devoting significant resources to bring their devices 
into Year 2000 compliance. The health and safety of patients constitute 
the paramount concerns of our industry. That is what we are about in 
both the business and the humanitarian senses.
    In my appearance here today, I want to make three points for the 
committee:

    1. The medical device industry is extremely concerned about the 
potential hazards associated with the Year 2000 problem and has put 
substantial effort into ensuring that medical devices function properly 
and safely after the century change.
    2. HIMA believes that the industry as a whole is taking the 
necessary steps to address the Year 2000 issues related to our 
products.
    3. HIMA members recognize that timely access to Year 2000 
compliance information about individual companies' products is an 
integral part of the solution to the overall Year 2000 problem. Today, 
we give you our assurance that the industry will continue to work with 
other concerned organizations and the FDA to make Year 2000 compliance 
information relating to medical devices publicly available in an 
appropriate format.

    I also want to take this opportunity to applaud the interest of the 
Congress and the Administration in proposing legislation in this area. 
The President's recent proposal, which would allow for sharing of 
information, may benefit a broad section of the economy in confronting 
challenges posed by the Year 2000 bug. Unfortunately, it would appear 
to be of less help to the medical device industry because of this 
industry's wide spectrum of technologies, products, and company 
resources. In our diverse industry, it's doubtful that what works for 
one medical device company can be shared and adopted by others as the 
President's proposal envisions even if the companies make devices with 
similar functions.
                     the diversity of the industry
    For the majority of cases in our industry, solutions to the Year 
2000 problem developed by one company likely will not be applicable to, 
or feasible for, others. Our industry's products range from tongue 
depressors and hypodermic syringes, to sophisticated analytical 
instruments used in medical laboratories, to medical imaging equipment. 
The industry encompasses a full spectrum of companies from large, 
international corporations with multiple product lines to small, 
entrepreneurial businesses manufacturing one or two products.
    More than 50 scientific and engineering disciplines including such 
diverse fields as solid state physics and holography are involved in 
the development of our products. Hundreds of different basic materials 
are utilized, singly and together, in our manufacturing. Over 50 
different medical specialties, such as orthopedic surgery, cardiology, 
and ophthalmology, utilize the industry's products in applications 
throughout the human body. There are more than 3,000 distinct, major 
product lines, and approximately 84,000 individual products. Most are 
sold in small, niche medical markets.
    The universe of FDA-registered medical device companies is more 
than 18,000, and about 7,700 of these manufacture products in the 
United States. However, nearly 80 percent are relatively small 
companies with fewer than 50 workers and annual revenues of less than 
$20 million. Only about 150 companies, or divisions of major companies, 
have worldwide sales greater than $100 million.
                     the complexity of the problem
    It its role as a facilitator in bringing together manufacturers of 
similar products to search for common solutions, HIMA has found that 
the challenge posed by the Year 2000 bug does not represent a single 
problem that will yield to a single solution. Rather, each company 
faces a unique set of circumstances involving its own technologies for 
the functioning and manufacture of its products. Moreover, these 
technologies have evolved quickly, because of rapid advances in many 
scientific fields. Solutions that a company can adopt for a device it 
manufactures today may be entirely inappropriate for an earlier model 
of the device that it made only 18 months ago.
    Another complicating factor is the degree to which the Year 2000 
bug will affect individual companies. Some, but not all, medical device 
computer systems and software applications will be affected. HIMA 
members manufacture electrical medical devices that perform functions 
ranging from measuring physiological parameters and pumping liquids to 
duplicating or simulating physiological functions to performing 
chemical analyses. Many of these devices are either life supporting or 
life sustaining. In addition to differing in function, these devices 
also differ significantly in size and complexity.
    The number of electrical medical devices containing software to 
control some or all of their operation has been rising as the cost of 
microprocessors has been falling. Consequently, almost all electrical 
devices now contain software. However, the complexity and sensitivity 
to the Year 2000 date change vary dramatically among devices. Many of 
the highest risk devices that are vital to keeping patients alive and 
that utilize embedded software are not date sensitive. For example, 
pacemakers do not use a current date in their operation, and it is 
unlikely that ventilators, infusion pumps and many other products will 
be affected by the date problem.
    Other devices perform less life-critical functions, yet they may 
perform calculations or send data directly to another device that 
performs calculations requiring accurate date information. Clearly, 
these devices may be quite sensitive to the Year 2000 problem.
                          the role of the fda
    The FDA has defined in great detail its expectations for the 
medical device industry in several documents regarding regulatory 
obligations for Year 2000 compliance. These documents describe how the 
agency interprets its regulations regarding manufacturers' 
responsibilities to determine the effect of the Year 2000 date problem 
on their devices and to correct any safety-related problems that are 
revealed. Operating within an FDA-regulated industry, our member 
companies are profoundly aware of their Year 2000 compliance 
responsibilities under the law and of the penalties for failing to meet 
them.
    Ultimately, manufacturers must examine all their software-driven 
processes, products to determine whether they are date dependent, and 
if they are, they must determine whether the date dependency is 
sensitive to the century change.
                          industry's response
    HIMA members are taking strong action to ensure their Year 2000 
compliance. The association specifically advises members to:
  --Comply with FDA expectations for identifying and resolving any Year 
        2000 date-related problems with their devices
  --Provide information about the status of their Year 2000 compliance 
        to their customers and others who need it in the most 
        appropriate manner and in a reasonable time frame; and
  --Work individually with customers who have specially manufactured 
        devices or who require unique, compliance fixes.
Guidant Corporation's actions
    My own company has committed to a strategy that will ensure the 
Year 2000 date change and leap year do not adversely impact our 
products, services or business operations. Guidant has had an active 
effort underway since the first half of 1997. This project has a full 
time Project Coordinator assigned and multiple support teams organized 
within each business unit and significant geographic location. 
Executive management within Guidant is sponsoring this Project and a 
cross-functional steering committee including systems, legal, auditing 
and regulatory compliance has been charged with its oversight.
    As of today, Guidant has completed a thorough review of the product 
offerings from all of our divisions, including Cardiac Rhythm 
Management (CRM), Vascular Intervention (VI) and Cardiac & Vascular 
Surgery (CVS), with respect to the Year 2000 issue.
    We are very confident that Year 2000 will create no adverse effects 
for our products. Guidant will fully warrant that the products it sells 
will be free of defects attributable to the Year 2000 date change.
    Guidant is taking all reasonable steps necessary to confirm that 
its business systems, software, and equipment that consider and process 
date-related information will continue to function properly after 
December 31, 1999. In doing so, Guidant is paying particular attention 
to ensuring compliance with all regulatory guidelines regarding Year 
2000 issues. Our commitment is to provide our customers with 
uninterrupted service and continued quality.
    We began the inventory/assessment of equipment and software in 
1997, and we are currently working on the limited number of corrections 
that have been identified as necessary. Guidant, as a corporation 
formed in late 1994, is fortunate to rely upon many relatively new 
systems, including our enterprise-wide operational support system (the 
widely used SAP), which has already been certified Year 2000 compliant. 
As such, the 1998 focus is on assessing manufacturing equipment, 
facilities infrastructures, and business partners. Based upon this 
assessment, Guidant will take the necessary actions to correct 
identified problems. Guidant has a goal of completing all assessment 
and remediation in the equipment and infrastructure area by mid year 
1999. This will allow for internal auditing and testing, as well as any 
fine-tuning, of these systems to take place in the latter half of 1999. 
Our efforts in confirming the readiness of our various business 
partners, while ongoing, will continue up to, and through, January 1, 
2000.
Other HIMA members' actions
    In providing compliance information to their customers and the 
public, member companies have found the Internet to be an excellent 
medium. Many members have posted compliance information on their own 
Web sites and the FDA's Web site. Examples of HIMA member company 
actions in this area include, but are not limited to, the following.
  --At least one company with a diverse range of products has posted 
        pages of detailed charts on its Web site containing compliance 
        information about each of its devices.
  --Another company has posted a short list of only those devices it 
        manufactures that still do not conform to Year 2000 compliance 
        standards.
  --A third company has posted compliance information about its 
        products on its Web site and is soliciting e-mail inquiries 
        from its customers.
  --Other members have gone beyond the Internet and contacted their 
        customers directly regarding the compliance status of their 
        products. In addition, some have established toll-free 
        telephone numbers for their customers inquiries regarding Year 
        2000 issues.
  --A number of small companies, founded within the last ten years, say 
        that they anticipated the Year 2000 problem and have been 
        compliant from their first day of operation. Similarly, many 
        larger, established companies have designed recent products to 
        be Year 2000 compliant.
  --Many companies have developed internal, cross-functional teams or 
        program offices to address Year 2000 product compatibility 
        issues.
    As you can see, there is no one way that is the right way for 
medical device companies to get the information out.
    A number of groups, including the National Patient Safety 
Partnership and its members, including the Department of Veterans 
Affairs, the American Medical Association and the American Hospital 
Association, have suggested that a central clearinghouse be established 
to make Year 2000 information publicly available. I would like to 
emphasize that making timely compliance information available to the 
people who need it is also our industry's goal, and we share the 
concerns of these organizations. HIMA believes that access to such 
information through appropriate mechanisms is an integral part of the 
solution to the overall Year 2000 problem.
    Mr. Chairman, you have our strong commitment here today to continue 
to work with other concerned organizations and the FDA in making Year 
2000-compliance information publicly available in appropriate formats. 
I want to assure the concerned groups and individuals that have spoken 
out on Year 2000 safety issues that we understand and welcome your keen 
interest in this area, and we share your sense of urgency. Simply put, 
we must work together.
                               conclusion
    In closing, I would like to say again that the Year 2000 problem 
for our diverse industry cannot be resolved with an easy, one-size-
fits-all solution. Each company faces its own unique technical 
challenge in this area, and while solutions for each company may 
differ, we believe that timely access to information about compliance 
of medical devices is important to health care organizations and 
practitioners. We have committed ourselves here today to working to 
achieve this goal with all other concerned parties and to provide the 
information publicly in a reasonable time frame.
    We are confident that by working together, we can achieve an 
appropriate and mutually satisfactory format or formats for information 
dissemination. And we will continue our intensive efforts to ensure 
that on January 1 in the Year 2000, the medical technologies on which 
millions of patients depend continue to function safely and 
effectively. We want the patients that we serve as an industry to have 
that confidence in us. And we will do whatever we must to deserve their 
trust.
    Thank you.
                                 ______
                                 

   Responses of Mr. Mojdeh to Questions Submitted by Chairman Bennett

               health industry manufacturers association
    Question 1. [Dearth of information on Y2K compliance data for 
biomedical devices]
    Mr. Mojdeh, the Committee has explored many publicly posted data 
2YK compliance for biomedical devices, and with a few exceptions, finds 
it seriously wanting. You indicate in your testimony that the Health 
Industry Manufacturers Association wants to seek a solution to the Y2K 
problems and assist all parties that use biomedical devices. The 
American Hospital Association and the Veterans Administration have 
demonstrated a willingness today to work with national Y2K clearing 
house on biomedical devices.
  --Will HIMA take the lead in promptly establishing and operating such 
        a national clearinghouse for the health care industry?
    Answer. HIMA will take the lead in meeting with concerned parties, 
including, but not limited to, the National Patient Safety Partnership 
(NPSP), National Electrical Manufacturers Association, (NEMA) and the 
Food and Drug Administration (FDA) to develop cooperatively the most 
efficient mechanism for making Y2K compliance information available 
publicly. The NPSP includes, among others, the Department of Veterans 
Affairs (DVA), American Nurses Association (ANA), American Medical 
Association (AMA), Association of American Medical Colleges (AAMC), and 
the Joint Commission on the Accreditation of Hospital Organizations 
(JCAHO). Furthermore, the Association believes that Y2K compliance is 
of the highest priority and has sent the enclosed memo to all of our 
members and to approximately 6,000 non-members strongly encouraging 
them to provide information on the Y2K status of their products via the 
FDA Website and other means. (Attachment A)
    Question 2a. [Patient protection versus corporate protection]
    Mr. Mojdeh, President Clinton proposed, and this Committee supports 
safe harbor legislation on limiting corporate liability in sharing Y2K 
data. However, in your testimony you say such legislation would not be 
useful to HIMA.
  --Why does HIMA take the position that the sharing of Y2K data 
        between companies is not useful in solving the problem when 
        every health care industry user tells the Committee it is 
        critical?
    Answer. The medical device industry is unusually diverse. Medical 
devices using software range from electronic thermometers that 
calculate internal body temperature based on infrared radiation to MRIs 
and CT scanners. Because of this diversity of products and the large 
number of medical device companies (several thousand), the software 
used in many, if not most, devices is unique to the device. This 
uniqueness raises two separate issues:

  --Y2K solutions effective for one manufacturer may simply not be 
        useful to another manufacturer. Although their devices may 
        appear similar, and even belonging to the same generic family 
        (i.e., be described with the same general name), the software 
        driving the devices may not use the same algorithms or 
        structure. Because of these differing functional modes, it 
        would be difficult to determine which manufacturer's 
        information would be valuable to which other manufacturer. When 
        one considers that each manufacturer is generally the leading 
        expert on the software in its own devices, the best investment 
        for each manufacturer will be to work directly on solving its 
        own software problems.
  --As described in the previous paragraph, much software is unique to 
        the device in which it is used; therefore, much of it is 
        regarded as proprietary commercial information that is a 
        ``trade secret.'' To share software-specific Y2K ``solutions'' 
        could well require manufacturers also to share some of this 
        proprietary information. Because this is a highly competitive 
        industry, we foresee the sharing of any proprietary information 
        as problematic.

