[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]



 
                  HEALTH CARE INFORMATION TECHNOLOGY:
                   WHAT ARE THE OPPORTUNITIES FOR AND
                   BARRIERS TO INTER-OPERABLE HEALTH
                    INFORMATION TECHNOLOGY SYSTEMS?

=======================================================================

                             FIELD HEARING

                               BEFORE THE

                SUBCOMMITTEE ON ENVIRONMENT, TECHNOLOGY,
                             AND STANDARDS

                          COMMITTEE ON SCIENCE
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             SECOND SESSION

                               __________

                           FEBRUARY 23, 2006

                               __________

                           Serial No. 109-37

                               __________

            Printed for the use of the Committee on Science


     Available via the World Wide Web: http://www.house.gov/science



                    U.S. GOVERNMENT PRINTING OFFICE
26-205                      WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                                 ______

                          COMMITTEE ON SCIENCE

             HON. SHERWOOD L. BOEHLERT, New York, Chairman
RALPH M. HALL, Texas                 BART GORDON, Tennessee
LAMAR S. SMITH, Texas                JERRY F. COSTELLO, Illinois
CURT WELDON, Pennsylvania            EDDIE BERNICE JOHNSON, Texas
DANA ROHRABACHER, California         LYNN C. WOOLSEY, California
KEN CALVERT, California              DARLENE HOOLEY, Oregon
ROSCOE G. BARTLETT, Maryland         MARK UDALL, Colorado
VERNON J. EHLERS, Michigan           DAVID WU, Oregon
GIL GUTKNECHT, Minnesota             MICHAEL M. HONDA, California
FRANK D. LUCAS, Oklahoma             BRAD MILLER, North Carolina
JUDY BIGGERT, Illinois               LINCOLN DAVIS, Tennessee
WAYNE T. GILCHREST, Maryland         DANIEL LIPINSKI, Illinois
W. TODD AKIN, Missouri               SHEILA JACKSON LEE, Texas
TIMOTHY V. JOHNSON, Illinois         BRAD SHERMAN, California
J. RANDY FORBES, Virginia            BRIAN BAIRD, Washington
JO BONNER, Alabama                   JIM MATHESON, Utah
TOM FEENEY, Florida                  JIM COSTA, California
BOB INGLIS, South Carolina           AL GREEN, Texas
DAVE G. REICHERT, Washington         CHARLIE MELANCON, Louisiana
MICHAEL E. SODREL, Indiana           DENNIS MOORE, Kansas
JOHN J.H. ``JOE'' SCHWARZ, Michigan  VACANCY
MICHAEL T. MCCAUL, Texas
VACANCY
VACANCY
                                 ------                                

         Subcommittee on Environment, Technology, and Standards

                  VERNON J. EHLERS, Michigan, Chairman
GIL GUTKNECHT, Minnesota             DAVID WU, Oregon
JUDY BIGGERT, Illinois               BRAD MILLER, North Carolina
WAYNE T. GILCHREST, Maryland         MARK UDALL, Colorado
TIMOTHY V. JOHNSON, Illinois         LINCOLN DAVIS, Tennessee
DAVE G. REICHERT, Washington         BRIAN BAIRD, Washington
JOHN J.H. ``JOE'' SCHWARZ, Michigan  JIM MATHESON, Utah
VACANCY                                  
SHERWOOD L. BOEHLERT, New York       BART GORDON, Tennessee
                AMY CARROLL Subcommittee Staff Director
            MIKE QUEAR Democratic Professional Staff Member
            JEAN FRUCI Democratic Professional Staff Member
                 OLWEN HUXLEY Professional Staff Member
                MARTY SPITZER Professional Staff Member
               SUSANNAH FOSTER Professional Staff Member
                 CHAD ENGLISH Professional Staff Member
                  JAMIE BROWN Majority Staff Assistant


                            C O N T E N T S

                           February 23, 2006

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative David G. Reichert, Subcommittee on 
  Environment, Technology, and Standards, Committee on Science, 
  U.S. House of Representatives..................................    11
    Written Statement............................................    12

Statement by Representative David Wu, Ranking Minority Member, 
  Subcommittee on Environment, Technology, and Standards, 
  Committee on Science, U.S. House of Representatives............    12

                               Witnesses:

Mr. William Jeffrey, Director, National Institute of Standards 
  and Technology
    Oral Statement...............................................    14
    Written Statement............................................    16
    Biography....................................................    22

Dr. Jody Pettit, M.D., Project Chair, Portland Health Care 
  Quality Corporation, Portland, Oregon
    Oral Statement...............................................    23
    Written Statement............................................    25
    Biography....................................................    30

Ms. Diane E. Cecchettini, President and CEO, MultiCare Health 
  System, Tacoma, Washington
    Oral Statement...............................................    30
    Written Statement............................................    32
    Biography....................................................    46

Mr. John Jay Kenagy, Chief Information Officer, Oregon Health and 
  Science University
    Oral Statement...............................................    46
    Written Statement............................................    48
    Biography....................................................    54

Dr. Homer L. Chin, Medical Director, Clinical Information 
  Systems, Kaiser Permanente; Northwest Chief Information 
  Officer, Oregon Health and Science University
    Oral Statement...............................................    54
    Written Statement............................................    56

Mr. Luis Machuca, President and CEO, Kryptiq Corporation, 
  Hillsboro, Oregon
    Oral Statement...............................................    59
    Written Statement............................................    60
    Biography....................................................    65

Mr. Prem Urali, President and CEO, HealthUnity Corporation
    Oral Statement...............................................    65
    Written Statement............................................    67
    Biography....................................................    69

Discussion.......................................................    70
    Government Role in Health IT.................................    71
    Training on IT Systems.......................................    74
    Role of Patient in Health IT.................................    76
    Privacy Issues...............................................    77
    Unique Patient Identifier....................................    78
    Questions From the Audience..................................    81
    Top-down or Bottom-up Approach...............................    84
    HIPAA........................................................    87

              Appendix: Additional Material for the Record

HEALTH INFORMATION TECHNOLOGY: HHS Is Taking Steps to Develop a 
  National Strategy, United States Government Accountability 
  Office, Report to the Chairman, Committee on the Budget, House 
  of Representatives.............................................    94


HEALTH CARE INFORMATION TECHNOLOGY: WHAT ARE THE OPPORTUNITIES FOR AND 
   BARRIERS TO INTER-OPERABLE HEALTH INFORMATION TECHNOLOGY SYSTEMS?

                              ----------                              


                      THURSDAY, FEBRUARY 23, 2006

                  House of Representatives,
      Subcommittee on Environment, Technology, and 
                                         Standards,
                                      Committee on Science,
                                                    Washington, DC.

    The Subcommittee met, pursuant to call, at 12:18 p.m., at 
the Providence St. Vincent Medical Center, Souther Auditorium, 
9205 S.W. Barnes Road, Portland, Oregon, the Honorable David 
Reichert presiding.


                            hearing charter

         SUBCOMMITTEE ON ENVIRONMENT, TECHNOLOGY, AND STANDARDS

                          COMMITTEE ON SCIENCE

                     U.S. HOUSE OF REPRESENTATIVES

                  Health Care Information Technology:

                   What Are the Opportunities For and

                   Barriers to Inter-operable Health

                    Information Technology Systems?

                      thursday, february 23, 2006
                          12:00 p.m.-2:00 p.m.
                 providence st. vincent medical center
               souther auditorium, 9205 s.w. barnes road,
                         portland, oregon 97225

Purpose

    On February 23, 2006 at 12:00 p.m. in Portland, Oregon, the 
Subcommittee on Environment, Technology, and Standards of the House 
Science Committee will hold a field hearing about the opportunities for 
and barriers to inter-operable health information technology (IT) 
systems.
    The purpose of this hearing is to learn about the potential 
benefits of IT to health care providers and consumers, the impact of IT 
on health care costs and quality, and about the major challenges to 
implementing a national health information technology system. The 
hearing will review federal, State and private-sector efforts to 
promote connectivity, which would enable health care providers to 
access patient data from any location. The hearing will examine efforts 
to develop standards for security, privacy and inter-operability, which 
are crucial to the adoption of nationwide health IT systems.
    The Committee plans to examine these overarching questions:

        1.  What are the potential benefits of information technology 
        to the health care industry and health care consumers?

        2.  What should Federal and State governments and the private 
        sector do to foster the development of better health IT 
        systems? What is preventing the widespread adoption of these 
        systems?

        3.  What is happening in the states of Oregon and Washington to 
        help insurers, hospitals, doctors, and other providers develop 
        more comprehensive health IT systems? What role has the Federal 
        Government played? What else needs to be done?

Witnesses:

Dr. William Jeffrey, Director of the National Institute of Standards 
and Technology (NIST). NIST's mission is to promote U.S. innovation and 
industrial competitiveness by advancing measurement science, standards, 
and technology in ways that enhance economic security and improve our 
quality of life. NIST has a memorandum of understanding with the 
Department of Health and Human Services (HHS) to collaborate on the 
development of health IT infrastructure and standards.

Dr. Jody Pettit, Project Chair, Oregon Health Care Quality Corp 
(QCorp). The Oregon Health Care Quality Corp provides both a forum for 
sharing information and best practices and a mechanism to identify 
strategic projects for improving health care through community based 
activities. Dr. Pettit chairs the Oregon Health Information 
Infrastructure (OHII) Project for the QCorp. The OHII seeks to create 
an Oregon multi-stakeholder collaboration to apply health care 
information and communication technology so that care is timely, 
effective, efficient, safe, equitable and patient-centered.

Mr. Luis Machuca, President and CEO of Kryptiq Corporation. Kryptiq 
makes software products for health care providers for secure messaging, 
electronic prescribing, disease management and contract management.

Dr. Homer Chin, Medical Director for Clinical Information Systems, 
Kaiser Permanente Northwest. Kaiser Permanente is America's leading 
integrated health care organization, with 8.2 million enrolled members. 
Kaiser Permanente Northwest started a pilot health IT system in 1994 
and rolled out a full system in 1998.

Mr. Prem Urali, President and CEO of HealthUnity Corporation. 
HealthUnity makes software and hardware health IT products for health 
care providers.