    Question 2b. Is HIMA satisfied with the 10 percent response to the 
FDA call for biomedical manufacturers to disclose Y2K problems and 
solutions? If not what has HIMA done about getting the response rate up 
to 90 percent to 100 percent on devices where failure can have serious 
consequences?
    Answer. As we noted in our answer to Question 1, we have 
communicated not only with our members, but we have gone beyond our 
membership to communicate our strong recommendation that medical device 
companies, including those companies whose products are not affected by 
Y2K, share information via the FDA Website.
    Question 3. [Y2K Contingency Plans for HIMA to produce and publish]
    Mr. Mojdeh, your association represents manufacturers that produce 
millions of biomedical devices annually. What kind of contingency plans 
do HIMA member companies have to provide emergency assistance to user 
organizations when Y2K problems occur on January 1, 2000?
    Answer. HIMA agrees that contingency planning for companies to 
provide assistance to customers in the event that problems arise is an 
important concept for manufacturers to consider in their Y2K planning. 
HIMA will communicate this message to its members.
    Question 4a. [HIMA Letter Discouraging Cooperation with FDA]
    Mr. Mojdeh, HIMA in an April 1, 1998 letter to Kevin Thurm, Deputy 
Secretary of HHS, seemed to be discouraging its members from 
cooperating with FDA's efforts to build a database of Year 2000 
information on big-medical equipment.
  --Why did HIMA take this position?
    Answer. The April letter was specifically directed to HHS. HIMA was 
concerned that the wording of the January 23, 1998 letter from HHS to 
medical device manufacturers contained an implied threat of regulatory 
action against companies who did not respond to the request for 
information for the FDA Website. In retrospect, it is probably the case 
that the language in both letters was unfortunate and that it produced 
more misunderstanding than cooperation. We have subsequently 
communicated our willingness to work with FDA and our members to make 
more Y2K information available on the FDA Website. This communication 
is attachment B.
    HIMA encourages its members to communicate to users and the 
interested public information regarding the Y2K status of their 
products, even those products that are not subject to the problem. We 
also believe that the FDA Website may prove to be the most effective 
central communications vehicle for this purpose.
    Question 4b. Doesn't HIMA believe that it would be more efficient 
and time saving to share Y2K data on medical devices rather than have 
each customer request the same information in writing over and over 
again?
    Answer 4. We support the Committee's interest in efficiency. We 
believe that the most efficient approach is for the interested parties, 
particularly the NPSP, HIMA, and FDA to meet and develop an appropriate 
information set that will address their concerns adequately. These data 
can then be transferred through a variety of means, including the FDA 
Website.
                                 ______
                                 

                          Priority Memorandum

To: HIMA members.
From: Alan H. Magazine.
Date: August 3, 1998.
Subject: The Year 2000 Computer Problem

    Congress has delivered a message to our industry that we have heard 
loud and clear. At a hearing July 23, Senators Robert Bennett (R-UT) 
and Christopher Dodd (D-CT) spoke out strongly regarding their concern 
that our industry should be doing more to address patient safety issues 
arising from the year 2000 computer problem. Senator Bennett, who is 
chairman of the Senate special committee with jurisdiction on this 
issue, charged that medical device companies are refusing to 
acknowledge computer problems associated with the century change 
because of their product liability concerns.
    Senator Dodd was equally direct. ``I am deeply disturbed by the 
fact that instead of taking steps to deal with this problem, the 
medical device industry, as a whole, seems to be exacerbating the 
problem by refusing to provide information, either to the FDA, which 
regulates device safety, or to the hospitals and clinics, which use the 
devices every day,'' he said. During the hearing, Senator Dodd 
indicated his intent to go to the Senate floor to publicize the names 
of companies that failed to respond to efforts by the FDA and the 
Department of Veterans Affairs to collect information on their year 
2000 compliance status. Of special concern to the senators was the 
industry's poor response to recent surveys by the FDA and the 
Department of Veterans Affairs.
    In a subsequent July 29 meeting requested by Senators Bennett and 
Dodd, Senator Dodd indicated that he has received a list from FDA and 
the VA of companies that have failed to reply to their inquiries. In 
response to a HIMA action agenda (see page two of this memo) he 
indicated that he would delay introduction of legislation requiring 
disclosure by device companies. He also said he would delay the public 
announcement of the names of companies that have failed to reply to the 
FDA and the VA. However, he refused to commit to how long such a delay 
would last.
                       the challenge to industry
    These are respected lawmakers who have shown their friendship to 
our industry on several occasions. Their concern is real, and it 
represents an immediate challenge and an urgent call to action for our 
industry.
    As the year 2000 approaches, we are seeing increased attention by 
health care organizations, medical professionals, patients, and members 
of Congress to the possibility that medical devices that are critical 
to the health and lives of countless patients might malfunction because 
of flawed computer programming. For example, at a recent press 
conference, the National Patient Safety Partnership (NPSP), a coalition 
that includes, among others, the American Medical Association, the 
American Hospital Association, and the Veterans Affairs Department, 
called for creation of a national clearinghouse for medical device 
compliance information.
    In response to this increased scrutiny of our industry, our answer 
must be twofold:
                          industry's response
    First, we must make certain that medical devices are year 2000 
compliant. We must ensure that on January 1 in the year 2000, the 
medical technologies on which millions of patients depend continue to 
function safely and effectively. We want the patients that we serve as 
an industry to have confidence in us, and we must do whatever is 
necessary to preserve their trust.
    Second, we must make every effort to ensure that information about 
the year 2000 compliance status of medical devices is available to the 
health care providers who use our products. Our industry has a 
fundamental responsibility to provide information about the safety of 
medical technology that people rely upon. It is natural that patients 
and medical professionals have questions about the year 2000 status of 
essential medical technology, and we must do our best to provide 
answers in a forthright and timely manner.
                        hima's year 2000 program
    HIMA is acting immediately to:

  --Organize a working group that will advise on and oversee the 
        Association's efforts to successfully address year 2000 issues.
  --Initiate a meeting with representatives of the National Safety 
        Prevention Coalition, its constituent groups (including the 
        American Medical Association, American Hospital Association, 
        and the U.S. Department of Veterans Affairs), and the FDA to 
        discuss a mutually satisfactory and appropriate mechanism for 
        dissemination of company compliance information.
  --Work closely with lawmakers on Capitol Hill to apprise them of our 
        industry's progress.
                               fda's role
    The FDA has defined in great detail its year 2000 compliance 
expectations for the industry in several documents. The FDA expects 
manufacturers to examine all their software-driven processes and 
products to determine whether they are date dependent, and if they are, 
they must determine whether the date dependency is sensitive to the 
century change. The relevant FDA documents include:

  --A letter to manufacturers, dated June 25, 1997, posted on the FDA's 
        Web site at www.fda.gov/cdrh/yr2000.html.
  --Guidance on FDA's Expectations of Medical Device Manufacturers 
        Concerning the Year 2000 Date Problem, posted on the FDA's Web 
        site at www.fda.gov/cdrh/yr2000/y2kguide.html.
  --Information Paper on FDA Activities Related to the Year 2000 Date 
        Problem and Medical Devices, posted at www.fda.gov/cdrh/yr2000/
        ipyr2000.html.

    In hearings before Congress, and in its communications with 
industry, the FDA has invited the industry to cooperatively address the 
challenges of year 2000 compliance and information dissemination. Many 
member companies are implementing programs to ensure that they are year 
2000 compliant. Many have dedicated sections of their company Web sites 
to the disclosure of compliance information about their products, while 
others have been contacting their customers directly about their year 
2000 status. For those devices that aren't affected by year 2000 
problems but whose users might have concerns, it is important that 
manufacturers reassure them of the continued performance and safety of 
their devices. In addition to these efforts, HIMA members are strongly 
encouraged to consider the benefits of utilizing the FDA World Wide Web 
site for dissemination of compliance information about their products.
    As you may recall, the Department of Health and Human Services sent 
a letter to device manufacturers on January 21, 1998, requesting 
information about products affected by the year 2000 date problem. A 
second, follow-up letter was mailed by CDRH in June. These letters 
outlined an opportunity for manufacturers to identify specific products 
that will be affected and to share this information with interested 
parties through the FDA's World Wide Web site. Instructions about how 
to use the FDA Web site to disseminate your company's year 2000 
compliance status can be found at www.fda.gov/cdrh yr2000/
year2000.html. Company information that is placed on the FDA Web site 
will assist health care facilities and medical professionals in 
identifying affected products and in planning and taking remedial 
actions. Companies may submit information that none of their products 
are affected or information describing all affected products. 
Alternatively, a company may also submit a Web address for the 
compliance information that it maintains on its own Web site. The 
information may be submitted electronically or in writing.
    Please do not hesitate to contact me with any questions or concerns 
you may have regarding year 2000 compliance. Members also can contact 
Bernie Liebler at HIMA for additional information at (202) 434-7230 or 
[email protected].
    We will continue to apprise you of developments as they occur.
                                 ______
                                 
                                                     July 23, 1998.
Mr. Kevin Thurm,
Deputy Secretary, Health and Human Services,
Hubert H. Humphrey Building,
200 Independence Avenue, SW Room 606G,
Washington, DC.

    Dear Mr. Thurm: I am writing in response to your reply to my April 
letter. I appreciate your efforts to clarify the Department's intent 
vis-a-vis its request for industry input to the FDA Year 2000 Website. 
I believe that since I wrote that first letter there has been much 
movement to align the industry and the agency more closely on this 
issue.
    Many HIMA companies are now using the World Wide Web to provide 
information to their customers and as an interactive medium for 
providing such information. For example, many company Websites contain 
a great deal of detailed information regarding the Year 2000 Compliance 
status of that company's products. Furthermore, a number of HIMA member 
companies have provided information for the FDA Year 2000 Website. Some 
have done both. However, for some other companies, direct 
correspondence with their customers may be the most efficient and cost-
effective means of dealing with the issue. We continue to maintain that 
the important thing is for the right people to get the right 
information on time. We think that each company is the best judge of 
which method of communication best fits its operations.
    HIMA believes that maintaining the safe functioning of medical 
devices through and beyond January 1, 2000 is extremely important. HIMA 
members are also committed to providing timely information to their 
customers and device users regarding that functionality. These ideas 
are described well in the attachments to this letter: HIMA Testimony 
before the Senate Special Committee on the Year 2000 and a HIMA paper 
entitled, Medical Devices and the Year 2000.
    In the next few months, I expect the device industry to work with 
FDA and other interested groups to define more clearly the needs of all 
parties regarding Year 2000 Compliance information. If we work 
together, I anticipate that the appropriate information will reach 
those who need it when they need it.
    If you would like any further information, please contact either me 
or Bernie Liebler, who is handling this issue. You can reach Mr. 
Liebler at 202-434-7230 or [email protected].
            Sincerely,
                                                   James S. Benson.
                               __________

                 Prepared Statement of Daniel S. Nutkis

                              introduction
    Mr. Chairman, my name is Daniel Nutkis. I am president and director 
of research for Odin Group, a research and advisory service dedicated 
to information technology issues in the health care industry. Our 
members include distinguished organizations across all segments of the 
industry, including health care providers, payors, pharmaceutical 
manufacturers and distributors. This unique make-up allows Odin to act 
as an industry collaborative, sponsored and driven by our members to 
tackle the most critical information technology issues facing today's 
leading health care organizations.
    Earlier this year, because of concerns raised by members, Odin 
Group started a process of examination not unlike the process this 
Senate committee is going through now. Our members were becoming 
increasingly concerned about:
  --the heavy interdependence of a wide range of partners;
  --the fact that, consolidations notwithstanding, small players still 
        represent the bulk of the entities in today's health care 
        industry;
  --the resource pressures that affect many of those players today, 
        along with the overall lack of sophistication with regard to 
        Year 2000 issues;
  --and the need to develop comprehensive contingency plans and to ease 
        public concerns over the level of preparedness.
    I'm not saying that anyone will entirely escape disruptions within 
their own organizations, no matter how well prepared they are. But the 
more trading partners you have, the greater the likelihood that you 
will also feel the disruptions of other organizations. For these 
reasons, Odin Group initiated the VitalSigns 2000 project. Its ultimate 
objectives are to help the industry understand these possible 
disruptions; to encourage development of contingency plans by 
individual organizations and the industry at large; and to ensure the 
continuity of patient care.
                how complexity increases risk of failure
    While many other parties and studies are focusing on one segment of 
the health care industry, VitalSigns 2000 is focused on the bigger 
picture. Let me show you one of the models that we are using to make 
the complexity of this industry more understandable and more 
manageable.
    The first chart appended to my testimony is an interaction matrix. 
Down the vertical axis of the matrix, you will see that the players are 
categorized into five broad domains.
  --First, customers.--This means patients, of course, but customers 
        can also be plan sponsors who buy health care services for 
        their employees or members.
  --Providers.--including doctors, clinics, institutions providing 
        acute or ambulatory care, laboratories, testing services, blood 
        banks and pharmacies.
  --Suppliers.--pharmaceutical and life sciences companies, medical 
        device manufacturers, upstream partners who supply the 
        suppliers, and downstream partners who distribute medicine and 
        equipment to the point of care.
  --Payors.--including insurance companies and managed care 
        organizations.
  --And regulatory bodies, state and federal.
    Now, let's overlay this list of domains with a variety of processes 
that require intense interaction to deliver patient services. The 
matrix shows these processes along the horizontal axis, grouped into 
four ``value chains.''
  --Care delivery encompasses processes that the patient experiences 
        along the care continuum, as well as the management of clinical 
        trial data and adverse event reporting.
  --Customer management includes all elements of customer service and 
        accounting, managing benefit plans and formularies, sales and 
        marketing.
  --Supply chain management covers the business processes to receive 
        orders, fulfill orders, administer payment and manage the next 
        level of suppliers.
  --Provider management includes claims and reimbursement, and internal 
        management processes.
                some likely failures, and patient impact
    The point of this interdependence model is to underscore how 
complexity drives up risk. Organizations can better handle failures if 
they have prepared for them--which is why some companies in this 
industry are spending half a billion dollars to get ready for Year 
2000. But a much greater problem is the failure you haven't thought 
about until your beeper goes off--and that's assuming that the beeper 
does go off!
    When an individual organization has Year 2000 failures for which it 
hasn't prepared, it will negatively impact its trading partners. Those 
partners will then be less able to support the next level of trading 
partners. And on it goes, with each failure piling on top of the last, 
and everything ultimately piling onto the patient.
    Let's take one example from one value chain--the case of a payor 
organization serving 2,000 group plans, each of which has an average of 
500 employees or dependents. That's one million covered lives, and at 
least one billion dollars worth of health care services. When the 
system malfunctions, plan sponsors start seeing inaccurate bills and 
premium notices. Payments may be lost, or made for services that are 
not covered in the plan. The provider starts seeing a flurry of 
eligibility denials, claim denials, and payment delays. Doctors are 
even unable to make specialist referrals.
    Meanwhile, failures in their own offices add to the snarls, as 
doctors have trouble accessing patient records and scheduling 
appointments. The actual time the doctor can spend with patients drops 
from five hours a day to perhaps two. Frustrated patients start 
wondering where else they can go for medical services, but health care 
isn't as portable as it used to be. Even if patients go to the 
emergency room, how are they going to verify eligibility for Medicare 
or any other benefits program if the payor's systems aren't working?
    Health care systems deal with failures every day. But what happens 
when they have to deal with more failures in one day than they have 
ever known before?
                    triage and contingency planning
    By now, it is getting clear:
  --why an interdependent health care system requires an integrated 
        approach to the Year 2000 problem;
  --why the central themes of the VitalSigns 2000 initiative are 
        ``triage'' and ``contingency planning.''
    The health care industry's insurance policy against Year 2000 
collapse must start with a proper assessment of which components 
represent the greatest risk to the system overall. How critical is each 
component, and how well prepared? Which failures could cause widespread 
damage to the overall health care system? What are the financial and 
operational issues, as well as the technological ones, of each 
contingency planning scenario?
    Odin Group has spent months understanding the complexities and 
interrelationships I have just described, and the impact of various 
failures and scenarios on individual organizations and the industry as 
a whole. We have developed models like the one I showed you a moment 
ago. Now, we are seeking to develop more information through a survey 
involving all parts of the health care industry.
    After Odin researchers have digested this information, we will 
convene working groups to conduct industry-wide contingency planning. 
Together we will answer the toughest ``what if'' and ``what then'' 
questions. Researchers, advisors and industry members will work 
together to identify, recommend and test industry plans.
    Finally, in October, we will convene a gathering of CEO's to make 
sure that the top leadership of the industry fully shares an 
understanding of what must be done to protect health care in America.
    Contingency planning must be part of a comprehensive approach to 
Year 2000. Let me show you a graphic that depicts the methodology used 
by SmithKline Beecham. In the center circle are the internal systems. 
Around that is a second ring representing the infrastructure--site 
facilities, telecommunications, lab equipment and manufacturing process 
control. In the next circle are end-user systems, on the desks of tens 
of thousands of employees. But even if you've got all that right, 
you're not going to make it through January 2000 unless you consider 
external relationships with customers, suppliers, and anyone you do 
business with. In this particular case, the company even considers its 
involvement in industry groups to be part of the Year 2000 effort.
    This methodology could come from any number of major providers, 
payors, pharmaceutical manufacturers or distributors--Aetna, UPMC 
Health System in Pittsburgh, Eli Lilly and Company, or Columbia/HCA 
Healthcare Corporation. My point is simple. If these companies can do 
it, so can every player in this industry. Comprehensive Year 2000 
methodology has to include:
  --Awareness of the problem.
  --Assessment of what's required to fix a specific system or device.
  --Prioritization and triage of the most critical issues.
  --Remediation--implementing fixes recommended by the vendor, 
        reprogramming, or replacing the system.
  --Testing with suppliers, payors, providers and regulators.
  --And contingency planning.
                             call to action
    What can this committee do to help?
    The health care industry, like most others, is greatly concerned 
with issues of liability concerning Year 2000 cooperative efforts. It 
encompasses antitrust concerns, to be sure, as to whether certain 
information can be legally shared. But it also has to do with whether a 
company creates new liabilities for itself by sharing information which 
later proves to be wrong or even damaging.
    President Clinton's proposal for a ``good Samaritan'' law to cover 
such situations is on the right track. Odin Group members would be 
pleased to work with their Senators and this committee to make sure the 
provisions of such a law are appropriate for and helpful to the health 
care industry. Clearly, it is time for all companies to participate in 
sharing and joint planning in every way, putting all possible resources 
against this problem.
    I would also ask this committee to be watchful of regulatory 
initiatives that add complexity and drain resources from Year 2000 
efforts. This is not just another case of industry complaining. The 
facts are that, in an industry as complex as this, every additional 
Year 2000 failure has the potential to make the situation exponentially 
worse. And every major new regulatory requirement adds to the 
complexity of the information systems work being done over the next 18 
months. This Committee, the US Congress, and for that matter, the 
entire government cannot do this job for industry. But you can raise 
awareness. Mr. Chairman, I would like to officially invite you and your 
esteemed colleagues on this committee to attend the VitalSigns 2000 CEO 
conference in October.
    Odin Group's approach is to leverage the strengths of the leaders 
who are preparing well for the Year 2000, and to try to make sure that 
everyone in the health care industry has prepared as best they can. 
Through VitalSigns 2000, we will produce specific recommendations--
regarding contingency planning, operational and financial issues, 
industry-wide preparedness and testing, stockpiling key materials and 
devices, and regulatory support.
    There are no excuses for any player in this industry not having a 
good plan. And there are no excuses for the industry not having a 
contingency plan that reaches across the entire expanse of health care 
in America. 
[GRAPHIC] [TIFF OMITTED] T3JL98G.002