Ms. Diane Cecchettini, RN, President and CEO of MultiCare Health 
System. MultiCare Health System is the largest provider of key medical 
services in Pierce County, south King County and much of southwest 
Washington State. MultiCare has adopted a comprehensive health IT 
system throughout its network of providers.

Mr. John Jay Kenagy, Chief Information Officer, Oregon Health & Science 
University (OHSU). OHSU offers instruction in health care, biomedical 
science, environmental engineering and computer science for more than 
3,900 students, interns, residents, fellows and clinical trainees each 
year. Furthermore, the University provides education and training for 
about 18,000 health professionals through its continuing education 
programs. OHSU is currently implementing an electronic health record 
system for its patients.

Background:

What Are Inter-operable Health IT Systems?
    Inter-operability allows different information technology systems 
and software applications to communicate, exchange data, and use that 
information. Inter-operable health IT systems can involve the use of 
and the ability to share: up-to-date patient electronic health records 
(EHRs); electronic physician orders for drug prescriptions and lab 
tests; electronic referrals to specialists and other health care 
providers; and electronic access to current treatments and research 
findings. For these systems to share information, especially if they 
are different IT systems, they must use common standards for data 
transmission, medical terminology, security, and other features.
Potential Benefits of Health IT Systems
    Studies suggest that eliminating errors related to paperwork and 
enabling better communication between health care providers could 
improve treatment and lower costs in the health care industry. For the 
purposes of this charter, health care providers include both 
individuals (such as physicians, nurses and lab technicians) and 
institutions (such as hospitals and medical practices). According to a 
study in the Annals of Family Medicine, miscommunication is a major 
cause of 80 percent of medical errors, including poor communication 
between physicians, misinformation in medical records and misfiled 
charts.\1\ Providing doctors with access to EHRs could reduce duplicate 
medical tests and adverse drug interactions. A patient's EHR would 
include all of his or her lab tests and/or drug allergies, thereby 
reducing the chance for error. In addition, EHRs could provide health 
care workers with the ability to access a patient's medical history at 
short notice in emergency situations. Inter-operable health IT systems 
could allow physicians to: share patient medical information and lab 
results between hospitals, labs, and clinics; order drug prescriptions; 
and alert patients of drug recalls much faster than by sharing paper 
records. Several health associations estimate that the potential 
savings of greater IT adoption by the health care industry run into the 
tens of billions of dollars. A recent study in the journal Health 
Affairs estimates that a fully inter-operable national health IT 
network could yield $77.8 billion per year in savings, or five percent 
of America's annual health care spending.\2\
---------------------------------------------------------------------------
    \1\ Annals of Family Medicine. July/August 2004.
    \2\ Health Affairs. January 2005. ``The Value of Health Care 
Information Exchange and Inter-operability,'' by Jan Walker et al.
---------------------------------------------------------------------------
Barriers to Adoption of Health IT Systems
    The adoption of EHRs and other health-related IT has been slow. 
According to a May 2005 Government Accountability Office report on the 
subject, the Department of Health and Human Services (HHS) has 
identified the health care industry as the largest part of the U.S. 
economy that has not fully embraced IT.\3\ An expert at Brigham and 
Women's Hospital in Boston, found that the health care industry invests 
only about two percent of its revenues in IT.\4\ Other information-
intensive industries invest approximately 10 percent of revenues. There 
are many reasons for this relative lack of adoption including: cost of 
purchasing IT systems and institutional resistance to the adoption of 
new technology; contradictory incentives for health care providers and 
payers; concerns about security systems for patient records; and the 
lack of standards necessary for uniform data entry and exchange, 
software, and terminology.
---------------------------------------------------------------------------
    \3\ ``Health Information Technology: HHS is Taking Steps to Develop 
a National Strategy,'' GAO Report to the Chairman, Committee on the 
Budget, House of Representatives. May 2005.
    \4\ The Economist, April 28, 2005. ``The No-Computer Virus.''
---------------------------------------------------------------------------
    Estimates of the number of providers who currently utilize EHRs 
range from five percent to 20 percent nationwide, meaning that the 
remainder rely on paper-based records that must be faxed or mailed if a 
doctor outside of a medical office or provider network wants to see a 
patient's history. According to a study in Health Affairs, only 12 
percent of practices with five or fewer full-time-equivalent 
physicians, where most physicians work and most patients receive care, 
use EHRs.\5\ A major reason for low rate of utilization is the cost of 
IT systems. Large health care providers and hospitals have a distinct 
advantage over smaller and rural practices because they have greater 
access to capital to purchase new technology, more integrated offices, 
and larger physical concentrations of doctors and patients. In 
addition, many physicians have used paper records and files for years, 
and are uncomfortable abandoning this system to use IT.
---------------------------------------------------------------------------
    \5\ Health Affairs. September 2005. ``Medical groups' adoption of 
electronic health records and information systems,'' by D. Gans et al.
---------------------------------------------------------------------------
    A typical medical practice in the U.S. has five doctors handling 
approximately 4,000 patient visits in a year. The Markle Foundation in 
New York finds that these practices would lose money if they had to 
invest in, and learn how to use an inter-operable health IT system. 
Furthermore, the current medical reimbursement system creates a 
contradiction between insurers and patients on the one hand, who would 
benefit from IT adoption, and health care providers on the other hand, 
who would have to pay for IT adoption. Providers do not necessarily 
have the economic incentive to adopt these systems, even if they are 
more convenient to use. Currently, most health care providers operate 
on a financial reimbursement system, which does not reward efficiency. 
For instance, a physician may wish to order a duplicate test for a 
patient rather than wait for the physical transfer of the patient's 
test results from another practice. The patient's health plan or 
insurance company will reimburse the provider for this additional test. 
Use of an IT system could reduce this inefficiency by providing remote 
access to the patient's original test results. HMOs, such as Kaiser 
Permanente, are exceptions to this model and have incentives to adopt 
IT because the payer and provider exist in a single financial entity.
    In 2005, ChoicePoint informed approximately 163,000 people that 
their personal information, including names, addresses, birth dates, 
social security numbers and credit summary information were obtained by 
suspected criminals posing as legitimate business people. This data 
breach highlights security concerns for IT. Most patients want to 
restrict access to their medical records, which contain sensitive 
personal information, to their doctors and to other vital medical 
personnel. Whereas paper files may not provide ideal security, breaches 
require deliberate action, and even then the bulk of paper records 
prevents or discourages large-scale mischief. With EHRs, it is easier 
to access a lot of information quickly because data can be distributed 
to hundreds or even thousands of people at the click of a button. Last 
February, for example, the names and addresses of over 6,000 HIV 
carriers were accidentally e-mailed to all 900 staff members of the 
Palm Beach County Health Department. For these reasons, system 
designers must ensure that passwords and encryption provide adequate 
security to prevent hackers and other unauthorized users from gaining 
access to sensitive personal information. The system design itself must 
also include checks that protect this information from inadvertently 
being transmitted to inappropriate recipients.
    Some health care networks, organizations, municipalities and states 
have been working to develop health IT systems. They recognize the need 
for connectivity using agreed-upon inter-operability standards. 
Comprehensive health care networks, such as Kaiser Permanente Northwest 
and the Veterans Health Administration, have sophisticated IT systems, 
which allow extensive connectivity within their networks. However, 
these are closed systems which cannot share electronic patient 
information with outside providers. Some cities have implemented pilot 
programs which allow interconnectivity at various levels, but this 
often involves the exchange of information in PDF form. PDF files are 
not easily transferred into searchable databases. If agreed-upon 
standards existed for EHR data exchange, these burgeoning systems could 
adopt them, making seamless and efficient connectivity between them 
much easier.

Federal Initiatives:

    In April 2004, President Bush established a national goal that most 
Americans have EHRs within 10 years. To carry out the President's goal, 
HHS, in partnership with the National Institute of Standards and 
Technology (NIST), has embarked on a number of initiatives, with both 
public and private entities, to facilitate health IT adoption without 
directly mandating standards.

Office of National Health Information Technology Coordinator
    In April 2004, President Bush signed an executive order 
establishing the position of the National Health Information Technology 
Coordinator (National Coordinator) in HHS. The National Coordinator was 
charged to develop a plan to ``guide the nationwide implementation of 
inter-operable health IT in both the public and private health care 
sectors that will reduce medical errors, improve quality, and produce 
greater value for health care expenditures.''
    On May 6, 2004, Dr. David Brailer was appointed as the National 
Coordinator for Health IT. Dr. Brailer previously served as a Senior 
Fellow at the Health Technology Center in San Francisco, CA, a non-
profit research and education organization that provides advice to 
health care organizations about the future impact of technology in 
health care delivery. Dr. Brailer announced a plan to achieve health 
inter-operability nationwide, which includes having NIST work with the 
National Coordinator's Office to oversee the development of standards 
to facilitate this process. HHS and NIST signed a Memorandum of 
Understanding, which transfers $6 million from HHS to NIST to pay for 
its health IT work. The National Coordinator's Office and NIST are 
collaborating with industry, standards organizations, consortia, and 
government agencies to build tools and prototypes to advance the 
adoption of IT within health care systems.
    In his 2006 State of the Union address, President Bush called for 
the ``wider use of electronic records and other health information 
technology, to help control costs and reduce dangerous medical 
errors.'' The President's 2007 budget requests $116 million for the 
Office of the National Coordinator for Health Information Technology, 
an increase of $55 million or 90 percent over the FY 2006 enacted 
level. Funding will support strategic planning, coordination, and 
analysis of technical, economic, and other issues related to public and 
private adoption of health IT. The total FY 2007 budget request for 
health IT initiatives in HHS is $169 million, an increase of $58 
million or 52 percent over the FY 2006 enacted level.

NIST
    NIST is the Nation's oldest federal laboratory and conducts 
research in a wide range of physical and engineering sciences. NIST 
researchers collaborate with colleagues in industry, academic 
institutions, and other government agencies to support the development 
of standards for a broad array of technical fields including software, 
hardware, communications, and computer security. NIST activities to 
support the President's health IT goals include participation in key 
standards-related efforts, developing performance and conformance 
metrics for health IT, developing procedures for certifying conformance 
to consensus-based standards, and helping to secure sensitive 
information and information systems. NIST has extensive experience 
working with industry on standards development, conformance testing, 
and other aspects of standards. In particular NIST has worked with the 
IT industry on standards for inter-operability and computer security, 
which would be a significant component of health IT. NIST helped HHS 
develop Requests for Proposals for contracts on heath IT, and it 
continues to work on these projects, providing technical advice and 
other support to the participants.