                     Model Overview--Key Processes

Care Delivery
Care Management
    --Health status assessment
    --Population segmentation
    --Disease management
    --Wellness & prevention program development
    --Member/patient care planning
    --Demand management
Care Delivery
    --Enterprise-wide scheduling
    --Diagnostics
    --Treatments, therapies and interventions
    --Charting/documentation
    --Order management
Clinical Resource Management
    --Precertification
    --Preauthorization
    --Utilization tracking
Clinical Information Mgmt. & Reporting
    --Clinical information capture
    --Clinical information presentation
    --Clinical results/outcomes analysis
    --Outcomes reporting
Clinical Trial Management
    --Clinical information capture (case report forms)
    --Clinical data scrubbing
    --CANDA compilation
    --Statistical analysis
Event Reporting/Recalls
    --Adverse reaction/event monitoring (Phase 4)
    --Analysis of events and adverse reactions
    --FDA reporting
    --Lot control and recall of product
Supply Chain Management
Order Initiation
    --Order submission
    --Order verification
    --Order tracking
    --Order pricing
Order Fulfillment
    --Forecasting
    --Order processing
    --Special packaging
    --Distribution and logistics
Production Management
    --MRP/inventory management
    --Production
    --Process control
    --Laboratory information management
    --Quality assurance
Payment Administration
    --Billing/AR/AP
    --Payment receipt and posting
    --Collections
    --Cash management
    --Chargebacks and rebates
    --Contractual allowances
    --General pricing and discounts
Supplier Management
    --Supplier evaluation
    --Supplier certification
    --Contracting
Provider/Network Management
Provider Management
    --Creation and maintenance of provider files
    --Provider credentialing
    --Provider profiling
    --Network development and management
    --Provider contracting
    --Creation and maintenance of risk pools
    --Provider and network management reporting
Claims and Reimbursement
    --Claims entry
    --Claims interface support
    --Claims adjudication
    --Benefits coordination
    --Claims auditing
    --Printing and mailing of EOB's
    --Management reporting
    --Chargeback reconciliation
    --Rebate validation
Customer Management
Sales and Marketing
    --Health plan sales
    --Market research
    --Advertising
    --Product development
    --Broker support
    --Contracting
    --Actuarial/underwriting/pricing
Benefit Plans/Formulary
    --Establishment of benefits
    --Plan maintenance
    --Formulary management
Group Administration
    --Establishment of group contracts
    --Provision modification
    --Demographic information maintenance
    --Direct pay contract support
    --Administration of flexible benefit plans
    --Broker commission management
    --Premium billing
    --Third-party payments
Membership Support
    --Member enrollment and file maintenance
    --Eligibility tracking
    --Processing of terminations and conversions
    --Membership communications
    --ID card generation and mailing
    --Health status assessment data maintenance
    --Member data analysis and reporting
    --Plan participation
Customer Service/Account Management
    --Customer inquiry, analysis, and reports
    --Customer correspondence
    --On-line customer assistance
    --Customer satisfaction surveys
Regulatory Reporting
    --Regulatory and legal affairs
    --Compliance reporting
[GRAPHIC] [TIFF OMITTED] T3JL98G.003


                               __________

               Prepared Statement of Donald J. Palmisano

       re: impact of the year 2000 problem on physician practices
    Mr. Chairman and members of the Committee, my name is Donald J. 
Palmisano, MD, JD. I am a member of the Board of Trustees of the 
American Medical Association (AMA), a Board of Directors member of the 
National Patient Safety Foundation (NPSF) and the Chair of the 
Development Committee for the same foundation. I also practice vascular 
and general surgery in New Orleans, Louisiana. On behalf of the three 
hundred thousand physician and medical student members of the AMA, I 
appreciate the chance to comment on the issue of the year 2000 problem 
and its anticipated effect on physicians.
                              introduction
    As all of us know, the year 2000 problem exists because a vast 
number of computer systems and software were created to read only the 
last two digits of the ``year'' field of date data, while the first two 
digits were implied to be ``19.'' When data requires the entry of a 
date in or after the year 2000, these systems and software will be 
incapable of processing the data properly.
    Currently, virtually all industries are in some manner dependent on 
information technology, and the medical industry is no exception. As 
technology advances and its contributions mount, that dependency and 
our consequent vulnerability become more and more evident. The year 
2000 problem is revealing to us that vulnerability.
    By the nature of its work, the medical industry relies tremendously 
on technology--on computer systems, both hardware and software, as well 
as medical devices that have embedded microchips. Virtually every 
aspect of the medical profession depends in some way on these systems--
for treating patients, handling administrative office functions, and 
conducting transactions. For some industries, software glitches or even 
system failures, can, at best, cause inconvenience, and at worst, can 
cripple the business. In medicine, those same software or systems 
malfunctions can, much more seriously, cause patient injuries and 
deaths.
               potential impact on the health care sector
    The medical profession and the health care industry, in general, 
rely on information technology for a broad spectrum of services and 
products, from electronic data interchange for patient records, medical 
research, and billing, to medical devices in the surgical theater. 
Clinical operations, patient care, business operations, communications, 
and even building maintenance are all affected by this technology.
                              patient care
    Providing medical care frequently requires the ability to access, 
monitor, and interpret information. Some applications include imaging, 
laboratory, pharmacy, and respiratory devices, cardiology measurement 
and support devices, telemetry and endoscopy equipment and IV pumps, 
operating room equipment, and emergency room devices. Nearly every 
piece of medical monitoring and regulating equipment relies in some way 
on information technology. Physicians and other health care providers 
must be able to rely implicitly on the medical equipment they use. 
Unreliable equipment cannot be used, because virtually any malfunction 
could have disastrous consequences.
    Assessing the current level of risk attributable specifically to 
the year 2000 problem within the patient care setting remains 
problematic. We do know, however, that the risk is present and it is 
real. Consider for a minute what would occur if a monitor failed to 
sound an alarm when a patient's heart stopped beating. Or if a 
respirator delivered ``unscheduled breaths'' to a respirator-dependent 
patient. Or even if a digital display were to attribute the name of one 
patient to medical data from another patient. Are these scenarios 
hypothetical, based on conjecture? No. Software problems have caused 
each one of these medical devices to malfunction with potentially fatal 
consequences.\1\ The potential danger is present.
---------------------------------------------------------------------------
    \1\ Anthes, Gary H., ``Killer Apps; People are Being Killed and 
Injured by Software and Embedded Systems,'' Computerworld, July 7, 
1997.
---------------------------------------------------------------------------
    The risk is also real. Since 1986, the FDA has received 450 reports 
identifying software defects--not related to the year 2000--in medical 
devices. Consider one instance--when software error caused a radiation 
machine to deliver excessive doses to six cancer patients; for three of 
them the software error was fatal.\2\ We can anticipate that, left 
unresolved, medical device software malfunctions due to the millenium 
bug would be prevalent and could be serious.
---------------------------------------------------------------------------
    \2\ Id.
---------------------------------------------------------------------------
    Medical device manufacturers must immediately disclose to the 
public whether their products are Y2K compliant. Physicians and other 
health care providers do not have the expertise or resources to 
determine reliably whether the medical equipment they possess will 
function properly in the year 2000. Only the manufacturers have the 
necessary in-depth knowledge of the devices they have sold.
    Nevertheless, medical device manufacturers have not always been 
willing to assist end-users in determining whether their products are 
year 2000 compliant. Earlier this year, FDA spokesperson Sharon Snider 
said that the agency has only received Y2K compliance information from 
about 11 percent of the 16,000 medical devices manufacturers worldwide. 
Even when vendors do respond, their responses have frequently not been 
helpful. The Department of Veterans Affairs recently reported that of 
more than 1,600 medical device manufacturers it has contacted in the 
past year, 233 manufacturers did not even reply and another 187 vendors 
said they were not responsible for alterations because they had merged, 
were purchased by another company, or were no longer in business. One 
hundred two companies reported a total of 673 models that are not 
compliant but should be repaired or updated this year.\3\ As an aside, 
we applaud the federal government's initiative in seeking to obtain Y2K 
information from manufacturers.
---------------------------------------------------------------------------
    \3\ Morrissey, John, and Weissenstein, Eric, ``What's Bugging 
Providers,'' Modern Healthcare, July 13, 1998, p. 14.
---------------------------------------------------------------------------
                             administrative
    Many physicians and medical centers are also increasingly relying 
on information systems for conducting medical transactions, such as 
communicating referrals and electronically transmitting prescriptions, 
as well as maintaining medical records. Many physician and medical 
center networks have even begun creating large clinical data 
repositories and master person indices to maintain, consolidate and 
manipulate clinical information, to increase efficiency and ultimately 
to improve patient care. If these information systems malfunction, 
critical data may be lost, or worse--unintentionally and incorrectly 
modified. Even an inability to access critical data when needed can 
seriously jeopardize patient safety.
    Other administrative aspects of the Y2K problem involve Medicare 
coding and billing transactions. HCFA had issued instructions through 
its contractors to physicians and other health care professionals that 
until just last week would have required that electronic and paper 
claims must meet Y2K compliance criteria by October 1, 1998. We were 
particularly pleased that HCFA last week announced that it would 
provide all health care providers an additional three months (until 
January 1, 1999) to alter their claims processing data formats to 
accommodate the necessary eight digit birth date. Additional time will 
apparently be granted physicians by HCFA for reasonable good faith 
exceptions. Well in advance of the year 2000, both physicians and HCFA 
will need to make sure that their respective data processing systems 
are functioning properly to assure the orderly and timely processing of 
Medicare claims data.
    Medicare administrative issues are of critical importance to 
patients, physicians, and other health care professionals. In one 
scenario that took place in my home state of Louisiana, Arkansas Blue 
Cross & Blue Shield, the Medicare claims processor for Louisiana, 
implemented a new computer system--intended to be Y2K compliant--to 
handle physicians' Medicare claims. Although physicians were warned in 
advance that the implementation might result in payment delays of a 
couple of weeks, implementation problems resulted in significantly 
longer delays. For many physicians, this became a real crisis. 
Physicians who were treating significant numbers of Medicare patients 
immediately felt significant financial pressure and had to scramble to 
cover payroll and purchase necessary supplies.\4\
---------------------------------------------------------------------------
    \4\ ``Year 2000 Bug Bites Doctors; Glitch Stymies Payments for 
Medicare Work,'' The Times-Picayune, June 6, 1998, page C1.
---------------------------------------------------------------------------
    We support and are encouraging physicians to address the myriad 
challenges the Y2K dilemma poses for their patients and their 
practices, which include claims submission requirements. We also 
believe that HCFA should lead by example and have its systems in 
compliance as quickly as possible to allow for adequate parallel 
testing with physician claims submission software and other health care 
professionals well in advance of the year 2000. Such testing would 
allow for further systems refinements, if necessary.
                reimbursement and implementation of bba
    To shore up its operations, HCFA has stated that it will 
concentrate on fixing its internal computers and systems. As a result, 
it has decided not to implement some changes required under the 
Balanced Budget Act (BBA) of 1997 and it plans to postpone physicians' 
payment updates from January 1, 2000, to about April 1, 2000.
    In the AMA's view, the Y2K problem is and has been an identifiable 
and solvable problem. Society has known for many years that the date 
problem was coming and that individuals and institutions needed to take 
remedial steps to address the problem. There is no justification for 
creating a situation where physicians, hospitals and other providers 
now are being asked to pay for government's mistakes by accepting a 
delay in their year 2000 payment updates.
    HCFA has indicated to the AMA that the delay in making the payment 
updates is not being done to save money for the Medicare Trust Funds. 
In addition, the agency has said that the eventual payment updates will 
be done in such a way as to fairly reimburse physicians for the payment 
update they should have received. In other words, the updates will be 
adjusted so that total expenditures in the year 2000 on physician 
services are no different than if the updates had occurred on January 
1.
    We are pleased that HCFA has indicated a willingness to work with 
us on this issue. But we have grave concerns about the agency's ability 
to devise a solution that is equitable and acceptable to all 
physicians.
    Determining physician updates each year is complicated by the fact 
that physicians, unlike any other providers, are subject to an annual 
expenditure target or sustainable growth rate (SGR). Under the SGR, 
updates in future years are influenced by whether actual spending on 
physician services comes in over or under the target. Delaying the 
physician updates thus will influence physicians' ability to live 
within the targets and could affect future updates. If updates are 
postponed, HCFA therefore must consider the impact on the SGR to ensure 
that delays do not result in unintended penalties in years after 2000.
    Also, as it turns out, the year 2000 is a critical year for 
physicians because several important BBA changes are supposed to be 
made in the resource-based relative value scale (RBRVS) that Medicare 
uses to determine physician payments. This relative value scale is 
comprised of three components: work, practice expense, and malpractice 
expense. Two of the three--practice expense and malpractice--are due to 
undergo Congressionally-mandated modifications in the year 2000.
    In general, the practice expense changes will benefit primary care 
physicians at the expense of surgeons and other procedurally-oriented 
specialties. Malpractice changes, to some modest degree, would offset 
the practice expense redistributions. To now delay one or both of these 
changes will have different consequences for different medical 
specialties and could put HCFA at the eye of a storm that might have 
been avoided with proper preparation.
    To make matters worse, we are also concerned that delays in 
Medicare's reimbursement updates could have consequences far beyond the 
Medicare program. Many private insurers and state Medicaid agencies 
base their fee-for-service payment systems on Medicare's RBRVS. Delays 
in reimbursement updates caused by HCFA may very well lead other non-
Federal payers to follow Medicare's lead, resulting in a much broader 
than expected impact on physicians.
                     current level of preparedness
    Assessing the status of the year 2000 problem is difficult not only 
because the inventory of the information systems and equipment that 
will be affected is far from complete, but also because the 
consequences of noncompliance for each system remain unclear. 
Nevertheless, if the studies are correct, malfunctions in noncompliant 
systems will occur and equipment failures can surely be anticipated. 
The analyses and surveys that have been conducted present a rather 
bleak picture for the health care industry in general, and physicians' 
practices in particular.
    The GartnerGroup, for instance, based on its surveys and studies 
has concluded that the year 2000 problem's ``effect on health care will 
be particularly traumatic * * * [l]ives and health will be at increased 
risk. Medical devices may cease to function.'' \5\ In its report, it 
noted that most hospitals have a few thousand medical devices with 
microcontroller chips, and larger hospital networks and integrated 
delivery systems have tens of thousands of devices. Based on early 
testing, the GartnerGroup found that although only 0.5-2.5 percent of 
medical devices have a year 2000 problem, approximately 5 percent of 
health care organizations will not locate all the noncompliant devices 
in time.\6\ It also found that most of these organizations do not have 
the resources or the expertise to test these devices properly and will 
have to rely on the device manufacturers for assistance.\7\
---------------------------------------------------------------------------
    \5\ GartnerGroup, Kenneth A. Kleinberg, ``Healthcare Worldwide Year 
2000 Status,'' July 1998 Conference Presentation, p. 2 (hereinafter, 
GartnerGroup).
    \6\ Id. at p. 8.
    \7\ Id.
---------------------------------------------------------------------------
    As a general assessment, the GartnerGroup concluded that based on a 
survey of 15,000 companies in 87 countries, the health care industry 
remains far behind other industries in its exposure to the year 2000 
problem.\8\ Within the health care industry, the subgroups which are 
the furthest behind and therefore at the highest risk are ``medical 
practices'' and ``in-home service providers.'' \9\ The GartnerGroup 
extrapolated that the costs associated with addressing the year 2000 
problem for each practice group will be range up to $1.5 million per 
group.\10\
---------------------------------------------------------------------------
    \8\ Id. at p. 10.
    \9\ Id. at p. 13.
    \10\ Id.
---------------------------------------------------------------------------
                   remediation efforts--ama's efforts
    We believe that through a concerted and united effort, the Y2K 
problem can still be effectively addressed within the medical community 
before time runs out. For its part, the AMA has already begun devoting 
considerable resources to assist physicians and other health care 
providers in learning about and correcting the problem. The AMA has 
developed a national campaign entitled ``Moving Medicine Into the New 
Millennium: Meeting the Year 2000 Challenge,'' which incorporates a 
variety of educational seminars, promotional information, and ongoing 
communication activities designed to help physicians understand and 
address the numerous complex issues related to the Y2K problem.
    One of the many seminar series the AMA will be sponsoring is the 
``Advanced Rapid Response Seminars'' series. We will hold these 
seminars in various regions of the country and provide specific, case-
study information along with practical recommendations for the 
participants. The seminars will also provide tips and recommendations 
on dealing with vendors and will assist participants in identifying 
important information they need to obtain from these vendors, as well 
as various methods for obtaining this information. We are also 
preparing a ``Solutions Manual,'' which will be distributed to the 
participants of these sessions.
    In addition, the AMA is opening a Web Site to provide the physician 
community additional assistance to better address the Y2K problem. The 
site will serve as a central communications clearinghouse, providing 
up-to-date information about the millenium bug, as well as a special 
interactive section that permits physicians to post questions and about 
recommended solutions for their specific Y2K problems.
    On a related note, the AMA in early 1996 began forming the National 
Patient Safety Foundation or ``NPSF.'' Our goal was to build a 
proactive initiative to prevent avoidable injuries to patient in the 
health care system. In developing the NPSF, the AMA realized that 
physicians, acting alone, cannot always assure complete patient safety. 
In fact, the entire community of providers is accountable to our 
patients, and we all have a responsibility to work together to fashion 
a systems approach to identifying and managing risk. It was this 
realization that prompted the AMA to launch the NPSF as a separate 
organization, which in turn partnered with other health care 
organizations, health care leaders, research experts and consumer 
groups from throughout the health care sector.
    One of these partnerships is the National Patient Safety 
Partnership (NPSP), which is a voluntary public-private partnership 
dedicated to reducing preventable adverse medical events and convened 
by the Department of Veterans Affairs. Other NPSP members include the 
American Hospital Association, the Joint Commission on Accreditation of 
Healthcare Organizations, the American Nurses Association, the 
Association of American Medical Colleges, the Institute for Healthcare 
Improvement, and the National Patient Safety Foundation at the AMA. The 
NPSP has made a concerted effort to increase awareness of the year 2000 
hazards that patients relying on certain medical devices could face at 
the turn of the century.
                      others' remediation efforts
    As an initial step, we recommend that the Congress work closely 
with the AMA and other health care leaders to develop a uniform 
definition of ``compliant'' with regard to medical equipment. There 
needs to be clear and specific requirements that must be met before 
vendors are allowed to use the word ``compliant'' in association with 
their products. Because there is no current standard definition, it may 
mean different things to different vendors, leaving physicians with 
confusing, incorrect, or no data at all.
    Physicians should be able to spend their time caring for patients 
and not be required to spend their time trying to determine the year 
2000 status of the numerous medical equipment vendors with whom they 
work.
    We further suggest that both the public and private sectors 
encourage and facilitate health care practitioners in becoming more 
familiar with year 2000 issues and taking action to mitigate their 
risks. Greater efforts must be made in educating health care consumers 
about the issues concerning the year 2000, and how they can develop Y2K 
remediation plans, properly test their systems and devices, and 
accurately assess their exposure. We recognize and applaud the efforts 
of this Committee, the Congress, and the Administration in all of your 
efforts to draw attention to the Y2K problem and the medical 
community's concerns.
    We also recommend that communities and institutions learn from 
other communities and institutions that have successfully and at least 
partially solved the problem. Federal, state and local agencies as well 
as accrediting bodies that routinely address public health issues and 
disaster preparedness are likely leaders in this area. At the physician 
level, this means that public health physicians, including those in the 
military, organized medical staff, and medical directors, will need to 
be actively involved for a number of reasons. State medical societies 
can help take a leadership role in coordinating such assessments.
    We must also stress that medical device and software manufacturers 
need to publicly disclose year 2000 compliance information regarding 
products that are currently in use. Any delay in communicating this 
information may further jeopardize practitioners' efforts at ensuring 
compliance. A strategy needs to be developed to effectively motivate 
all manufacturers to promptly provide compliance status reports. 
Additionally, all compliance information should be accurate, complete, 
sufficiently detailed and readily understandable to physicians. We 
suggest that the Congress and the federal government enlist the active 
participation of the FDA or other government agencies in mandating 
appropriate reporting procedures for vendors. We strongly praise the 
FDA for maintaining a Y2K web site on medical devices, which has 
already helped physicians to make initial assessments about their own 
equipment.
    Although the AMA strongly believes that information must be freely 
shared between manufacturers and consumers, we strongly caution against 
providing liability caps to manufacturers in exchange for the Y2K 
information they may provide, for several reasons. First, as we have 
stated, generally vendors alone have the information about whether 
their products were manufactured to comply with year 2000 data. These 
manufacturers should disclose that information to their consumers 
without receiving an undue benefit from a liability cap. Second, 
manufacturers are not the only entities involved in providing medical 
device services, nor are they alone at risk if an untoward event 
occurs. When a product goes through the stream of commerce, several 
other parties may incur some responsibility for the proper functioning 
of that product, from equipment retailers to equipment maintenance 
companies. Each of these parties, including the end-user--the 
physician--will likely retain significant liability exposure if the 
device malfunctions because of a Y2K error. However, none of these 
parties will typically have had sufficient knowledge about the product 
to have prevented the Y2K error, except the device manufacturer. To 
limit the manufacturer's liability exposure under these circumstances 
flies in the face of sound public policy.
    We also have to build redundancies into the remediation efforts as 
part of the risk management process. Much attention has been focused on 
the vulnerability of medical devices to the Y2K bug, but the problem 
does not end there. Patient injuries can be caused as well by a 
hospital elevator that stops functioning properly. Or the failure of a 
heating/ventilation/air conditioning system. Or a power outage. The 
full panoply of systems that may break down as our perception of the 
scope of risk expands may not be as easily delineated as the potential 
problems with medical devices. Building in back-up systems as a 
failsafe for these unknown or more diffuse risks is, therefore, 
absolutely crucial.
    As a final point, we need to determine a strategy to notify 
patients in a responsible and professional way. If it is determined 
that certain medical devices may have a problem about which patients 
need to be notified, this needs to be anticipated and planned. 
Conversely, to the extent we can reassure patients that devices are 
compliant, this should be done. Registries for implantable devices or 
diagnosis-or procedure-coding databases may exist, for example, which 
could help identify patients who have received certain kinds of 
technologies that need to be upgraded and/or replaced or that are 
compliant. This information should be utilized as much as possible to 
help physicians identify patients and communicate with them.
                               conclusion
    We appreciate the Committee's interest in addressing the problems 
posed by the year 2000, and particularly, those problems that relate to 
physicians. Because of the broad scope of the millenium problem and 
physicians' reliance on information technology, we realize that the 
medical community has significant exposure. The Y2K problem will affect 
patient care, practice administration, and Medicare/Medicaid 
reimbursement. The AMA, along with the Congress and other 
organizations, seeks to better educate the health care community about 
Y2K issues, and assist health care practitioners in remedying, or at 
least reducing the impact of, the problem. The public and private 
sectors must cooperate in these endeavors, while encouraging the 
dissemination of compliance information.
                               __________