HHS Contracts for Health IT Development
    On October 6, 2005, Secretary Michael Leavitt announced that HHS 
has let three contracts to develop a Standards Harmonization Process, a 
Compliance Certification Process, and Privacy and Security Solutions. 
On November 10, HHS awarded contracts to four groups of health care and 
health IT organizations to develop a Nationwide Health Information 
Network.
            Standards Harmonization Process: $3,300,000 annually for 
                    three years
    HHS awarded a contract to the American National Standards 
Institute, a non-profit organization that administers and coordinates 
the U.S. voluntary standardization activities, to convene the Health 
Information Technology Standards Panel (HITSP). The HITSP will bring 
together U.S. standards development organizations and other 
stakeholders to develop, prototype, and evaluate a harmonization 
process for achieving a widely accepted and useful set of health IT 
inter-operability standards. NIST staff will work with the HITSP during 
the standards harmonization process.
            Compliance Certification Process: $2,700,000 total over 
                    three years
    HHS awarded a contract to a non-profit organization, the 
Certification Commission for Health Information Technology (CCHIT) to 
develop criteria and evaluation processes for certifying EHRs and the 
infrastructure or network components through which they inter-operate. 
More than 200 EHR products are on the market, but there are no criteria 
for prospective buyers to objectively evaluate them. This hinders 
informed purchasing decisions and further discourages the widespread 
adoption of health IT systems. CCHIT submitted recommendations to HHS 
for ambulatory EHR certification criteria in December 2005, and 
developed an evaluation process for ambulatory health records in 
January 2006. The CCHIT is currently developing pilots for these 
projects. A cross disciplinary team of NIST researchers serves as a 
technical advisory committee to support the CCHIT. An optional 
extension to continue refinement and assessment of the processes during 
a fourth year will be up for consideration as the base period is 
completed.
            Privacy and Security Solutions: $11,500,000 total for 18 
                    months
    Regulations promulgated pursuant to the Health Insurance 
Portability and Accountability Act (HIPAA) established baseline health 
care privacy requirements for protected health information and 
established security requirements for electronic protected health 
information. Many states have adopted policies that go beyond HIPAA. In 
addition, the manner in which hospitals, physicians and other health 
care organizations implement required security and privacy policies 
varies and is tailored to meet their individual organizations' needs. 
These variations in policies present challenges for widespread 
electronic health information exchange, due to the lack of common 
standards.
    HHS awarded a contract to the Research Triangle Institute 
International (RTI), a private, nonprofit corporation to oversee the 
Health Information Security and Privacy Collaboration (HISPC). HISPC is 
a new partnership consisting of a multi-disciplinary team of experts 
and the National Governors Association. The HISPC will develop plans to 
harmonize the variations in business policies and state laws that 
affect privacy and security practices. NIST will provide expertise to 
help ensure that the systems being developed are secure and address 
privacy.
            Nationwide Health Information Network: $18,600,000 total 
                    for one year
    HHS awarded contracts to four groups of health care and health IT 
organizations to develop pilot projects for secure information sharing 
in a nationwide health IT system. The four consortia are led by 
Accenture, Computer Science Corporation, IBM, and Northrop Grumman. 
NIST will create an architecture management system to serve as a 
repository for the content of the four prototypes being proposed.

Health IT Adoption Initiative
    The National Coordinator's Office is partnering with the George 
Washington University and Massachusetts General Hospital/Harvard 
Institute for Health Policy through a contract on the Health IT (HIT) 
Adoption Initiative. The new initiative is aimed at better 
characterizing and measuring the state of EHR adoption and determining 
the effectiveness of policies aimed at accelerating adoption of EHRs 
and inter-operability. These institutions will examine the current 
state of metrics for assessing EHR adoption measurement and make 
publicly available the gaps in adoption measurement data and the 
currently known gaps in actual adoption. The HIT Adoption Initiative 
will provide not only a baseline measurement on EHR adoption rates but 
also a quantifiable method for measuring the anticipated increased 
uptake of health IT. Beginning in the fall of 2006, an annual report 
will synthesize multiple surveys using the methodologies developed 
under the HIT Adoption Initiative, and ultimately provide metrics with 
which to assess the progress of the entire program.

American Health Information Community
    The April 2004 Executive Order called on the National Coordinator 
to coordinate outreach and consultation by the relevant branch agencies 
(including federal commissions) with public and private parties of 
interest, including consumers, providers, payers, and administrators. 
As part of this collaboration, Secretary Leavitt created the American 
Health Information Community (AHIC) on September 13, 2005. The AHIC 
provides input and recommendations to HHS on how to make health records 
digital and inter-operable, and assure that the privacy and security of 
those records are protected, in a smooth, market-led way. Membership 
includes officials from HHS and its component agencies, and other 
federal agencies, including the Department of Veterans Affairs, Office 
of Personnel Management, Department of Commerce, Department of 
Treasury, and the Department of Defense. Other members include 
physicians, health care providers, a patient advocate, payers, 
purchasers, public health experts and business officials. The AHIC was 
chartered for two years with the option to renew, and will have a 
duration of no more than five years. A list of Community members can be 
found at: www.hhs.gov/healthit/ahic.html

State of Washington Initiatives:

    The State of Washington has recently implemented a Health 
Information Technology and Electronic Medical Records Initiative. The 
initiative will develop a strategy for the adoption and use of 
electronic medical records and health information technologies.
    The Washington State Health Care Authority (HCA), together with the 
Health Information Infrastructure Advisory Board (HIIAB), will develop 
the health information and technology strategy. In addition to the 
HIIAB, the HCA is also creating a Health Information Infrastructure 
Stakeholder Advisory Committee (HIISAC) that will provide feedback and 
input to the HIIAB. Unlike the HIIAB, the HIISAC will represent a broad 
variety of stakeholder groups such as consumers, clinicians, business, 
payers of health care, employers, and health care organizations 
(hospitals, carriers, long-term care facilities).

State of Oregon Initiatives:

    The Oregon Health Policy Research (OHPR) office has been working 
closely with key health care experts and stakeholders around the state 
on electronic health records and data connectivity issues through its 
staffing of the Oregon's Health Policy Commission (OHPC). The OHPC is 
directed by statute to develop and oversee health policy and planning 
for the state and includes key health leaders from both the private 
sector and the State legislature. The Commission's recent Subcommittee 
on Electronic Health Records and Data Connectivity, developed key 
recommendations to move the state's health information technology 
agenda forward. The Oregon Healthcare Quality Corporation (QCorp) acts 
as a non-profit private sector partner with the OHPR.
    QCorp has worked in partnership on a number of state initiatives 
for health IT including the Oregon Chronic Disease Data Clearinghouse. 
The Clearinghouse merged data from 11 health plans on 150,000 patients 
with asthma and diabetes for use in developing reports for physician 
practices. On a 10-point rating scale, clinicians and practice managers 
rated the value of the merged, single source and format reports from 
the Clearinghouse as 8.4 (highly favorable) compared to 1.4 (highly 
unfavorable) for the traditional approach with multiple report sources 
and formats. QCorp also works on the Electronic Health Record 
Inventory. An important part of this work is assessing the current 
state of EHR adoption. In addition, QCorp is currently working with the 
Oregon Business Council EHR Leadership Team to develop next steps for 
health data exchange.

Witness Questions:

    The witnesses were asked to answer the following questions in their 
testimony.
Dr. William Jeffrey, Director of NIST

        1.  What are the most significant standards-related barriers to 
        the widespread adoption of information technology within the 
        health care industry?

        2.  What is NIST's role in removing these barriers and what is 
        the expected time line for the completion of these activities?

        3.  How is NIST working with the health-care industry, 
        information technology companies, federal agencies, states and 
        other stakeholders to facilitate this process?

        4.  What role will NIST play in the HHS National Health 
        Information Infrastructure? What responsibilities has HHS 
        assigned NIST?

Dr. Jody Pettit, Project Chair, Oregon Health Care Quality Corp.

        1.  What role or potential role does health information 
        technology play in improving the delivery of health care in 
        Oregon?

        2.  What role does the Oregon Health Care Quality Corporation 
        play in this process?

        3.  What incentives and barriers exist to the adoption of 
        information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What has 
        been the experience of the State of Oregon in this regard?

        4.  What specific measures can the Federal or State governments 
        take to encourage broader adoption of health information 
        technology?

Mr. Luis Machuca, President and CEO of Kryptiq Corp.

        1.  What role or potential role does health information 
        technology play in improving the delivery of health care in 
        Oregon?

        2.  What benefits have been realized or are expected from the 
        widespread adoption of information technology in the health 
        care industry?

        3.  What incentives and barriers exist to the adoption of 
        information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What has 
        been Kryptiq's experience with these incentives and barriers?

        4.  To what extent have the Department of Health and Human 
        Services and NIST reached out to businesses like yours in its 
        effort to develop a national strategy on Health IT?

        5.  What specific measures can the Federal or State governments 
        take to encourage broader adoption of health information 
        technology?

Dr. Homer Chin, Medical Director for Clinical Information Systems, 
        Kaiser Permanente Northwest

        1.  How does Kaiser Permanente use health care-specific 
        information technology? What benefits has Kaiser Permanente 
        realized so far? What future benefits are expected from the 
        further adoption of this kind of technology?

        2.  What incentives and barriers exist to the broader adoption 
        of information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What was 
        Kaiser Permanente's experience with these incentives and 
        barriers?

        3.  How does Kaiser Permanente differ from other non-HMO 
        providers? Do these differences affect the incentives for 
        adoption of health care IT?

        4.  To what extent have the Department of Health and Human 
        Services and NIST reached out to businesses like yours in its 
        effort to develop a national strategy on Health IT?

        5.  What specific measures can the Federal or State governments 
        take to encourage broader adoption of health information 
        technology?

Mr. Prem Urali, President and CEO of HealthUnity Corp.

        1.  What role or potential role does health information 
        technology play in improving the delivery of health care in 
        Washington?

        2.  What benefits have been realized or are expected from the 
        widespread adoption of information technology in the health 
        care industry?

        3.  What incentives and barriers exist to the adoption of 
        information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What has 
        been HealthUnity's experience with these incentives and 
        barriers?