                  Prepared Statement of Kevin L. Thurm

    Good morning. I am Kevin Thurm, Deputy Secretary of the Department 
of Health and Human Services. I am accompanied by Dr. John Callahan, 
the HHS Assistant Secretary for Management and Budget and our Chief 
Information Officer (CIO); Nancy-Ann Min DeParle, the Administrator of 
the Health Care Financing Administration; and Dr. Michael Friedman, the 
Acting Commissioner of the Food and Drug Administration. I am pleased 
to appear before this Special Committee to provide you with a report on 
the accomplishments and the challenges faced by the health care 
industry in preparing for Year 2000.
    The Secretary and I have declared the Year 2000 date issue to be 
our highest information technology priority. We have taken and will 
continue to take actions to ensure that HHS information systems are 
Year 2000 compliant.
    We have involved all parts of our organization, including staff 
with expertise in information systems, budget, human resources, and 
acquisition management in our work to ensure that HHS information 
systems are able to recognize the Year 2000. No matter what else we do 
and what other initiatives we undertake, we must ensure that our 
ability to accomplish the Department's mission is not impaired.
    We must continue to exchange data with partners and accomplish the 
Department's mission in the next century. HHS is also working to inform 
the health care and human service communities about the Year 2000 
issue, and to encourage awareness and facilitate Year 2000 compliance 
of their equipment and facilities.
    The Secretary has established December 31, 1998, as our internal 
deadline for Year 2000 compliance of mission critical systems. This was 
done in order to provide a full year of operations in which to detect 
and remedy any adverse interactions among our systems and those of our 
many service partners, including other Federal agencies, States and 
local governments, tribes, and contractors. HHS mission critical 
systems pay Medicare benefits, provide billions of dollars in grant 
payments, collect and analyze epidemiologic, clinical trial, and other 
public health data, and track patient care and records data.
                         hhs's year 2000 effort
    To meet our Year 2000 responsibilities, we have taken a series of 
strong administrative actions. We have encouraged aggressive 
reallocation of funds, where necessary, to meet Year 2000 deadlines; we 
have established direct reporting lines between staff working on year 
2000 activities and the Operating Division (OPDIV) Chief Information 
Officers. Each OPDIV CIO is responsible for regular reporting on Year 
2000 efforts directly to the OPDIV head and the Department's Chief 
Information Officer until Year 2000 date compliance is achieved.
    HHS has also taken action to retain, attract, and re-employ 
qualified information technology professionals, using both employment 
and contracting authorities. On March 31, HHS received Department-wide 
personnel authorities from the Office of Personnel Management (OPM) to 
waive the pay and retirement reduction for re-employed military and 
civilian retirees who return to work on Y2K remediation. To date, 
Health Care Financing Administration has used the waiver authority to 
reemploy 11 annuitants.
    HHS agencies collect a tremendous amount of information that 
requires data exchange. The Department has inventoried our data 
exchanges and contacted our service partners to emphasize the 
importance of assuring Year 2000 compliance. HHS is working with the 
National Association of State Information Resource Executives (NASIRE) 
and others to assure a coordinated response. On April 22, HHS provided 
a listing of State interfaces to NASIRE for its review of completeness 
and accuracy, and we will update this listing monthly until all of our 
State interfaces are compliant. Later this month, HHS will update the 
listing on the GSA web-site for NASIRE review. In addition to data 
exchanges with States, HHS systems also exchange data with other 
federal agencies, local governments, Medicare contractors and fiscal 
intermediaries, private insurance companies, universities, banks, and 
drug manufacturers.
    In addition, HHS is requiring all of its operating divisions to 
conduct thorough testing and independent verification and validation of 
its renovated systems. We also know there is a possibility that, try as 
we might, some systems may not be fully compliant in time. All of our 
Operating Divisions have submitted initial business continuity and 
contingency plans to the Department. These plans will be finalized and 
tested, as appropriate, to provide us with the operational policies 
needed to permit business continuity in the event of system failure.
                      ensuring medicare compliance
    Of all the HHS programs, the Medicare program, administered by the 
Health Care Financing Administration (HCFA), is our greatest Year 2000 
challenge. Payment of health care claims is accomplished by over 60 
external contractors which operate and maintain a base of software 
programs that process nearly one billion claims each year from over one 
million health care providers.
    All of the external Medicare contractors have completed assessments 
of their systems. However, two critical steps are needed to ensure 
contractor compliance: (1) additional resources may need to be 
dedicated to Year 2000 remediation, and (2) HCFA must delay 
implementation of a small number of new initiatives to enable Year 2000 
remediation efforts be completed on time.
    Additional Resources: In May 1998, President Clinton signed a 1998 
supplemental appropriations bill redirecting $20 million of HCFA 
contractor funds to HCFA's Year 2000 efforts. In addition, HHS in May 
1998 shifted discretionary funds to make an additional $62.1 million 
available for HCFA's Year 2000 efforts in FY1998. Further, HCFA is 
working with Congress to provide an additional $61.5 million above the 
$37.5 million requested in the Budget, for a total of $99 million for 
FY1999. Finally, it is likely that HCFA will require additional Year 
2000 funding for FY2000.
    Delaying Implementation of New Projects: To achieve Year 2000 
compliance, HCFA estimates that 49 million lines of contractor code 
will need to be renovated. Assuring services to beneficiaries in the 
Year 2000 is HCFA's number one priority. Therefore, HCFA instructed 
Medicare contractors in June 1998 to suspend further work on converting 
their systems to the HCFA-selected standard claims systems. HCFA will 
also have to delay implementation of a small number of provisions of 
the Balanced Budget Act of 1997.
    Implementing these new initiatives would delay the Year 2000 
renovation process, jeopardizing the Medicare program's ability to 
ensure that its systems are Year 2000 compliant. If not fixed, 
enrollment systems might not function, beneficiaries could be denied 
services because providers may not be able to confirm eligibility, and 
providers could have cash flow problems because of delayed payments. 
Because of this imperative, Year 2000 activities must take precedence 
over other projects that require changes to computer and information 
systems.
    Initiatives being delayed include: implementing a new payment 
system for Medicare home health agencies, institutional outpatient 
Prospective Payment System (PPS), and a consolidated billing system 
that would require nursing homes to bill Medicare directly for all Part 
B services. In addition, HCFA has been advised by its independent 
verification and validation contractor, as well as by the Medicare 
contractors, to delay the provider updates scheduled for October 1, 
1999 and January 1, 2000. We will work with Congress and providers to 
evaluate our options and ensure that necessary delays in provider 
updates do not create a hardship.
    HCFA has been proactive in addressing Year 2000 compliance with its 
contractors and works closely and well with the contractors through a 
joint steering committee. The agency established a December 31, 1998 
deadline for contractor certification of compliance in order to ensure 
there is a full year to accomplish end-to-end testing and any final 
corrections. HCFA is also amending its formal agreements with the 
contractors to make clear that contractors are responsible for ensuring 
that their Medicare systems are Year 2000 compliant. All contractors 
with whom we have spoken have committed to signing the amendment, and 
at least one amendment has already been signed.
    Finally, as you are aware, HHS has sent proposals for Medicare 
contracting reform to Congress that would have allowed the Secretary of 
Health and Human Services more authority in dealing with Medicare's 
Year 2000 compliance efforts. There are a number of provisions in the 
existing Medicare law that hinder HCFA's ability to manage the Medicare 
program, including requiring Year 2000 compliance. The Administration's 
contracting reform proposal would give the Secretary greater 
flexibility in contracting for claims processing and payment functions 
and put HCFA on the same footing as other federal agencies. Under this 
authority, the Secretary could award contracts to a larger pool of 
qualified contractors. We believe this change would promote competition 
and potentially allow the Medicare program to obtain better value for 
its dollar. It would allow us to enhance relationships with our 
existing partners and give us an opportunity to build new 
relationships. The new authority would also be helpful in allowing the 
Secretary to implement contingency plans that permit business 
continuity in the event of system failure. In addition to having the 
full support of the Secretary, this proposal has received the 
endorsement of John Koskinen, Special Assistant to the President for 
Year 2000, in testimony before the Senate Governmental Affairs 
Committee. Medicare contracting reform has been, and continues to be, a 
Department and Administration priority.
                          outreach activities
    In response to the Year 2000 problem, the President established on 
February 4, 1998 the President's Council on Year 2000 Conversion. To 
deal with the issue of outreach, the Council has enlisted agencies to 
increase awareness of the problem and to offer support to public and 
private sector organizations--both domestically and internationally--
within their policy areas. Industry trade organizations, which have 
unique capabilities for communicating with their members about the Year 
2000 problem, individuals companies, and State and local governments, 
are working closely with these agencies.
    HHS is currently implementing a public outreach effort aimed at the 
health care and human services communities.
    HHS's outreach to the private sector encourages awareness and 
facilitates Year 2000 compliance to prevent disruptions to health care 
and human service providers and those served by those providers. The 
program also includes, to a lesser degree, an initiative to make health 
care providers aware of their responsibility to assure that their own 
information systems are millennium compliant.
    Our goal is to make sure that public and private health care 
insurers, health plans, providers and third party payers have systems 
that are Year 2000 compliant to avoid cash flow problems and possible 
disruption of health care services to millions of U.S. citizens. Health 
care providers generally have patient record and accounting systems 
that document the care provided to a patient and then bill the patient 
or his insurer or third party payer for the care provided.
    HHS has worked with most of the major insurers, managed care plans 
and public medical assistance programs in the U.S. to make them aware 
of the Year 2000 problem and encourage the appropriate remedial action. 
HHS has a working relationship with most of the major health care 
provider associations and with most of the health care providers in the 
U.S. through the Medicare program. It is taking advantage of these 
direct and indirect relationships to make health care providers aware 
of the millennium problem and encourage the appropriate corrective 
action. HHS and its constituent agencies have made millennium awareness 
a key component of opportunities to address physicians, hospitals, 
managed care plans, Medicaid State agencies, and other Medicare 
provider groups. Numerous speeches and presentations by senior 
departmental and agency officials have contained a millennium message.
    The Health Care Financing Administration has employed a variety of 
strategies to reach organizations and individuals involved in health 
care activities. HCFA has developed a comprehensive Year 2000 outreach 
program with three main areas of concern. First, third party payers 
must be able to assure health care providers that they have taken the 
necessary steps to receive bills and issue payments. Second, health 
care providers must take the steps necessary to make sure that their 
patient record and accounting systems will be able to send bills and 
receive payments. Finally, health care providers must take the steps 
necessary to make sure that their biomedical equipment is Year 2000 
compliant.
    To accomplish its outreach goals, HCFA has:
  --engaged the corporate leaders of over 60 major insurers in Year 
        2000 millennium awareness and renovation activities;
  --promoted Year 2000 awareness to over 400 managed care plans;
  --offered technical assistance to each State medical assistance 
        program administrator;
  --established a provider outreach and education subcommittee; and
  --conducted a Year 2000 briefing in Washington, D.C. for 
        representatives of more than 50 national health care provider 
        associations and payer associations.
    HCFA is also publishing a Year 2000 awareness article in each of 
its Medicare carrier and fiscal intermediary provider bulletins this 
summer. These articles are expected to reach hundreds of thousands of 
large and small provider offices.
    Other HHS operating divisions have also been proactive in issuing 
guidance, publishing articles in various medical and healthcare 
bulletins and magazines, and sending letters to state, local, and other 
public health and health care organizations. This month, the Indian 
Health Service (IHS) will be sending an awareness package to all tribal 
governments, tribally operated programs, urban Indian programs, and 
other Indian organizations. This package will include key references 
related to the Y2K issue in Indian health programs (the IHS Year 2000 
Plan, an awareness presentation for local use, administrative and 
technical resources available for them from the IHS) to enhance 
awareness and assist them in their Y2K activities.
    The Centers for Disease Control and Prevention (CDC) works closely 
with public health partners in State and local governments as well as 
health care practitioners to improve public health through prevention 
of disease, disabilities, and injuries. In November 1997, CDC 
distributed a letter to over 300 State, local, and other public health 
and health care organization recipients informing them about the Year 
2000 and proposing a set of public health data standards including one 
that requires all dates to be Year 2000 compliant. In addition, CDC is 
currently collaborating with HCFA to ensure effective communications 
with all clinical laboratories regulated under the Clinical Laboratory 
Improvement Act (CLIA) and to ensure that the clinical laboratory 
community is informed of this issue.
    In July 1997, the National Institutes of Health (NIH) established 
the Y2K Medical and Laboratory Equipment Work Group to advise it on 
biomedical equipment assessment and to take any remediation action 
necessary. In the spring of 1998, NIH initiated a study of Y2K impact 
on all medical equipment owned by the NIH Clinical Center. A notice was 
published in the NIH Guide for Grants and Contracts, to remind 
recipients of NIH grants and cooperative agreements that they must 
anticipate and mitigate any potential problem that might be caused by 
the Year 2000. This Y2K information is available on a continuous basis 
via a public NIH web site. The NIH data center had an exhibit at the 
Information Processing Interagency Conference to advertise Y2K 
inventory analysis, code conversion, and validation testing services. 
Finally, NIH has made inquiries to vendors concerning Y2K compliance of 
Commercial Off-The-Shelf (COTS) software, hardware and biomedical 
equipment and software. That information is currently disseminated via 
a clearinghouse on the web.
    The Administration for Children and Families (ACF) outreach is a 
two part effort. One part is directed at State grantees which are 
responsible for administering ACF's major programs, such as Child 
Support Enforcement and Temporary Assistance for Needy Families. 
Another part is directed at sub-State, non-profit service providers and 
Indian Tribe grantees served by ACF in program areas such as Head Start 
and Community Services.
    Among the key activities involved in outreach to human service 
providers are the following: identifying key audience members and 
appropriate points of contact, such as associations and publications; 
distributing information to those audiences, for example by using 
attendance at major meetings to raise awareness of the problem; 
developing and including Y2K awareness language in grant awards; 
developing Internet Y2K information web-sites; and exploring other 
opportunities for effective outreach.
    The Health Resources and Services Administration (HRSA) is 
targeting their outreach awareness campaigns at universities and 
colleges, health care facilities, and local government audiences. In 
the HRSA Grants Preview, Summer 1998 issue, HRSA has included a section 
dealing with the Year 2000 policies and provided a list of Year 2000 
resources. HRSA has alerted potential grantees/applicants on the Year 
2000 issue and asked potential grantees and applicants to address their 
organizations efforts to become Year 2000 compliant as part of their 
business or operational plan. The Summer 1998 issue of the HRSA Preview 
has already been distributed to 14,000 grantees, associations and 
partners of HRSA. In addition, it is on the Internet in both English 
and Spanish for grantees and users to see. The Internet address is 
http://www.hrsa.dhhs.gov/grants.htm. The HRSA Preview will also be 
distributed at the National Association of Local Boards of Health (July 
29-August 1, 1998), the Joint Annual meeting of the Association of 
County and City Health Officials (September 23-26, 1998) and the 
American Public Health Association Annual Meeting/Convention (November 
15-19, 1998).
    The Administration on Aging's (AoA) outreach plan involves raising 
awareness at all meetings, monitoring visits, and presentations made by 
the Assistant Secretary for Aging, Regional Administrators, and other 
senior management. The AoA UpDate, a monthly newsletter reaching over 
2000 members of the aging network, will have an article in every issue 
beginning in August highlighting important Y2K messages. All grant 
award packages beginning in August will have a Y2K message from the 
Assistant Secretary for Aging.
    Finally, the Substance Abuse and Mental Health Services 
Administration (SAMHSA) plans to raise awareness of the Year 2000 
problem with the various organizations which deal with substance abuse 
and mental health services. A letter was sent in May 1998 to all State 
and territorial mental health and substance abuse directors alerting 
them to the seriousness of the problem and requesting that they review 
their systems for Year 2000 conformance. Year 2000 requirements have 
been included in all grant award notices beginning in fiscal year 1998 
and in all Request-for-Contracts since late 1996. SAMHSA management 
staff have been including the Year 2000 issue in all speaking 
opportunities, and Year 2000 information is being included on the 
SAMHSA WEB site.
    On a regular basis agency representatives will be meeting with me 
to ensure continued success in our outreach efforts.
                          biomedical equipment
    We are also addressing the need to develop public information about 
the compatibility of systems embedded in biomedical devices. Because it 
is imperative that medical equipment continues to function properly in 
the next century, the Department is requesting information about the 
Year 2000 compliance of medical devices and scientific laboratory 
equipment manufactured by biomedical equipment manufacturers.
    HHS is working with the VA to better serve our mutual interests in 
Year 2000 compliance of biomedical equipment by merging our efforts on 
biomedical equipment. We have convened a steering committee to develop 
a charter and action milestones, and have asked the Department of 
Defense to participate as well. We will also work through the Health 
Care Outreach Sector Committee and the White House Year 2000 Conversion 
Council to enhance our ability to make more information available to 
the public.
    Medical devices and scientific laboratory equipment may experience 
problems beginning January 1, 2000 if the computer systems, software 
applications, or embedded chips used in these devices and equipment 
contain two-digit fields for year representation. Agencies, such as the 
Department of Defense, Department of Veterans Affairs, and Department 
of Agriculture as well as HHS, are concerned that the existence of the 
Year 2000 date problem in biomedical equipment could pose potentially 
serious health and safety consequences.
    On January 21, 1998, I signed a letter sent to over 16,000 
biomedical equipment manufacturers, strongly urging them to identify 
noncompliant products and the actions they are taking to ensure 
compliance. The manufacturers are responding to this survey developed 
by the Department and the Food and Drug Administration (FDA). The Food 
and Drug Administration now operates and maintains an Internet web site 
listing all biomedical equipment information received from 
manufacturers relating to Year 2000 compliance. The site address is: 
http://www.fda.gov/cdrh/yr2000/year2000.html. In addition, the FDA 
moderated a session at the annual meeting of the Association for the 
Advancement of Medical Instrumentation and issued to industry, 
``Guidance on FDA's Expectations of Medical Device Manufacturers 
Concerning the Year 2000 Date Problem.''
    The response from manufacturers has been disappointing. To date, 
approximately 10 percent of the 16,000 manufacturers have provided 
information. FDA issued a more targeted, follow-up letter on June 29, 
1998, to about 2,700 manufacturers of computerized devices urging them 
to submit product data. Dr. Friedman will provide you with the specific 
results from the manufacturers' responses, but we see no indications 
that there will be significant problems that will place patients at 
risk, assuming that the manufacturers are implementing the reported 
solutions.
    The Food and Drug Administration has held both Executive level and 
technical meetings with the Veteran's Health Administration (VHA) to 
assure a unified approach to the Y2K compliance of biomedical 
equipment. A Steering Committee has been formed, which will define HHS 
and DVA roles, responsibilities and schedules, determine the scope and 
content of the data to be collected from the manufacturers, reconcile 
redundant and conflicting data, merge data collected by VHA and FDA 
from the same manufacturer into a common format, and disseminate the 
data to interested parties via a single biomedical equipment website to 
be housed at FDA.
                     additional outreach activities
    HHS will undertake additional outreach activities to inform the 
health care and human services community about the Year 2000 issue. 
These efforts are part of the government-wide outreach efforts 
developed and managed by the White House Year 2000 Conversion Council. 
The President's Council on Year 2000 Conversion created over 30 
industry sector outreach groups. The purpose of these groups is to 
inform all the constituents of a given sector about what the federal 
government is doing to achieve Year 2000 in a timely way and to work 
with these constituencies, as appropriate, to increase their awareness 
and their own readiness. HHS chairs two groups--the Health Care Sector 
Outreach Committee and the Human Services Sector Outreach Committee. In 
addition, HHS is a member of other outreach committees, such as Benefit 
Payments, Education, Emergency Management, Employment-related 
Protection, Food Supply, and Science and Technology. We are also 
encouraging all our operating divisions with an Internet presence to 
establish a Year 2000 web site.
                               conclusion
    HHS still faces substantial challenges in its Year 2000 efforts. 
However, let me assure you, on behalf of Secretary Shalala, that we 
will continue to vigorously pursue Year 2000 remediation as our most 
important information technology initiative.
    We recognize our obligation to the American people to assure that 
HHS's programs function properly now and in the next millennium.
    I thank the Committee for its interest and oversight on this issue, 
and would be happy to answer any questions you may have.
                                 ______
                                 

 Responses of Kevin L. Thurm to Questions Submitted by Chairman Bennett

    Question. [State Health and Child Support Systemsl
    Mr. Secretary your department has been delegated Y2K responsibility 
to deal with Health and Welfare computer systems in the area of 
Federal-State Y2K compliance. Please give the Committee an overall 
status of the following programs. In addition we would like a State by 
State appraisal for the record.
  --Medicaid: both the payment systems and the Medicaid Management 
        System
  --Child Support Enforcement: both payment systems and child support 
        enforcement
    Answer.
General
    The Department of Health and Human Services (DHHS):
  --provides funds and technical assistance for ``State'' systems 
        developed and implemented to support State administration of 
        Federal programs, such as the Medicaid and Child Support 
        Enforcement (CSE); and
  --assesses the degree to which State systems projects are 
        successfully implemented and meet program requirements.
    In support of States' efforts to address the Y2K problem in their 
systems, DHHS is exercising these same roles (funding, technical 
assistance, project assessment, and monitoring). This is explained 
below in some detail. DHHS is not directly involved in the on-site, 
day-to-day development and operation of State systems, nor is DHHS 
directly involved with the day-to-day activities of States Y2K 
remediation efforts.
 medicaid: both the payment systems and the medicaid management system
General
  --HCFA is concerned with monitoring 3 systems:
                --MMIS (Medicaid Management Information Systems)
                --Managed Care which assures the delivery of care and 
                the payment for care
                --IES (Integrated Eligibility Systems)
  --Focus is on program eligibility, delivery of services to 
        beneficiaries and payment to providers
  --Definition of Certification and Compliance: Medicaid systems must 
        be operational with no disruption of the delivery of service to 
        eligible Medicaid beneficiaries or to the providers of care
  --Three areas of complexity in monitoring the Medicaid Y2K status:
                --IES's interface with the MMIS and Managed Care may or 
                may not be a component of the MMIS
                --Two or more State agencies administer these systems 
                in support of their programs: Medicaid/Public 
                Assistance/Child Support/Child Welfare
                --Defining the scope of outreach in terms of interfaces 
                to the IES is problematic.
Outreach activities to date
    HCFA has issued Medicaid Correspondence to State Medicaid Agencies:
  --HCFA's Center for Medicaid and State Operations (CMSO) issued a 
        State Medicaid Directors Letter on July 17, 1998 which outlined 
        HCFA's millennium compliance strategy as it relates to State 
        Medicaid Management Information Systems (MMIS).
                --Requires States to certify that their MMIS is Y2K 
                compliant by 3/99
                --Requires States to document their contingency plans
                --Strongly urges that States contract for IV&V services 
                (75 percent FFP for MMIS, 50 percent FFP for IES)
  --CMSO issued a State Medicaid Directors Letter on August 17, 1998
                --Informs States of institutional, professional, and 
                coordination of benefits (COB) claims processing 
                instructions that have been issued to Medicare Fiscal 
                Intermediaries (FIs) and Carriers
                --Although these new file format instructions apply to 
                Medicare contractors, due to the fact that many 
                providers serve both Medicare, as well as, Medicaid 
                populations, this may impact State Medicaid claims 
                processing. Therefore, this letter strongly encourages 
                States to communicate with their providers and other 
                respective trading partners to facilitate these data 
                exchange issues
  --A National Medicaid Management Information Systems (MINIS) was held 
        from August 10-14, 1998 in Orlando, Florida. The attendees 
        included State Medicaid staff, vendors, and HCFA central and 
        regional office staff. Monday, August 10th a Y2K working 
        session composed of HCFA regional and central office staff was 
        held. In addition, Wednesday, August 12th of the conference was 
        dedicated to Y2K. Among the topics discussed include: HCFA's 
        overall Y2K strategy, HCFA's Medicaid Y2K Strategy, and 
        contingency planning. Part of the day will also be spent in 
        ``break-out sessions'' with the States. This will help HCFA 
        obtain feedback from States in terms of their status, as well 
        as, what additional activities HCFA can take part in to further 
        assist States in their Y2K projects.
  --HCFA has placed Medicaid-specific Y2K Information on the INTERNET, 
        at the following URL:
                --http://www.hcfa.gov/y2k/Future Outreach Activities 
                Regarding Reporting:
CMSO initiatives in process
  --Documents being prepared by CMSO:
                --certification criteria for States to self-certify
                --on-site review tools for RO visits, and
                --contingency planning check list
  --A Medicaid-specific IV&V contractor statement of work (SOW) has 
        been written and is being process. The SOW includes the 
        following activities:
                --HCFA's Regional Offices will work with an outside 
                contractor to assess the status of State Y2K efforts. 
                Of primary concern are those systems that are used by 
                States to provide payments to Medicaid providers, both 
                fee-for-service and managed care, as well as those that 
                collect patient-related data including that used to 
                verify the status of patient eligibility for the 
                program.
                --Based on State self-reported information regarding 
                their assessment of where they are relative to 
                achieving full Y2K compliance, the contractor will 
                assist HCFA in ranking State systems into high, medium 
                and low risk categories, thereby providing a State by 
                State evaluation. The technical support contractor 
                would conduct on-site visits to those States which 
                appear to be of medium and high risk in terms of their 
                Y2K compliancy status.
                --The contractor will provide training to regional 
                office to assist in conducting on-site visits of those 
                States who are ranked to be low risk. The regional 
                office staff may also participate in on-site visits of 
                those States in the other risk categories. As a result 
                of the site visits, the technical support contractor 
                shall advise HCFA of the reasonableness of the work 
                effort as reported by the State Medicaid Agencies. As 
                part of the visits, the contractor will review such 
                materials as the States' test plans and contingency 
                plans and shall assist HCFA in assessing the adequacy 
                and appropriateness of such documents.
                --The results of the on-site visits, in conjunction 
                with the survey data of the MMIS Y2K status, will be 
                used by the contractor to develop monthly reports 
                summarizing MMIS Y2K status and further refining the 
                ranking of States by risk categories as needed. The 
                contractor will also assist HCFA in developing the 
                criteria that a State MMIS must meet to certify that it 
                is millennium compliant.
                --The contractor will collect information on the Y2K 
                status of States' integrated eligibility systems (IES) 
                through a variety of means including telephone surveys. 
                The contractor would be responsible for the analysis of 
                such data and for writing a summary report based upon 
                the results of the survey. Such surveys, and 
                corresponding reports, would be conducted on a regular 
                basis.
                --In addition to monitoring and evaluating the States' 
                Y2K readiness, HCFA will work with the contractor to 
                provide a variety of technical assistance vehicles.
                        --A series of Medicaid Y2K white papers will be 
                        developed to serve as guidance to State 
                        Medicaid Agencies and the Regional Office Y2K 
                        Coordinators (i.e., a Medicaid Y2K compliance 
                        definition, a Y2K certification document to 
                        serve as guidance to the contractor and RO 
                        personnel when conducting on-site visits, and 
                        ``best practices'' and ``lessons learned'').
                        --Two national Y2K Conferences, and two Y2K 
                        conferences in each region, for Medicaid State 
                        Agencies will be conducted to provide Y2K 
                        guidance through workshops and presentations.
Joint activities (USDA [FS], HHS [ACF, HCFA])
    Two coordinated Action Transmittals (AT) issued by Administration 
for Children and Families, HCFA and Food and Nutrition Service and 
signed by all parties were released to State Medicaid and Public 
Assistance Agencies in July 1998. These ATs are described as follows:
Transmittal No. AT-98-004
    Subject: Federal/State Information Technology Policy-Expedited 
Advance Planning Document Procedures for Year 2000 Compliance 
Activities
    This AT extends the expiration date for the expedited advance 
planning document (APD) approval procedures through July 1, 2000 to 
regular match State data processing acquisitions and systems 
development projected initiated in support of Year 2000 compliance in 
the State.
Transmittal No. AT-98-006
    Subject: State Public Assistance Systems and Year 2000 (Y2K)--
lnformation Sharing
    This AT:
  --Provides general information pertinent to dealing with the Y2K 
        problem--Federal Y2K contacts
  --Seeks to identify State public assistance agency contacts 
        responsible for the Y2K problem in the agency by program area. 
        This information is due to ACE by August 6, 1998
  --Informs States that HCFA will conduct a survey in which ACE may 
        participate that will provide information specific to the 
        Medicaid program
  --Strongly recommends that State public assistance agencies include 
        IV&V services in their Y2K testing plans
  --Will develop a State Y2K project manager contact list to be used to 
        contact each State, by phone, to determine whether their 
        integrated eligibility systems are Y2K compliant. These are the 
        systems that interface with MMIS.
Suplemental information to assist DHHS activities
    GAO's 30 page survey titled, Survey of States' Welfare Automated 
Systems Year 2000 Compliance (Job 511246) and the coordinated Action 
Transmittal mentioned above, requests that States provide Y2K contact 
personnel by July 6 and August 7, 1998 respectively. This information 
will be used by DHHS agencies to assess the status of State Y2K 
activities. In addition, the HCFA/CMSO's Data and Systems Groups' 
Division of State Systems will use this information to contact State 
public assistance agencies and State health departments to determine 
time frames for completion of State Y2K activities regarding integrated 
eligibility systems. Other public assistance programs that interface 
with the State's integrated eligibility systems impact the Medicaid 
Management Information Systems and have been included in the survey. 
The GAO schedule presented in the Year 2000 Computing Crisis: An 
Assessment Guide, will be used to compare State time frames against 
their Y2K activities in the survey being developed.
 child support enforcement: both the payment systems and child support 
                           enforcement system
    Most statewide automated Child Support Enforcement (CSE) systems 
were developed and implemented in the last 5 years and appear to be 
Calendar Year 2000 compliant. This is principally because of the Family 
Support Act of 1988 requirement that established a deadline for 
developing a single statewide system for child support of October 1, 
1997. Despite this, States are for the most part taking the additional 
precaution of conducting Year 2000 assessments of their entire child 
support automated systems, including critical interfaces with other 
systems. ACE is working closely with the States to provide assistance 
in these efforts. Federal reimbursement under the CSE program for Y2K 
activities in support of a statewide child support system is eligible 
for a 66 percent match rate.
    The areas of possible impact for Child Support automated systems 
are as follows:
  --Some of the oldest CSE statewide automated CSE systems were 
        developed in the early 1980's and may not be Y2K compliant.
  --The State CSE system's dependence on interfaces makes them 
        potentially vulnerable to Y2K even if the Child Support system 
        is Year 2000 compliant. A typical State CSE system has 
        interfaces with State agencies related to TANF, child welfare, 
        and Medicaid, as well as State Employment Security Agencies, 
        DMV, State taxes, Vital Records, and other public and private 
        automated systems, such as consumer reporting, financial 
        institutions, to locate, enforce, and process child support 
        payments. The State Child Support programs are concerned about 
        whether these other State agencies will have Y2K problems that 
        will affect the transmission of information.
  --The high priority being given to may be is impacting some State 
        agency efforts to make enhancements to their CSE systems to 
        meet statutory deadlines. Some States have been advised by 
        their State data centers that Y2K is a priority, and that no 
        mainframe change orders will be accepted until Y2K issues are 
        addressed. This makes it difficult for those States to meet the 
        statutory deadlines in PRWORA.
    The General Accounting Office is in the midst of a substantive 
survey of all State and territories to determine the status of State's 
plans related to calendar year 2000 for human service programs. About 
one-third of the questionnaires have been received so far and the GAO 
is following up with the remaining States to obtain their survey 
results.
    In the interim, in order to determine the status of Child Support 
Enforcement systems, OCSE intends to do the following:
  --OCSE issued revised regulations regarding State Child Support 
        Enforcement systems on August 21st. Among other provisions, 
        these regulations provide that when OCSE determines that a 
        State's child support enforcement systems efforts are at risk 
        due to any one or more of a variety of factors, including Y2K 
        problems, OCSE will take corrective action. This will include 
        requiring the State to obtain independent validation and 
        verification (IV&V) services.
  --The regulation also finalizes reinstatement of the Paperwork 
        Reduction Act clearance for OCSE's Advance Planning Document 
        process. Once the regulation is issued, OCSE will request that 
        each State submit a Y2K addendum to its Advance Planning 
        Document Update (APDU) for the State CSE system. OCSE will ask 
        each State to describe the Y2K compliance status and the status 
        of remedial action for State child support enforcement systems, 
        State payment systems, and the most important interfaces 
        between the State child support system and other State systems, 
        such as DMV, vital records, etc.
    After the material is received and analyzed, ACF/OCSE will require 
any State that it deems at high risk of failure due to insufficient 
attention to Year 2000 issues to obtain an Independent Validation and 
Verification Contractor to assist the State in addressing this issue.
    Question. [Health and Welfare Eligibility]
    Mr. Secretary, your department, and the departments of Agriculture 
(food stamps), Treasury (IRS family income data), Veterans Affairs 
(veterans benefit data) and the Social Security Administration (data 
for disability retirement and supplemental security income) 
collectively share data to determine eligibility for welfare and 
Medicaid assistance.
  --What is the status of the joint agency Y2K effort to determine 
        eligibility? How do you plan to test the system for Y2K 
        readiness?
  --Please explain the types of contingency plans you are developing to 
        ensure eligibility determination after the year 2000? Please 
        explain.
    Answer. The question refers to the Income Eligibility Verification 
System (IEVS) requirement under section 1137 of the Social Security 
Act. This requirement includes a number of mandatory separate and 
distinct information exchanges between States and various Federal 
agencies. These exchanges are intended to verify reported client 
circumstances, primarily including earned and unearned income, in order 
to avoid program eligibility and payment errors. IEVS is not a 
``system'' in which these agencies ``collectively share data,'' but is 
rather a series of separate and individual processes.
    No single Federal agency is responsible for coordinating the 
several information exchanges that comprise the IEVS requirements. Each 
of these exchanges takes place under the terms of a separately 
negotiated agreement between each State and each Federal agency. To the 
extent that these requirements involve the exchange of information 
between a Federal agency and States, they are covered under the 
individual Y2K corrective action plans of these Federal agencies. The 
Department of Health and Human Services (DHHS) is not responsible for 
any of the IEVS mandated information exchanges with States, nor is DHHS 
a party to any of the individual exchange agreements.
    No DHHS systems are used to determine eligibility for the welfare 
programs. With the implementation of the Temporary Assistance for Needy 
Families (TANF) block grant program, title IV-A of the Social Security 
Act prohibits the Secretary of Health and Human Services from 
prescribing rules or imposing any requirement on States unless 
specifically permitted by the statute. However, the individual Federal 
agencies involved will be working with States to ensure that their Y2K 
contingency plans address the issue of mandatory IEVS interfaces.
    Question. [Funding for Y2K Repairs]
    Mr. Secretary, HHS like other agencies has had to make tradeoffs in 
other programs and information technology initiatives to pay for Year 
2000 repairs. While the focus of this hearing is on HHS' outreach 
efforts to the private sector and not HHS' internal systems, I would 
still like to know if you have all the resources you need to remediate 
your systems?
    Answer. If HHS does not receive sufficient Y2K funding early in 
fiscal year 1999, it will be unable to finance all of its costs for 
remediation efforts, outreach, and contingency planning. All of these 
activities are essential for ensuring that the Department can 
accomplish its mission without disruption due to the millennium date 
change. HHS has already dedicated additional resources to Year 2000 
remediation. In May 1998, President Clinton signed a 1998 supplemental 
appropriations bill redirecting $20 million of HCFA's contractor funds 
to HCFA's Year 2000 efforts. In addition, HHS shifted discretionary 
funds in May 1998 to make a total of $62.1 million in additional funds 
available for HCFA's Year 2000 efforts in fiscal year 1998. HHS still 
has additional funding needs in fiscal year 1999 and fiscal year 2000. 
These cost estimates and chart have been updated again as requested by 
the Office of Management and Budget's call for Comprehensive Plans and 
Associated Funding Requirements for Achieving Year 2000 Computer 
Compliance, as can be seen in the attached exhibit.