        4.  To what extent have the Department of Health and Human 
        Services and NIST reached out to businesses like yours in its 
        effort to develop a national strategy on Health IT?

        5.  What specific measures could the Federal or State 
        governments take to encourage broader adoption of health 
        information technology?

Ms. Diane Cecchettini, RN, President and CEO of MultiCare Health System

        1.  How does MultiCare use health care-specific information 
        technology? What benefits has MultiCare realized from adoption 
        of health IT? What future benefits are expected from the 
        further adoption of this kind of technology?

        2.  What incentives and barriers exist to the broader adoption 
        of information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What has 
        been MultiCare's experience with these incentives and barriers?

        3.  To what extent have the Department of Health and Human 
        Services and NIST reached out to businesses like yours in its 
        effort to develop a national strategy on Health IT?

        4.  What specific measures can the Federal or State governments 
        take to encourage broader adoption of health information 
        technology?

Mr. John Jay Kenagy, Chief Information Officer, Oregon Health & Science 
        University (OHSU)

        1.  How does Oregon Health and Science University (OHSU) use 
        health care-specific information technology? What benefits has 
        OHSU realized so far? What future benefits are expected from 
        this kind of technology?

        2.  What incentives and barriers exist to the broader adoption 
        of information technology in the health care industry, and are 
        these financial, technical, or of some other nature? What has 
        been OHSU's experience with these incentives and barriers?

        3.  To what extent have the Department of Health and Human 
        Services and NIST reached out to institutions like yours in its 
        effort to develop a national strategy on Health IT?

        4.  What specific measures can the Federal or State governments 
        take to help the broader adoption of health information 
        technology?
    Mr. Reichert. Well, good afternoon. It's a pleasure to be 
here. Someone asked me, earlier if I had--if this is my first 
time to Portland, and it's not. I went to college here in 
Portland, at Concordia University, so I've been here a little 
while. It's nice to be back again.
    This hearing will now come to order. Good afternoon and 
welcome to today's hearing entitled ``Health Care Information 
Technology: What Are the Opportunities For and Barriers to 
Inter-operable Health Information Technology Systems?''
    Today we are here to discuss the potential benefits of IT 
to health care providers and consumers, the impact of IT on 
health care costs and quality, and the major challenges to the 
widespread use of IT in the health care industry. We will learn 
about federal, State, and private sector efforts to promote 
electronic systems that enable health care providers to access 
patient data from any location.
    Information technology has profoundly changed the way we 
live and work. Computers are everywhere, and we increasingly 
expect their convenience to touch on every aspect of our daily 
lives. However, go into a doctor's office and in most cases, 
the records of that visit, the prescriptions that are written, 
and referrals to specialists will all be made on paper. Many 
health experts tout the benefits of converting to electronic 
records for billing, referrals, and prescriptions. Experts 
claim that not only would it be cheaper in the long run and 
more convenient, but the conversion to electronic records will 
also enable doctors to share patient data more easily, which 
would make for better diagnosis and treatment, prevent deaths 
from drug interactions and allergic reactions, and help public 
health agencies track diseases in populations.
    In addition to serving on the Science Committee, I also 
chair the Subcommittee of Emergency Preparedness Science and 
Technology. And this is under the Homeland Security Committee. 
During one of our recent hearings we held on pandemic flu, we 
heard testimony on the real-world benefits of IT in the health 
sector. One of the best ways to slow the spread of pandemic is 
to quickly identify health trends in an area. Health IT enables 
us to do that. We must recognize that we are incapable of 
storing, moving, and accessing information in times of crisis.
    Health IT would have been beneficial in the aftermath of 
Hurricane Katrina as well, while a lack of electronic patients' 
medical records contributed to the difficulties and delays in 
the medical treatment of evacuees.
    There are many challenges to the widespread adoption of 
electronic health records and linking health care providers to 
computers to exchange information. These systems are often very 
expensive and complicated to implement. Standards are needed to 
allow different systems to talk to each other. There are 
serious security and privacy concerns associated with putting 
sensitive patient data on computers. Experts must consider 
these and other factors when thinking about the use of IT in 
health care.
    I want to thank Congressman David Wu, the Ranking Member of 
the Subcommittee on Environment, Technology, and Standards, for 
suggesting this topic for discussion this afternoon, which is a 
matter of great interest to myself and my constituents, and I'm 
sure it is to Mr. Wu's as well. I also want to thank our 
witnesses today who have taken time out of their busy schedule. 
I look forward to learning more from our witnesses from the 
region and what they are doing to help with health care in the 
Pacific Northwest to become more IT enabled and how the lessons 
learned can be applied nationwide. The Chair now recognizes Mr. 
Wu.
    [The prepared statement of Mr. Reichert follows:]
         Prepared Statement of Representative David G. Reichert
    Good afternoon. Welcome to today's hearing entitled ``Health Care 
Information Technology: What Are the Opportunities For and Barriers to 
Inter-operable Health Information Technology Systems?''
    Today we are here to discuss:

          the potential benefits of IT to health care providers 
        and consumers,

          the impact of IT on health care costs and quality, 
        and

          the major challenges to the widespread use of IT in 
        the health care industry.

    We will learn about federal, State and private-sector efforts to 
promote electronic systems that enable health care providers to access 
patient data from any location.
    Information technology has profoundly changed the way we live and 
work. Computers are everywhere, and we increasingly expect their 
conveniences to touch on every aspect of our daily lives. However, go 
into a doctor's office and in most cases, the records of that visit, 
the prescriptions that are written and referrals to specialists will 
all be made on paper. Many health experts tout the benefits of 
converting to electronic records for billing, referrals and 
prescriptions. Experts claim that not only would it be cheaper in the 
long run and more convenient, but the conversion to electronic records 
would also enable doctors to share patient data more easily, which 
would make for better diagnosis and treatment, prevent deaths from drug 
interactions and allergic reactions, and help public health agencies 
track diseases in populations.
    In addition to serving on the Science Committee, I also Chair the 
Subcommittee on Emergency Preparedness under Homeland Security. During 
one of our recent hearings we held on the Pandemic Flu, we heard 
testimony on the real world benefits of IT in the health sector. One of 
the best ways to slow the spread of a pandemic is to quickly identify 
health trends in an area. Health IT enables us to do that. We must 
recognize that we are incapable of storing, moving and accessing 
information in times of crisis. Health IT would have been beneficial in 
the aftermath of Hurricane Katrina as well, when a lack of electronic 
patient medical records contributed to difficulties and delays in the 
medical treatment of evacuees.
    There are many challenges to the widespread adoption of electronic 
health records and linking health care providers' computers to exchange 
information. These systems are often very expensive and complicated to 
implement. Standards are needed to allow different systems to ``talk'' 
to each other. There are serious security and privacy concerns 
associated with putting sensitive patient data on computers. Experts 
must consider these and other factors when thinking about the use of IT 
in health care.
    I want to thank Congressman David Wu, the Ranking Member on the 
Subcommittee on Environment, Technology, and Standards, for suggesting 
the topic for this hearing, which is a matter of great interest to 
myself and my constituents, as I am sure it is to Mr. Wu's. I also want 
to thank our witnesses, who have taken time out of their busy schedules 
to testify before us today. I look forward to learning more about what 
our witnesses from the region are doing to help health care in the 
Pacific Northwest become more IT-enabled, and how the lessons learned 
here can be applied nationwide.

    Mr. Wu. Thank you very much, Mr. Chairman.
    I want to welcome everyone to this afternoon's hearing, and 
I would like to begin by thanking Representative Reichert for 
traveling from the Puget Sound area to take part in this 
hearing. I also want to thank Dr. Bill Jeffrey, the Director of 
the National Institute of Standards and Technology, for 
traveling from Washington, D.C., out of a snowstorm, to take 
part in this hearing as well.
    Health care costs and efficiency have become the issue of 
the moment and will be the issue of tomorrow. The most recent 
report by the Centers for Medicare and Medicaid Services 
predicts that health care costs could consume close to 20 
percent of our GDP within ten years. There's general agreement 
that increased utilization of information technology in the 
health care industry may save billions of dollars in costs and 
save thousands of lives each year. It will certainly improve 
the patient experience and provide a better work environment 
for health care providers.
    This hearing is a follow-up to a round table discussion 
that I held in August of 2005. Before that round table, the 
solution seemed obvious: To get all patient information out of 
paper files and onto electronic databases that can be connected 
with each other; in this way, our health care providers can 
access all the information that they need to help any given 
patient, at any time, in any place. In other words, we would 
create an inter-operable system of doctors, hospitals, 
laboratories, pharmacies, and insurers.
    If I can use any ATM in almost any place in the world, and 
international financial markets operate seamlessly and 
transparently--well, much of the time--why must I fill out a 
patient information form every time I am referred to a medical 
specialist?
    The initial round table we held last August made me aware 
of not only the technical barriers but also the system and 
financial barriers to the widespread adoption of IT in the 
health care industry. Today's field hearing will focus on the 
technical barriers to developing a comprehensive health care IT 
system. Technical standards are critical not only to issues of 
inter-operability of systems, but also to the privacy and 
security of electronic health records.
    I hope our witnesses will identify some of the stumbling 
blocks to the development of the required standards and make 
recommendations on how we can best move forward together. We 
need technical standards to create a functional IT network; 
however, in order to reap the benefits of a comprehensive 
health care IT network, it must fully--it must be fully 
utilized in all health care settings.
    There is agreement that IT use lags in the health care 
industry, with only 10 percent of hospitals and five percent of 
doctors using IT effectively. Anecdotally, the health care 
industry apparently has the same percentage of gross revenues 
devoted to IT as the mining industry, and these two industries 
are at the lowest level of investment in IT.
    We need to understand these nontechnical barriers to the 
adoption of IT by our health care industry. And I hope that our 
witnesses will address factors such as capital costs, training 
and education of medical personnel, reimbursement structure, 
patient confidence and confidentiality, in their testimony. If 
we want to be successful in our efforts, we need to address 
these issues early on in the process.
    Many of you will be wondering about the Science Committee's 
involvement in health care IT issues. The Science Committee in 
the mid-1990s held hearings on the technical aspects 
surrounding the security and privacy issues of the Health Care 
Insurance Portability and Accountability Act, which you all--
which everyone knows as HIPAA. As a result of those hearings, 
the National Institute of Standards and Technology, NIST, 
assisted HHS in the development of some of those regulations, 
which many of you came to discuss with me in my offices prior 
to their implementation.
    I was pleased that HHS turned to the NIST early on in the 
development of the President's health information technology 
plan. NIST has a long history of working with the private 
sector in the development of standards for the IT industry as 
well as many other industries.
    In the Pacific Northwest, we have a group of experts who 
have been working on these health care IT issues, and just a 
few of them are represented by the panelists here today. I 
intend to profit from their experience and knowledge as federal 
efforts move forward. I want to thank all of the witnesses for 
taking time from their busy schedules to appear before us. We 
value your expertise and we are looking forward to your 
guidance.
    Mr. Chairman.
    Mr. Reichert. Thank you, Mr. Wu.
    At this time, I'd like to introduce our witnesses. The 
first is Dr. William Jeffrey; he's the Director of the National 
Institute of Standards and Technology, also known as NIST. 
Second, Ms. Diane Cecchettini is the President and CEO of 
MultiCare Health System, headquartered in Tacoma, Washington. 
And third, Mr. Prem Urali is the President and CEO of 
HealthUnity Corporation, headquartered in Bellevue, Washington.
    And for the purpose of introductions, the Chair yields to 
the Ranking Member, Mr. Wu.
    Mr. Wu. Thank you.
    Dr. Jody Pettit is Project Chair at the Portland Health 
Care Quality Corporation, based in Portland, Oregon.
    Luis Machuca is the President and CEO of Kryptiq 
Corporation, based in Hillsboro, Oregon.
    Dr. Homer Chin is the Medical Director for Clinical 
Information Systems at Kaiser Permanente Northwest. And I have 
to say that, as a Kaiser patient, I appreciate your hard work 
and the availability of that data.
    Mr. John Kenagy is the Chief Information Officer at Oregon 
Health and Science University, in Portland, Oregon.
    Mr. Chairman.
    Mr. Reichert. Thank you, Mr. Wu.
    As our witnesses should know, spoken testimony is limited 
to five minutes each; after which, the members of the science 
committee will have five minutes each, to ask questions.
    And we will start by hearing the testimony of Dr. Jeffrey.