                         DEPARTMENT OF HEALTH AND HUMAN SERVICES: Y2K TOTAL COST ESTIMATES--FISCAL YEAR 1996 TO FISCAL YEAR 2000
                                                                  [Dollars in millions]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                      Fiscal years--                                                 Budget
                                                              ------------------------------ President's  Supplemental    Total     request
                                                                                                budget       estimate     fiscal     fiscal      Total
                                                                 1996     1997       1998       fiscal    fiscal  year  year 1999     year
                                                                                              year  1999       1999                   2000
--------------------------------------------------------------------------------------------------------------------------------------------------------
ACF Total....................................................  .......    $0.500     $3.960      $1.500        $4.725      $6.225     $0.500     $11.185
AHCPR Total..................................................  .......  ........      0.040  ...........        0.420       0.420  .........       0.460
AOA Total....................................................  .......  ........  .........  ...........        0.600       0.600  .........       0.600
CDC Total....................................................  .......     3.000      9.400       1.900         4.299       6.199      1.610      20.209
FDA Total....................................................   $0.200     2.000      7.250       2.215        11.113      13.328      2.000      24.778
    HCFA--Internal...........................................    0.800     7.000     19.000      15.000        13.000      28.000     27.000      81.800
    HCFA--External...........................................    6.800     7.500     26.000      22.500       191.100     213.600    208.500     462.400
    HCFA--Supplemental.......................................  .......  ........     62.100  ...........  ............  .........  .........      62.100
    HCFA--Total \1\..........................................    7.600    14.500    107.100      37.500       204.100     241.600    235.500     606.300
    HCFA--Contingency........................................  .......  ........  .........  ...........  ............  .........    311.200     311.200
HRSA Total...................................................  .......     1.200      1.400  ...........       10.000      10.000      1.400      14.000
IHS Total....................................................  .......     2.500      2.500       2.300        23.400      25.700      1.000      31.700
NIH Total....................................................    0.040     9.200     11.200       5.993         4.832      10.825      3.328      34.593
OIG Total....................................................  .......  ........  .........  ...........        5.350       5.350      5.200      10.550
OS Total.....................................................  .......  ........      0.500  ...........        2.300       2.719  .........       3.219
PSC Total....................................................  .......     0.200      2.300       1.000         7.333       8.333      0.881      11.714
SAMHSA Total.................................................    0.095     0.020  .........  ...........        0.100       0.100  .........       0.215
                                                              ------------------------------------------------------------------------------------------
      HHS Total \1\..........................................    7.935    33.120    145.650      52.408       278.572     331.399    562.619   1,080.723
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ HCFA presented two estimates based upon ``most likely'' and ``pessimistic'' scenarios. ``Most likely'' estimates are in this table. The
  ``pessimistic'' alternative estimates are $299.7M for fiscal year 1999; $328.1M for fiscal year 2000; and $536.7M for contingency.

    Question. What are the Department's contingency plans, specifically 
what are the contingency plans for FDA and HCFA?
    Answer.
  --HHS required all of its operating divisions to develop business 
        continuity and contingency plans that will permit HHS to 
        conduct essential business in the event of computer system 
        problems arising from Year 2000. The GAO draft guide, ``Year 
        2000 Computing Crisis: Business Continuity and Contingency 
        Planning,'' was used as a foundation. Plans will identify the 
        operating divisions' core business processes, the minimum 
        acceptable level of service, triggers that would cause the 
        contingency plan to be invoked, and the business resumption 
        team, their roles, and responsibilities.
  --On June 15 HHS received the business continuity and contingency 
        plans from the operating divisions. These plans constitute an 
        important start, but they were generally not sufficiently 
        complete and detailed. In some cases, the plans did not appear 
        to be feasible or testable. HHS requested all operating 
        divisions to improve their plans.
  --In addition, HHS has formed three cross operating division 
        workgroups to develop generic contingency plans for (1) 
        payments of grants and benefits, (2) clinical care and health 
        data, and (3) facilities management areas. Since many of the 
        operating divisions have similar processes, these groups will 
        ensure that all HHS plans in these three areas will have 
        coordinated strategies.
                                  hcfa
    HCFA is establishing a high-level enterprise-wide business 
continuity and contingency plan modeled from the GAO draft guide, 
``Year 2000 Computing Crisis: Business Continuity and Contingency 
Planning,'' and the Social Security Administration's plan. The number, 
diversity, decentralization, and lack of standardization among HCFA, 
intermediary, carrier, State, and other contractor systems presents 
especially unique problems and risks, and requires considerable 
planning and evaluation before HCFA can develop adequate contingency 
plans.
    As guidance to system and business process owners, a model format 
for contingency plan development and tracking has been developed. It 
incorporates a template for standard risks, as well as guidelines for a 
business process-based risk analysis. It will also include management, 
environmental, and other risks, as well as the identification of 
system-specific risks. Versions of this template have been developed 
for both internal and external systems, and will be shared with key 
grant, contract, and other business partners.
    In view of substantial resource contention, we have developed 
triage procedures that will waive contingency plan development for 
systems that are low risk or low impact, and that are not essential to 
support of a critical business process.
    HCFA's number one concern is that beneficiaries continue to have 
access to needed care. The continuity of payments to providers is 
fundamental to ensuring that access.
    Our focus is on continuity of key business functions, not specific 
systems. Consequently, we are not limiting ourselves to specific 
mission-critical systems, but instead looking at all core business 
processes essential to sustain a basic level of service to our 
beneficiaries.
    The HCFA core business processes that are the focus of our 
contingency plan are:
  --Provision of Medicare services and the payment for those services
  --Interactions with state Medicaid agencies
  --Interactions with states on children's health insurance programs
  --Program integrity
  --Quality of care
  --Research
    The specifics of this plan will address:
  --Payment Processes
  --Eligibility Issues
  --Program Integrity
  --Litigation
  --Managed Care
  --Security and Privacy
  --Telecommunication Services
  --Quality of Care
Some plans already in place
    Some contingency plans are already in place; for example, our 
critical accounting functions will be protected by ``bridges'' that 
will assure that we will be able to continue transactions with our 
external partners even if they are not fully ready.
Specific examples
    Intermediaries or carriers may be able to back up some processes--
such as enrolling providers--with manual methods, especially those that 
are not time sensitive.
    Every intermediary and carrier will be prepared to operate on a 
temporary basis, assuring continuity of local eligibility verifications 
and payments in the event of local unavailability of the Common Working 
File.
    HCFA has also already taken some management actions to focus 
resources on its Y2K activities.
  --HCFA removed several internal systems from their normal environment 
        and assigned those systems to programming ``tiger'' teams, 
        whose job is to perform Y2k renovations and nothing else until 
        the job is done.
  --Second, HCFA is moving aggressively to take advantage of new 
        authority from the Office of Personnel Management to re-employ 
        retired federal programmers to help with Year 2000 activities. 
        To date, HCFA has used the authority to re-employ eleven 
        annuitants.
  --And, HCFA is continuing to develop other contingency strategies for 
        use in the event that even the ``tiger'' team's efforts fail. 
        For example, HCFA is capable of continuing to make payments to 
        managed care organizations even if its current processes that 
        support such functions totally fail. Similar contingencies will 
        be developed for all HCFA critical processes. Likewise, HCFA is 
        beginning to develop contingencies for its external systems 
        along with trigger points to tell us when to activate a 
        contingency plan.
    HCFA requires all owners of critical business processes, including 
external system maintainers, contractor data centers, and Medicare 
intermediaries and carriers to develop contingency plans, and has 
established working groups to develop Agency-level business continuity 
plans for the most critical business processes. Their IV&V contractor, 
Intermetrics, is reviewing all of HCFA's contingency plans as a 
component of its system reviews. Intermetrics will also review Medicare 
contractors' corporate contingency plans to access whether they are 
adequately conceived, developed, and supported.
                                  fda
Background
    FDA has developed a strategic business contingency plan, based on 
GAO's guidance document, that outlines the process which component 
organizations are to use in dealing with the impact of the Y2K date 
change on their core business processes. The plan requires each 
component organization to perform a business impact analysis by 
September 15, 1998. Following this, they must develop detailed business 
continuity plans by December 15, 1998. These plans will address how the 
processes will continue unabated into the year 2000, regardless of 
whether the impact is from the failure of a mission critical system or 
from another area of IT. In addition, the plans will take into 
consideration external dependencies and their impact. FDA has also 
completed contingency plans for each of its mission critical systems.
Approach
    FDA's basic contingency for ensuring business continuity in the 
face of Year 2000 system failure is to revert to manual processes if 
systems are unusable. To prepare for executing this strategy, the 
Centers/Offices need to perform the following:

    1. Conduct a business impact analysis.--This analysis will be 
performed on each major business process, and will examine the risks of 
business process failure due to Y2K impact on the Center/Office's 
ability to perform its critical work. As part of this business impact 
analysis, Centers/Offices will define the minimum acceptable level of 
outputs and services for each critical process.
    2. Build business continuity contingency plans.--Based on the 
results of the business impact analysis, Centers/Offices must define 
specific plans for FDA staff to follow in the event of system failure. 
In developing these business continuity and contingency plans, managers 
will consider different alternatives, and document the best contingency 
plans in terms of cost and benefits.
    3. Test the contingency plans.--After business continuity and 
contingency plans have been developed, they must be assessed to 
determine how realistic they are. This testing allows the Center/Office 
managers to see how quickly the plan can be implemented and how 
effective it is at carrying out the Agency's critical business. 
Depending on the type of test selected, it may also provide information 
affecting the cost estimates.
    Below are the key program areas and their associated processes for 
which FDA will develop business continuity plans.