STATEMENT OF MR. WILLIAM JEFFREY, DIRECTOR, NATIONAL INSTITUTE 
                  OF STANDARDS AND TECHNOLOGY

    Dr. Jeffrey. Thank you very much, Representative Reichert 
and Representative Wu. I'm very pleased to be here today to 
take part in this important hearing. And I'm also very pleased 
to be in Portland, which is the first time I've been here, and 
I'm very impressed with what I've seen.
    With your permission, I ask that my full statement be put 
in the record so that I can summarize it in the short time 
frame.
    Mr. Reichert. Without objection.
    Dr. Jeffrey. Americans expect the world's best health care, 
and whereas our current health care system is second to none, 
we can make it even better. Today Americans spend an increasing 
share of their income on health care. In fact, when I was born, 
in 1960, the U.S. spent five percent of its GDP on health care; 
and as Representative Wu said, that is supposed to go up to--
it's estimated to go up to 20 percent by the year 2015.
    In addition to increase in costs, there are indications 
that lack of information or confusing information reduces the 
quality of care. The Institute of Medicine estimated about five 
years ago that between 44,000 and 98,000 Americans die each 
year from inpatient medical errors. The Agency for Health Care 
Quality and Research estimates more than 770,000 people are 
injured or die each year in hospitals from adverse drug 
effects; and a significant cost is borne for treatments and 
tests that may not improve health, may be redundant, or may be 
inappropriate.
    Health care is a critical issue facing the Nation, 
impacting our economic security and quality of life. In the 
most recent State of the Union Address, President Bush proposed 
a comprehensive agenda to make health care in America more 
affordable, portable, transparent, and efficient. The portion 
of the President's plan that I'll touch upon today is the 
incorporation of IT into routine health care, with the goal of 
lower costs, fewer medical errors, and improved quality.
    In 2004, the President launched an initiative to make 
electronic health records available to most Americans within 
the next ten years, and for the development of a nationwide 
health information network to connect patients, practitioners, 
and caregivers.
    So how might this work? Let's say, hypothetically, that a 
visitor from Washington, D.C., ends up getting sick and going 
to the emergency room in Portland. Well, the patient's 
electronic health record can be accessed by the ER physician, 
removing the burden from the patient of having to accurately 
remember his or her entire medical history. Vital signs are 
monitored, tests run, and the results added to the electronic 
record. The data is transferred to a consulting physician, who 
orders a battery of tests. Several of these tests may have 
already been conducted, and so the data is called up rather 
than repeating the tests, which could be costly or 
uncomfortable for the patient. Medication may be suggested; but 
before ordered, the medication is checked against the patient's 
known allergies and other known medications, to avoid the 
adverse reactions. The prescription is then electronically sent 
to a nursing station, avoiding the risk--if there's any nurses 
here--of deciphering the doctor's handwriting. And all of this 
information is securely sent to the hometown physician for 
follow-up care.
    So in this kind of vision, IT can clearly add to the 
quality of the patient's life, can save money and potentially 
save time in the diagnosis. So the administration is taking 
steps toward making this vision, including establishing the 
position of the National Coordinator for Health Information 
Technology and providing funds for projects harmonizing 
standards for electronic information exchange, developing 
certification criteria to ensure health IT investments meet 
proper standards, addressing privacy and security issues, and 
developing models for a nationwide Internet-based health 
information system. And through the American Health Information 
Community, the administration and the private sector are 
working together to provide input and make recommendations to 
HHS, Health and Human Services, on how to make health records 
digital and inter-operable and to ensure that the privacy and 
security of the records are protected.
    While the Department of Health and Human Services naturally 
takes the lead in this initiative, it's clear that in this 
area, as the President put it, step 1 is to set the standards. 
NIST has a long and effective history of working with health 
related standards organizations to improve our nation's health 
care system. Because of these collaborations, NIST and HHS 
signed an interagency agreement in September of 2005 for us to 
support the office of the National Coordinator for Health IT 
office, known as ONC.
    Since signing of that agreement, NIST has been 
collaborating with the ONC in standards harmonization, 
conformity assessment, developing the architectural management 
system for the health information network, and privacy and 
security.
    As you know, the efforts to develop a nationwide health IT 
infrastructure is highly complex, with dozens of players. We 
are therefore actively involved with the key health IT 
standards, including ANSI, ASTM, IEEE, the American Telemedics 
Association, Health Level 7, and scores of others. Because 
there are so many different relevant standards in existence and 
under development, we're collaborating with the community to 
develop and demonstrate a prototype health care standards 
landscape.
    The landscape, as we call it, is a Web based repository of 
information on health care standards and resources that can 
assist in the development, implementation, and hopefully the 
adoption of standards by the stakeholders. In addition to the 
standards, we're helping to address conformity assessment. 
Conformity assessment activities form a vital link between 
standards and the performance of the products themselves. NIST 
is collaborating with the ONC to enable performance testing, to 
provide assurances that health care information technology 
products deliver the functionality necessary for inter-
operability. This activity is important, because there are more 
than 200 electronic health record products on the market, that 
criteria exists for objectively evaluating product 
capabilities.
    The challenges are great but they're not insurmountable. 
Working closely with the Office of the National Coordinator of 
Health IT, NIST is happy to play our part in realizing the 
President's vision. As he said two years ago, at the outset, by 
introducing information technology, health care will be better, 
the cost will go down, and the quality will go up.
    Thank you, and I'd be happy to answer any questions.
    Mr. Reichert. Thank you, Dr. Jeffrey.
    [The prepared statement of Dr. Jeffrey follows:]
                 Prepared Statement of William Jeffrey

Introduction

    Representative Wu and Representative Reichert, I am William 
Jeffrey, Director of the National Institute of Standards and Technology 
(NIST), part of the Technology Administration of the Department of 
Commerce. I am pleased to be offered the opportunity to add to this 
discussion regarding health information technology.
    I will focus my testimony on NIST's role in meeting the challenges 
we are facing as we incorporate advances in information technology to 
the health care enterprise, critical to improving values in the 
Nation's health care spending, now over 16 percent of the GDP.\1\
---------------------------------------------------------------------------
    \1\ Smith, Cynthia, Cathy Cowan, Stephen Heffler, Aaron Caitlin and 
the National Health Accounts Team, National Health Spending in 2004: 
Recent Slowdown Led By Prescription Drug Spending. 25 HEALTH AFFAIRS 
186 January/February 2006.
---------------------------------------------------------------------------
    Our nation enjoys the best medical care and the brightest medical 
personnel in the world. Nonetheless, the enterprise is fraught with 
poor coordination, inefficiencies in administration, and avoidable 
medical errors. Studies suggest that between 44,000 and 98,000 
Americans die each year from inpatient medical errors;\2\ more than 
770,000 people are injured or die each year in hospitals from adverse 
drug events, which may cost up to $5.6 million each year per hospital 
depending on hospital size;\3\ and a significant annual expenditure on 
treatments that may not improve health, may be redundant, or may be 
inappropriate.
---------------------------------------------------------------------------
    \2\ Kohn, L.T., J. Corrigan, and M.S. Donaldson. To Err Is Human: 
Building a Safer Health System. National Academy Press: Washington, 
D.C., 2000.
    \3\ Agency for Healthcare Quality and Research, http://
www.ahrq.gov/qual/aderia/aderia.htm.
---------------------------------------------------------------------------
    Today, we have new technological opportunities to address these 
problems. The President's Health Information Technology Plan, with the 
ultimate mandate of making our country's premier health care system 
safer, more affordable, and more accessible through the utilization of 
information technology (IT), is designed to overcome all of these 
trends, which are closely related to failure to adequately develop and 
adopt information technology for the health care system. In particular, 
the President has called for ensuring that most Americans have 
electronic health records within the next ten years and for the 
development of an Internet-based Nationwide Health Information Network 
to connect patients, practitioners, and payers. These initiatives will 
reduce redundancies and save administrative time, and could greatly 
improve patient safety and quality of care.
    When the President's vision is realized:

          consumers will have their choice of providers and 
        will be able to move seamlessly between practitioners without 
        loss of information;

          clinicians will have information needed when and 
        where it is needed, that is, at the point of care;

          payers will benefit through the economic efficiencies 
        of fewer errors and less redundant testing; and

          public health officials will benefit from more 
        efficient and effective reporting, surveillance, and quality 
        monitoring.