------------------------------------------------------------------------
         Program area                      Business processes
------------------------------------------------------------------------
Foods........................  Conduct product review and approval on
                                products within the food supply.
                               Conduct post-market surveillance and
                                adverse event reporting in accordance
                                with the foods program.
                               Develop Methods and Good Manufacturing
                                Practices in accordance with the foods
                                program.
                               Conduct scientific research in support of
                                the foods program.
Human Drugs..................  Conduct product review and approval on
                                human drug products.
                               Conduct post-market surveillance and
                                adverse event reporting in accordance
                                with the human drug program.
                               Develop Methods and Good Manufacturing
                                Practices in accordance with the human
                                drugs program.
                               Conduct core scientific research
                                associated with human drugs.
Biologics....................  Conduct product review and approval on
                                biologic products.
                               Conduct post-market surveillance and
                                adverse event reporting in accordance
                                with the biologics program.
                               Develop Methods and Good Manufacturing
                                Practices in accordance with the
                                biologics program.
                               Conduct core scientific research
                                associated with biologics.
Medical Devices and            Conduct product review and approval on
 Radiological Health.           medical devices and radiological health
                                products.
                               Conduct post-market surveillance and
                                adverse event reporting in accordance
                                with the medical devices and
                                radiological health program.
                               Develop Methods and Good Manufacturing
                                Practices in accordance with the medical
                                devices and radiological health program.
                               Conduct core scientific research
                                associated with medical devices and
                                radiological health program.
Animal Drugs and Feeds.......  Conduct product review and approval on
                                animal drugs and feeds.
                               Conduct post-market surveillance and
                                adverse event reporting in accordance
                                with the animal drugs and feeds program.
                               Develop Methods and Good Manufacturing
                                Practices in accordance with the animal
                                drugs and feeds program.
                               Conduct core scientific research
                                associated with animal drugs and feeds
                                program.
National Center for            Conduct risk assessment.
 Toxicological Research        Conduct scientific research.
 (NCTR).                       Develop methods in accordance with FDA's
                                regulatory mission.
Office for Regulatory Affairs  Educate the public on food and drug
                                issues consistent with FDA's consumer
                                protection mission.
                               Perform compliance monitoring and
                                auditing.
                               Initiate legal action when needed.
Key Support Processes........  Oversees Agency-wide budget formulation
                                and execution, accounting, payment
                                processing, financial reporting, foreign
                                and domestic travel, employee
                                relocation, payroll liaison and
                                financial systems.
                               Provide a standard system for the
                                administrative processes that are common
                                across the Agency.
                               Manage the physical security of all FDA
                                facilities.
                               Develop and maintain an overall
                                information system architecture,
                                including telecommunications support.
------------------------------------------------------------------------

Schedule
    The table below shows the key milestones involved in the 
contingency planning, as well as the group responsible.

------------------------------------------------------------------------
                                        Component
            Milestone                  responsible        Target date
------------------------------------------------------------------------
Develop draft strategic business   OCIO..............  15 June 1998
 continuity and contingency plan.                       (Done).
Develop system-level contingency   Center IRM staff..  15 June 1998
 plans for mission critical                             (Done).
 systems.
Receive comments back from         Agency-wide.......  15 July 1998.
 Centers/offices on draft
 strategic business continuity
 and contingency plan.
Conduct business impact analysis   Program staff.....  15 September
 on critical business processes.                        1998.
Develop business process           Program staff.....  15 December 1998
 continuity contingency plans for
 critical business processes.
Complete compliance validation of  IV&V Contractor...  31 December 1998
 mission critical systems.
Complete testing of business       Program staff.....  15 March 1999
 process contingency plans.
------------------------------------------------------------------------

    Question. What are you doing to help providers meet the Year 2000 
requirements?
    Answer.
  --We have a comprehensive outreach program to help providers 
        understand what they must do about the Year 2000.
  --This summer we are publishing Year 2000 awareness articles 
        discussing the need to ensure that patient records and 
        accounting systems. as well as their biomedical equipment are 
        Year 2000 compliant. These will be included in all Medicare 
        contractor bulletins that go out to thousands of providers of 
        fires, large and small.
  --We are conducting a series of provider outreach meetings. In July 
        of this year, we held a briefing for representatives of more 
        than 50 national health care provider associations and payer 
        associations to discuss the status of Y2K, our expectations of 
        them, electronic data interchange, biomedical equipment and a 
        general overview of Y2K and the health care community. A second 
        meeting is scheduled for mid-August, an is expected to focus on 
        the electronic data interchange (EDI) community. We also expect 
        to hold additional outreach meetings in the future to increase 
        Y2K awareness in the provider community.
  --We presented our Y2K efforts and expectations for managed care 
        plans and insurers during HCFA Medicare Plus Choice 
        conferences. The conferences were held July 13-14 and August 3-
        4 in Baltimore, MD, July 21-22 in Chicago, IL, and July 28-29 
        in Los Angeles, CA which brought together approximately 1,600 
        persons. We announced during these sessions that requirements 
        for certification and contingency planning are currently being 
        developed and should be released to the managed care community 
        in September, 1998.
    We are also committed to providing technical assistance to state 
medical assistance program administrators, and have provided several 
written communications to them relating to Y2K compliance. Our latest 
letter strongly encouraged states to communicate with their providers 
and other trading partners to facilitate resolution of Y2K readiness of 
data exchanges.
  --We have also scheduled a Y2K working session at the National 
        Medicaid Management Information Systems conference which will 
        be held in mid-August. This session will provide an opportunity 
        for HCFA to discuss its Medicaid Y2K strategy and contingency 
        planning and to obtain feedback from the Y2K states on their 
        individual state operations. HCFA is also exploring using one 
        or more to look at the independent validation and verification 
        (I&IV) contractors Medicaid States' Y2K efforts. This is to 
        give us some assurance that the systems used to provide 
        payments to Medicaid providers, both fee-for-service and 
        managed care, as well as those that collect patient-related 
        data are Y2K complaint.
  --Lastly, HCFA has established a Y2K provider relations/Outreach 
        Group. This group is comprised of HCF, Medicare Contractors and 
        State Agency Personnel, whom is charged with developing a 
        strategy for spreading awareness among Medicare. Medicaid and 
        Managed Care Providers of the Y2K problem, providing them with 
        information which can be used to assist them in checking for 
        Y2K compliancy and producing materials which can be used by 
        HCFA employees, Medicare Contractors, State Agencies, Provider 
        Organizations and other partners who can use the information 
        for these purposes.
  --The workgroup has surveyed the Medicare contractors and obtained 
        examples of outreach materials they are using. Example of the 
        material collected thus far include a provider checklist to 
        assess Y2K compliance, Y2K articles in bulletins/newsletters, 
        and the establishment of voicemail and E-mail boxes for Y2K 
        questions, the development of millennium logos, Y2K seminars, 
        and a mechanism for testing electronic claims.
  --We will continue to closely monitor our own efforts and those of 
        our contractors to ensure that we are on track with becoming 
        Y2K compliant.
    Question. In HHS outreach efforts, what has HHS done to take into 
account the difficulties and concerns that rural hospitals may have 
because they do have the staff or money to become Y2K compliant?
    Answer. HCFA, through the efforts of its fiscal intermediaries, is 
reaching out to all rural hospitals. The outreach efforts include 
educational mailings, training seminars, vendor exhibits, along with 
personalized customer service activities. Examples of these customer 
service activities are provider Y2K hotlines and provider Y2K web 
sites.
    In addition, a Y2K briefing was conducted on July 16 for national 
professional and provider organizations. A special meeting is being 
conducted on August 20 for the benefit of organizations using 
electronic data interchange for Medicare billings. Other information 
sharing sessions on such topics as bill payment, biomedical equipment, 
and telecommunications are planned over the next several months as part 
of a continuous outreach program for provider organizations.
    HCFA will continue to alert and assist all providers, including 
rural hospitals, on the urgency of Y2K remediation. Over the next 
several months, HCFA will be developing outreach materials and 
disseminating them to providers. However, HCFA does not have the 
authority or resources to fund code renovation and testing at rural 
hospitals. Rural hospitals currently receive a number of grants to 
assist in administration. These grant monies can, and should be, 
utilized to help achieve Y2K compliance.

              ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD

                                ------                                


       Statement of the Medical Device Manufacturers Association

    Medical Device Manufacturers Association (MDMA) appreciates this 
opportunity to comment on the potential impact of the ``year 2000 
problem'' on healthcare for the record of the Senate Special Committee 
on the Year 2000 Technology Problem. MDMA is a national trade 
association based in Washington, D.C., representing nearly 130 
independent manufacturers of medical devices, diagnostic products, and 
health care information systems. MDMA seeks to improve the quality of 
patient care by encouraging the development of new medical technology 
and fostering the availability of beneficial innovative products to the 
marketplace.
    MDMA also appreciates this opportunity to tell you how MDMA and its 
members are responding to public concerns about this issue. First, 
however, we want to assure this committee and the public that the 
hundreds of thousands of people employed by the medical device industry 
are committed to public health and patient safety. Manufacturers of 
medical devices that rely on date-sensitive computer hardware and 
software are well aware of the significance of the potential problem 
created by two-digit date formats and are working to identify and 
develop solutions for the ``year 2000 problem.'' The industry intends 
to solve this dilemma and to prevent even one patient from being 
endangered by a device that malfunctions or is rendered inoperable by 
the ``millennium bug.''
    MDMA believes, however, that many concerned organizations have 
overstated the risk to health and medical device safety posed by the 
``year 2000 problem.'' Computer technology is not a component of most 
medical devices, and the vast majority of medical equipment that does 
rely upon computer hardware and software is not date-sensitive. In 
fact, the Food and Drug Administration (FDA), which regulates the 
medical device industry, testified before Congress last year that the 
agency does not believe this issue will have ``any major impact on 
medical device safety'':

        Computer software frequently is embedded as a ``component'' of 
        devices, i.e., software contained on a microchip to control 
        device operation. Examples of such devices are: pacemakers, 
        infusion pumps, ventilators, and many others. It is unlikely 
        that most of these products would be impacted by the ``Year 
        2000'' problem. Almost none of these devices require knowledge 
        of the current date to operate safely and effectively. For 
        example, pacemakers do not use the current date in their 
        operation.\1\
---------------------------------------------------------------------------
    \1\ Testimony of Thomas Shope, Ph.D., acting director, Division of 
Electronics and Computer Sciences, Office of Science and Technology, 
Center for Devices and Radiological Health, Food and Drug 
Administration, before the Subcommittee on Oversight and 
Investigations, Committee on Veterans' Affairs, U.S. House of 
Representatives, June 26, 1997.

    Manufacturers are responding to this issue with all deliberate 
speed because the industry shares a commitment to patient safety with 
our nation's health professionals and hospital administrators. In 
addition, FDA regulations require our products to be ``year 2000 
compliant.'' Finally, the unwritten laws of business require 
manufacturers to address any ``year 2000 problems'' if they hope to 
maintain customer confidence in their companies and products.
    Nevertheless, the industry needs to do more to demonstrate that 
there is no ``year 2000 crisis'' for medical devices and to reinforce 
our commitment to patient safety. Patients and healthcare providers are 
asking for information about the ``year 2000 compliance'' of medical 
products and about manufacturers' plans for addressing any potential 
problems with date-sensitive devices. Fortunately, an excellent 
national clearinghouse for information on the ``year 2000 compliance'' 
of medical devices already exists: the FDA's Year 2000 World Wide Web 
site [www.fda.gov/cdrh/yr2000].
    The FDA established its Year 2000 Web site earlier this year as a 
comprehensive database for information on the status or impact on 
product performance of the ``year 2000 problem'' for medical devices 
and scientific laboratory equipment. The FDA is collecting this 
information on behalf of federal agencies that purchase and use medical 
products and need to plan remedial actions in case any such products 
are affected by date-processing or date-storing problems. This database 
could serve as the coordinated national clearinghouse sought by 
concerned health professionals and healthcare institutions
    To demonstrate the responsiveness of the medical device industry on 
issues of patient safety, MDMA has begun an initiative to collect 
information from its members on the ``year 2000 compliance'' of their 
products. Today, MDMA is sending a memorandum that asks our member 
manufacturers to fill out and return an questionnaire and any necessary 
supplementary information on ``year 2000 compliance'' to MDMA as soon 
as possible but no later than October 6, 1998. MDMA will transmit all 
completed questionnaires to the FDA as we receive them.
    With our members' cooperation, MDMA hopes to complete this 
initiative by October 7, the day that Congress is scheduled to adjourn 
for the year. Since this committee and many other members of Congress 
have expressed interest and concern in this issue, MDMA wants to assure 
our legislators before they return home for the November elections that 
the medical device industry is responding to their concerns.
    MDMA believes this coordinated response to the FDA's request for 
information will demonstrate the responsiveness of MDMA and its members 
on issues of patient safety and, more importantly, will reassure the 
public that there is no major ``year 2000 crisis'' in medical devices. 
Many manufacturers have already posted information about theirs 
products' compliance status on the FDA's Web site, and MDMA encourages 
the media and the groups that represent patients, health professionals, 
hospitals, and health plans to publicize the existence of this site to 
their constituents and affiliates. We also encourage these 
organizations to report responsibility on the true extent of the ``year 
2000 problem'' and medical device safety. Incomplete or misleading 
pronouncements on this issue will only serve to frighten unnecessarily 
patients who rely on the life-enhancing and life-saving technologies 
developed by the medical device industry.