    To meet these goals, the Office of the National Coordinator for 
Health Information Technology (ONC) was created in the Department of 
Health and Human Services in response to Executive Order 13335, April 
27, 2004. I am pleased that NIST has the opportunity to assist ONC 
realize this vision. NIST is contributing through NIST laboratory 
activities in measurement and consensus based standards and by direct 
collaboration with ONC.
    Standards and measurements go directly to the heart of NIST's core 
mission. In fiscal year 2005, NIST health related projects encompassed 
many areas of the health care sector, including screening and 
prevention, diagnostics, treatments, dentistry, quality assurance, 
bioimaging, systems biology, and clinical informatics. Also, NIST has a 
long and effective history in working with health-related organizations 
to improve our nation's health care system. Building on those 
collaborations, NIST and HHS signed an interagency agreement in 
September 2005 to support ONC in realizing the President's health IT 
goals. Since the signing of the interagency agreement, NIST has been 
providing technical expertise to the ONC in areas such as standards 
harmonization, developing procedures for certifying conformance, 
developing performance and conformance metrics, developing the 
architecture management system for the nationwide health information 
network.

NIST Laboratory Activities in Health IT

    NIST works with industry, government, and academia to establish 
consensus-based standards, develop associated test metrics to ensure 
that devices perform according to the defined standards, and establish 
comprehensive certification capabilities for the IT industry. NIST has 
for many years focused on developing metrics for the information 
technology industry. We develop tests and diagnostic tools for building 
robust and inter-operable systems. Applying such tools early in the 
life cycle process helps industry determine whether its products 
conform to the standard, and ultimately, will inter-operate with other 
products. In addition, the development and use of these metrology tools 
fosters thorough review of the standards, which will, in turn, aid in 
resolving errors and ambiguities.

a.) Standards Harmonization

    In accordance with the National Technology Transfer and Advancement 
Act of 1995 (Public Law 104-113) and Administration policies, NIST 
supports the development of voluntary industry standards both 
nationally and internationally as the preferred source of standards to 
be used by the Federal Government. NIST collaborates with national and 
international standards committees, users, industry groups, consortia, 
and research and trade organizations, to get needed standards 
developed.
    As a matter of policy, NIST encourages and supports participation 
of researchers in standards developing activities related to the 
mission of the Institute. More than a quarter of NIST's technical 
staff--381 employees--participate in standards developing activities of 
97 organizations. These include U.S. private sector standardization 
bodies, industry consortia, and international organizations. NIST staff 
members hold 1,328 committee memberships and chair 161 standards 
committees.
    NIST is helping ONC in establishing the Health Information 
Technology Standards Panel. Supported by an ONC contract with the 
American National Standards Institute (ANSI), the Panel is working to 
harmonize standards in the health IT arena, the NIST staff also 
participates in the following key IT standards-related efforts:

          American National Standards Institute (ANSI) 
        Healthcare Information Technology Standards Panel (HITSP)

          ASTM International--Operating Room of the Future

          American Telemedicine Association (ATA)

          Federal Health Architecture/Consolidated Health 
        Informatics (FHA/CHI)

          Medical Device Communications, Wireless Networks of 
        the Institute of Electrical and Electronics Engineers (IEEE)

          Healthcare Information and Management Systems 
        Society/Integrating the Healthcare Enterprise (HIMSS/IHE)

          Health Level 7 (HL7)

b)  Performance and Conformance Metrics for Health Information 
                    Technology

    NIST works with industry to establish credible, cost-effective 
metrics to demonstrate software inter-operability and conformance to 
particular standards. These metrics often form the basis or criteria 
upon which certifications are based. Typical NIST metrics include 
models, simulations, reference implementations, test suites, and 
testbeds.
    Specific activities in support of health information technology 
include:

         Electronic Health Records (EHR): Having access to complete 
        patient health information is critical to improving clinical 
        care and reducing medical errors and costs of care. The EHR is 
        a longitudinal collection of patient-centric, health care 
        information, available across providers, care settings, and 
        time. It is a central component of an integrated health 
        information system. NIST is collaborating with organizations in 
        both the public and private sectors in achieving the benefits 
        of EHRs and overcoming the barriers to their acquisition and 
        use. In particular, NIST leads the effort in HU to define 
        conformance and develop conformance criteria for EHR systems. 
        NIST authored the conformance chapter of the draft standard for 
        trial use and developed guidance (a How to Guide) for writing 
        conformance criteria, thus teaching the community how to do 
        this for themselves. The EHR conformance criteria and those 
        being developed by the Certification Commission for Health 
        Information Technology (CCHIT) form the basis for HER 
        certification efforts.

         HIMSS/IHE: A key problem today in the realization of 
        Electronic Health Records for the patient's continuity of care 
        is the inability to share patient records across disparate 
        enterprises. To address this problem, NIST is collaborating 
        with industry to develop standardized approaches to sharing 
        electronic clinical documents across health care organizations 
        and providers. NIST staff have built reference implementations 
        and developed validation tools to demonstrate the feasibility 
        and correctness of implementations, and worked with 
        implementers to create integrated solutions based on these 
        approaches. In particular, NIST is collaborating with the 
        `Integrating the Healthcare Enterprise' (IHE) project sponsored 
        by the Radiological Society of North America, Healthcare 
        Information and Management Systems Society (HIMSS) and the 
        American College of Cardiology. The goal is to develop an 
        approach called Cross-Enterprise Document Sharing (XDS). This 
        standards-based approach provides a mechanism to access a 
        patient's multi-faceted clinical information, regardless of 
        where it is physically located, while maintaining local control 
        and ownership of that information and without compromising the 
        privacy and security of the patient's health information.

         HL7 Messaging Standards: Health Level 7 is a standards 
        development organization that provides standards for the 
        exchange, management, and integration of data that support 
        clinical patient care and the management, delivery, and 
        evaluation of health care services. NIST is collaborating with 
        HL7 to improve current and future deployment of HL7 and to 
        achieve health care information systems inter-operability and 
        sharing of electronic health information. To achieve this goal, 
        NIST leads the effort to ensure that HL7 conformance can be 
        defined and measured at appropriate levels, by: 1) defining 
        conformance for standards and ensuring that requirements are 
        precise and testable; and 2) building tools that will promote 
        consistent definitions and use of messages. Additionally, NIST 
        is developing a conformance-testing tool that automatically 
        generates test messages for HL7 Version 2 message 
        specifications.

         Medical Device Information: In a typical intensive care unit 
        (ICU), a patient may be connected to one or more vital-sign 
        monitors and receive medicine or other fluids through multiple 
        infusion pumps. Devices such as ventilators, defibrillators, or 
        hemodialysis machines may also support more acutely ill 
        patients. Each of these medical devices has the ability to 
        capture data. NIST is collaborating with the Institute of 
        Electrical and Electronics Engineers (IEEE) Medical Device 
        Communications work group and the IHE Patient Care Device 
        project, sponsored by IHE and the American College of Clinical 
        Engineering to develop conformance tests and associated tools 
        that facilitate the development and adoption of standards for 
        communicating medical device data throughout the health care 
        enterprise as well as integrating it into the electronic health 
        record.

         Operating Room of the Future: It is estimated that 10-20 
        percent of hospital errors occur in the perioperative 
        environment (before, during, and after surgery). Technology can 
        play a major role in increasing the overall patient safety in 
        such situations through the development of the operating room 
        of the future (ORF). The ORF will consist of a network of 
        inter-operable plug and play medical devices, where the 
        utilization of advanced technologies, such as robot-assisted 
        surgery, sensor fusion, virtual reality, workflow integration, 
        and surgical informatics, will result in a higher quality of 
        health care by considerably increasing patient safety. NIST is 
        working with the Center for the Integration of Medicine and 
        Information Technology (CIMIT) in the development of an 
        architectural framework for medical device integration, 
        development of clinical requirements for device plug-and-play 
        standards, identification of current interfaces, and 
        development, testing, and simulation of interfaces.

         Clinical Informatics: Building on past experience in 
        information modeling and research to support interchange 
        standards for the manufacturing industry, NIST has prepared a 
        comprehensive report of all clinical information-oriented 
        standards, their development organizations, their scope, and 
        the vocabularies/ontologies they employ.\4\ NIST will use the 
        report as the basis for developing a plan for applying NIST's 
        experience to assist in clinical information-oriented standards 
        development and closer harmonization.
---------------------------------------------------------------------------
    \4\ Bock, C., L. Carnahan, S. Fenves, M. Gruninger, V. Kashyap, B. 
Lide, J. Nell, R. Raman, R. Sriram. Healthcare Strategic Focus Area: 
Clinical Informatics. National Institute of Standards and Technology: 
NISTIR 7263, 2005.

         WPAN's for Health Information: NIST is assisting industry in 
        the development of a universal and inter-operable wireless 
        interface for medical equipment, expediting the development of 
        standards for wireless technologies, and promoting their use in 
        the health care environment. In close collaboration with the 
        IEEE and the U.S. Food and Drug Administration, NIST developed 
        theoretical and simulation models for two candidate Wireless 
        Personal Area Network (WPAN) technologies including the 
        Bluetooth and the IEEE 802.15.4 specifications. NIST evaluated 
        their performance for several realistic health care scenarios 
        and contributed our results to the appropriate IEEE working 
        group. NIST contributions will constitute the basis of standard 
        requirements on the use of wireless communications for medical 
---------------------------------------------------------------------------
        devices.

c) Certification

    NIST has an established history of developing procedures for 
certifying conformance to consensus-based standards. Conformity 
assessment activities form a vital link between standards that define 
necessary characteristics or requirements for software products and the 
performance of the products themselves. Conformity assessment 
procedures provide a means of ensuring that the products, services, or 
systems produced or operated have the required characteristics, and 
that these characteristics are consistent from product to product, 
service to service, or system to system. Conformity assessment 
includes: sampling and testing; inspection; certification; management 
system assessment and registration; accreditation of the competence of 
those activities; and recognition of an accreditation program's 
capability. NIST has been in the certification business since its 
inception in 1901 and is well positioned to provide technical guidance 
in the development of a technical certification regimen, including 
specific certification metrics, software to perform comprehensive 
certification tests, and certification procedures.

d) Security

    For many years, NIST has made great contributions to help secure 
our nation's sensitive information and information systems. Our work 
has paralleled the evolution of IT systems, initially focused 
principally on mainframe computers, now encompassing today's wide gamut 
of information technology devices. Our important responsibilities were 
reaffirmed by Congress with passage of the Federal Information Security 
Management Act of 2002 (FISMA) and the Cyber Security Research and 
Development Act of 2002.
    Beyond our role to serve the Agencies under FISMA, our Federal 
Information Processing Standards (FIPS) and guidelines are often used 
voluntarily by U.S. industry, global industry, and foreign governments 
as sources of information and direction for securing information 
systems. Our research also contributes to securing the Nation's 
critical infrastructure systems. Moreover, NIST has an active role in 
both national and international standards organizations in promoting 
the interests of security and U.S. industry. Current areas that are 
applicable to a Nationwide Health Information Network (NHIN) include:

          Cryptographic Standards and Applications

          Security Testing

          Security Research/Emerging Technologies

    Recent activities specifically related to health IT include:

         Guidance for Understanding the HIPAA Security Rule: The 
        Security Rule issued under the Health Insurance Portability and 
        Accountability Act of 1996 (HIPAA) directs certain health care 
        entities, known as ``covered entities,'' to comply with 
        standards for keeping certain health information that is in 
        secure electronic form. NIST has published a document, An 
        Introductory Resource Guide for Implementing the HIPAA Security 
        Rule that summarizes and clarifies the HIPAA Security Rule 
        requirements for agencies that are covered entities. It also 
        directs readers to other NIST publications that can be useful 
        in implementing the Security Rule.

         Health Care Accreditation Guidance: NIST in conjunction with 
        URAC and the Workgroup of Electronic Data Interchange (WEDI) 
        sponsors the NIST/URAC/WEDI Health Care Security Workgroup. The 
        group promotes the implementation of a uniform approach to 
        security practices and assessments by developing white papers, 
        crosswalks (of regulations and standards), and educational 
        programs. The group brings together stakeholders from the 
        public and private sectors to facilitate communication and 
        consensus on best practices for information security in health 
        care. Ultimately, these best practices will be integrated into 
        accreditation criteria used by hospitals and other health care 
        facilities. The group draws heavily upon information technology 
        security standards and guidelines developed by NIST.

NIST Collaboration with the ONC

    NIST is committed to supporting the ONC in the implementation of 
the President's Health IT initiative. Even prior to the interagency 
agreement NIST and many other federal departments and agencies provided 
assistance to the ONC in serving on the review task force for responses 
to a Request for Information (RFI) on implementation of a nationwide 
health information network and in assisting with subsequent Request For 
Proposals (RFPs) issued by the ONC.
    Following are current areas of collaboration:

a.)  The American Health Information Community (The Community)

    HHS Secretary Leavitt has convened the American Health Information 
Community (the Community) to help advance efforts to reach President 
Bush's call for electronic health records and a nationwide health 
information network. The Community is a federal advisory committee and 
will provide input and recommendations to HHS on how to make health 
records digital and inter-operable, and to assure that the privacy and 
security of those records are protected, in a smooth, market-led way.
    The Community agreed to form workgroups in the following areas: 
biosurveillance, consumer empowerment, chronic care, and electronic 
health records. These workgroups will make recommendations to the 
Community that will produce concrete results that are tangible and 
offer specific value to the health care consumer that can be realized 
within a one-year period. NIST has formal representation on three of 
these groups.

b.) Standards Harmonization

    HHS has awarded a contract to the American National Standards 
Institute (ANSI), a non-profit organization that administers and 
coordinates the U.S. voluntary standardization activities, to convene 
the Healthcare Information Technology Standards Panel (HITSP). The 
HITSP will bring together U.S. standards development organizations 
(SDOs) and other stakeholders to develop, prototype, and evaluate a 
harmonization process for achieving a widely accepted and useful set of 
health IT standards that will support inter-operability among health 
care software applications, particularly EHRs. This activity is 
fundamental to the success of widespread inter-operability, the 
seamless and secure exchange of patient information electronically, and 
will overcome today's scenario of many standards for health information 
exchange, but with variations and gaps that hinder inter-operability 
and the widespread adoption of health IT.
    NIST, as with many other federal agencies, is a member of the 
Healthcare Information Technology Standards Panel. NIST is helping ONC 
in establishing the Health Information Technology Standards Panel. In 
addition, NIST is working with HHS to develop a strategy to promote 
voluntary consensus standards across both the private and public 
sectors. As part of this process towards standardization of health 
information, NIST will continue to work with the ONC's Office of Inter-
operability and Standards to develop appropriate implementation 
strategies for health care IT standards. This will include 
consideration of the development, when appropriate, of Federal 
Information Processing Standards and guidance to agencies through NIST 
Special Publications for adopted standards. This will help the 
government to achieve a greater level of inter-operability of health 
data.

c.)  Assist in the Development of Procedures for Certifying Conformance

    HHS has awarded a contract to the Certification Commission for 
Health Information Technology (CCHIT) to develop criteria and 
evaluation processes for certifying EHRs and the infrastructure or 
network components through which they inter-operate. CCHIT is a 
private, non-profit organization established to develop an efficient, 
credible, and sustainable mechanism for certifying health care 
information technology products. This initiative addresses the problem 
that there are more then 200 EHR products on the market, but no 
criteria exist for objectively evaluating product capabilities. 
Similarly, criteria are not available by which communication 
architectures can be standardized in a way to permit two different EHRs 
to communicate.
    A cross-disciplinary team of NIST researchers serves as a technical 
advisory committee to support the CCHIT in tasks including functional 
criteria and test methods, general test procedures, accreditation, 
security, selection of jurors, and statistical tests of juror bias. 
Additional areas for interaction are being defined as the collaboration 
continues. In addition, the EHR conformance criteria, developed under 
NIST leadership, form the basis for CCHIT's certification efforts.

d.)  Develop Performance and Conformance Metrics

    In a Nationwide Health Information Network, consumers, 
practitioners, researchers, and payers must have tools, systems, and 
information that are complete, correct, secure, and inter-operable. 
Compliance to specific standards and regulations is the key to the 
development and implementation of this network. In addition, there must 
be a way to determine that the standards and regulations have been 
fulfilled. This is accomplished through conformance testing, a 
procedure to provide a means to ensure that products, services, or 
systems produced or operated have the requisite characteristics, and 
that these characteristics are consistent from product to product, 
service to service, or system to system.
    NIST is collaborating with the ONC to help enable conformance 
testing to provide assurances that health care information technology 
products and infrastructure components deliver the functionality 
necessary for inter-operability. NIST will work to help the community 
understand the current state of conformance testing within health 
information technology markets as well as what will be needed to test 
conformance of products for suitability, quality, inter-operability, 
and data portability so that the risk now assumed by health IT 
purchasers will be mitigated and the adoption of robust, inter-operable 
information technologies will be accelerated throughout the health care 
system of the United States.

e.)  Provide Technical Expertise for a Nationwide Health Information 
                    Network

    Four groups of health care and health information technology 
organizations have been awarded contracts by ONC to develop prototypes 
for a Nationwide Health Information Network (NHIN) architecture. These 
four consortia will bring together hospitals, laboratories, and health 
care providers with technology developers that will lead the health 
care industry to develop a uniform architecture for health care 
information that can follow consumers throughout their lives.
    To manage the content of the four prototypes being proposed, a NIST 
team is working with ONC to create an architecture management system 
that will serve as a repository for all the final architectural 
elements, including but not limited to: user requirements, conformance 
testing requirements, functional specifications, and high level 
standards used. This system will also help manage the inter-
relationships between all elements, which will aid in the development 
of the Nationwide Health Information Network. This architecture 
management system can be compared to a blueprint for building a house.

f.)  Interagency Health IT Policy Council

    Secretary Leavitt has established an Interagency Health Information 
Technology Policy Council (the Council) with in ONC to coordinate 
health information technology policy decisions across federal 
departments and entities that will drive action necessary to realize 
the President's goals of widespread health IT adoption. The Council 
brings together representatives from various entities within HHS and 
elsewhere in the government for the purpose of advancing both short-
term and long-term health IT policy. The initial focus of the Council 
is to establish a strategic direction for policy and to identify 
accelerators to support the Community breakthroughs. NIST will 
participate as a member agency on this Council.

Conclusion

    As the Committee can see by the few examples I have cited, NIST has 
a diverse portfolio of activities supporting our nation's health 
information technology effort. With its long experience as well as a 
broad array of expertise both in its laboratories and in its 
collaborations with other government agencies and the private sector, 
NIST is poised to help facilitate the harmonization of the many ongoing 
efforts, which together contribute to achieving the President's goal 
for developing both electronic health records and the establishment of 
a Nationwide Health Information Network.
    Once again thank you for inviting me to testify about NIST's 
activities and I will be happy to answer any questions you may have.

                     Biography for William Jeffrey

    William Jeffrey is the 13th Director of the National Institute of 
Standards and Technology (NIST), sworn into the office on July 26, 
2005. He was nominated by President Bush on May 25, 2005, and confirmed 
by the U.S. Senate on July 22, 2005.
    As Director of NIST, Dr. Jeffrey oversees an array of programs that 
promote U.S. innovation and industrial competitiveness by advancing 
measurement science, standards, and technology in ways that enhance 
economic security and improve quality of life. Operating in fiscal year 
2006 on a budget of about $930 million, NIST is headquartered in 
Gaithersburg, Md., and has additional laboratories in Boulder, Colo. 
NIST also jointly operates research organizations in three locations, 
which support world-class physics, cutting-edge biotechnology, and 
environmental research. NIST employs about 2,800 scientists, engineers, 
technicians, and support personnel. An agency of the U.S. Commerce 
Department's Technology Administration, NIST has extensive cooperative 
research programs with industry, academia, and other government 
agencies. Its staff is augmented by about 1,600 visiting researchers.
    Dr. Jeffrey has been involved in federal science and technology 
programs and policy since 1988. Previous to his appointment to NIST he 
served as Senior Director for Homeland and National Security and the 
Assistant Director for Space and Aeronautics at the Office of Science 
and Technology Policy (OSTP) within the Executive Office of the 
President. Earlier, he was the Deputy Director for the Advanced 
Technology Office and Chief Scientist for the Tactical Technology 
Office with the Defense Advanced Research Projects Agency (DARPA). 
While at DARPA, Dr. Jeffrey advanced research programs in 
communications, computer network security, novel sensor development, 
and space operations.
    Prior to joining DARPA, Dr. Jeffrey was the Assistant Deputy for 
Technology at the Defense Airborne Reconnaissance Office, where he 
supervised sensor development for the Predator and Global Hawk Unmanned 
Aerial Vehicles and the development of common standards that allow for 
cross-service and cross-agency transfer of imagery and intelligence 
products. He also spent several years working at the Institute for 
Defense Analyses performing technical analyses in support of the 
Department of Defense.
    Dr. Jeffrey received his Ph.D. in astronomy from Harvard University 
and his B.Sc. in physics from the Massachusetts Institute of 
Technology.

    Mr. Reichert. The Chair recognizes Dr. Jody Pettit.

  STATEMENT OF DR. JODY PETTIT, M.D., PROJECT CHAIR, PORTLAND 
       HEALTH CARE QUALITY CORPORATION, PORTLAND, OREGON

    Dr. Pettit. Mr. Chairman and Mr. Wu, my name is Jody 
Pettit. Thank you very much for inviting me to provide 
testimony on a subject about which I feel so strongly.
    I'm a board-certified internist and I've practiced medicine 
in Portland for the past 11 years. As a physician, I've had the 
privilege to take care of people and to see our medical system 
from the front line. There's a glaring problem, and it's the 
lack of information flow between systems.
    I'll tell you a story about a woman that we saw in a 
clinic, who came in with a persistent cough despite treatments. 
We ordered a chest X-ray, and it showed a lesion in her right 
lung. She'd had a previous chest X-ray several years and 
remembered it was abnormal in some way but wasn't sure how. 
Luckily, she remembered where she had it done, and so we 
ordered the old film for comparison. If the lesion looked 
exactly the same, we could feel comfortable and watch it over 
time. So we waited. A week later, we still didn't have the 
film. We called again, because we could save her the worry, the 
radiation exposure, the time, the money that she and her health 
plan would pay for more tests. We eventually gave up and 
ordered a CT-scan, a chest CT, which cost close to a thousand 
dollars. A week later, finally, the old film did show up and, 
in fact, the lesion was exactly the same after almost four 
years. But by now she had spent the time, her 20 percent co-
pay, she'd missed several hours of work, she'd gotten a hefty 
dose of unnecessary radiation, and she spent weeks in fear that 
she might have lung cancer.
    This story, unfortunately, is not some bizarre exception or 
rare occurrence; there are issues of information flow every 
day. Experiences such as these have led me to refocus my 
energy. For the past three years, I've been one among 
hundreds--and they're here, too, today--of Oregonians from the 
private and public sector that want to find a better way 
through the use of health information technology. We've called 
this effort, collectively, the Oregon Health Information 
Infrastructure, or OHII for short.
    The Oregon Health Care Quality Corporation has provided the 
nonprofit multi-stakeholder home for OHII. The State of Oregon 
recently created a position in the Office of Health Policy and 
Research for health information technology coordinator, and I 
will be serving in that role.
    The vision is fourfold: A person's health information 
available to them anywhere, any time that they need it. It's 
private and secure and under their control. Health information 
infrastructure is designed with the patient at the center. And 
that it's used to assure high-quality, cost-effective, personal 
and population-based care. There are many barriers to overcome 
and achieve this vision. And I think we're all well-versed in 
the EHR adoption issues, the technical issues, standards, 
privacy and security, business case, and sustainability 
issues--and not the least of which, political will, governance, 
stakeholder cooperation, data sharing, and just plain old 
trust.
    So what are the roles of the Quality Corporation and the 
State and the Federal Government in resolving these issues? The 
Quality Corporation, with lots of partners, has helped bring 
attention to this issue by bringing people together from around 
the state and has completed a data sharing project with 12 
health plans. We're working on assessment of EHR adoption and 
currently engaged in a joint effort with the Oregon Business 
Council's EHR and inter-operability committee. The goal of OHII 
is to catalyze the formation of a regional health information 
organization, or RHIO.
    The state, likewise, has given attention to this issue. The 
Oregon Health Policy Commission appointed a subcommittee to 
give recommendations to the state; that report is available 
here today. The Oregon Office of Health Policy and Research has 
committed to resources for coordination. And the Governor's 
Office is applying for a federal contract--subcontract to 
examine privacy and security laws and practices in Oregon.
    With regard to the federal role, the answers for all the 
issues are, clearly, not worked out yet; but what we do have is 
a forum for discussion and an appropriate framework in the 
Office of the National Coordinator for Health Information 
Technology. And the good news is, the agenda is moving forward. 
National level activities are underway but state levels are not 
well supported. Exceptions are communities that have already 
received federal funding or have been working on this for well 
over a decade.
    The expectation is not for the government to fund this 
indefinitely. There are RHIO business models being studied in 
several communities, but assistance or start-up capital would 
be helpful. A good example of this is the federal contract 
process. The HISPC, the Health Information Security and Privacy 
Collaboration, where RTI serves as a prime contractor and the 
states as subcontractors. This allows contract money to be 
awarded to states but with some coordination at the national 
level. Working through the Governor's Office is an effective 
way to gain state leadership. The process takes some leadership 
and some followership.
    I will close with these points. Number one, there is a 
critical need for better information flow for better care.
    Number two, real change involves rearranging the system 
such that the patient is truly at the center. Until we do this, 
the changes are incremental and not transformational. There is 
a need for the data holders to share their data for the good of 
the patient. We need to resolve these issues regarding--or 
arguments regarding data ownership. A person's data needs to be 
available to them without question. It's understood that data 
holders, i.e., providers, health systems, and health plans, 
need to keep a copy for their own records; however, they should 
endeavor to make patient centered data sharing arrangements.
    Number three, the Office of the National Coordinator is a 
vehicle that's working. It has some money for national 
coordination but very little to pass through to the states and 
communities for RHIO information. Start-up capital could help 
to build the infrastructure that's necessary to derive value 
and ultimately achieve financial sustainability.
    We all need to have courage to make this happen. We're 
building something that hasn't existed before, but it needs to 
exist as soon as possible, for all of our sakes.
    Mr. Chairman and Ranking Member, thank you for coming to 
the Great Northwest to listen to our concerns.
    Mr. Wu. Thank you.
    Mr. Reichert. Thank you, Dr. Pettit.
    [The prepared statement of Dr. Pettit follows:]
                   Prepared Statement of Jody Pettit

Introduction:

    Thank you very much for inviting me to provide testimony on a 
subject about which I feel so strongly. I am a board-certified 
Internist and have practiced medicine in Portland for the past 11 
years. As a physician, I have the privilege to take care of people and 
to see our medical system from the front line. There is a glaring 
problem--and it is the lack of information flow.
    Let me tell you a story about a woman that I saw in clinic who came 
in with a persistent cough. We had tried several treatment regimens but 
her cough continued. We ordered a chest x-ray and it showed a lesion in 
her right lung.
    She had a previous chest x-ray several years ago and she told us it 
was abnormal in some way but wasn't exactly sure how. Fortunately, she 
remembered where she had it done, so we called over to that facility to 
get the old chest x-ray for comparison. If the lesion still looked 
exactly the same after several years then we wouldn't have to worry as 
much and we could watch it.
    So we waited.
    A week later we still didn't have the film. We called again because 
we could save her the worry, the radiation exposure of more tests, the 
time and the money that she and her insurer would pay for more tests. 
We called again, but eventually the resident gave up and ordered a 
chest CT. A chest CT costs a little less than $1,000. The following 
week, the old film finally made it over and indeed the lesion was 
exactly the same after almost four years. But by now she spent the 
time, her 20 percent co-pay, missed several hours of work, got a hefty 
dose of unnecessary radiation via CT and spent a weekend in fear that 
she might have lung cancer.
    A chest x-ray + a lack of information could equal a chest CT + 
biopsy could = a pneumothorax, a chest tube, an ICU admission, a 
hospital-acquired infection and sepsis. And a $50,000 hospital bill. Or 
a chest x-ray + timely information = reassurance and prevention of a 
hospitalization.
    This story is not some bizarre exception, or a rare occurrence--
there are issues of information flow every time I go to clinic.
    I could tell you countless stories of scrambling for information--
phone calls to medical records clerks in the wee hours of the morning 
while the 50 yo man with chest pain is being wheeled down the hall to 
the cath lab--we didn't have an old ECG for comparison or his previous 
cath report--we didn't know if the ECG changes were new so he was going 
to have a catheter pushed up through his groin into his heart to look 
at his coronary arteries.
    Any case could follow one of two equations:

    Clinical condition + unattainable information = cascade of 
unnecessary tests, possible complications and avoidable cost

    Clinical condition + timely information = accurate, well-informed 
medical decisions and efficient medical care. (cost-effective)

    Experiences such as these have led me to refocus my energy.
    For the past three years, I have been one among hundreds of 
Oregonians from the private and public sector that want to find a 
better way with the use of information technology. We call this 
collective effort the Oregon Health Information Infrastructure or OHII 
for short. The Oregon Healthcare Quality Corporation has provided the 
non-profit, multi-stakeholder home for OHII. The State of Oregon 
recently created a position in the Oregon Office of Health Policy and 
Research for a Health Information Technology Coordinator and I will be 
serving in that role.

The Vision:

    The vision of better information flow in health care is four-fold:

          A person's health information is available to them 
        anywhere, anytime they need it.

          Health information is private and secure and under 
        the control of the individual.

          Health information infrastructure designed with the 
        patient at the center.

          Health information is used to assure safe, high 
        quality, cost-effective personal and population-based health 
        care.

The Issues:

    There are many barriers to overcome to achieve this vision.

EHR adoption issues--Clinicians aren't adopting EHR because of a lack 
of financial incentives, expense, risk of implementation failure and 
lack of inter-operability which makes for expensive interfaces and 
prohibits migration to different system.

Technical issues--The optimal technical architecture for inter-
operability and health data exchange is still being explored. Vendors 
are just starting to create products to perform this function and 
engines are operating only in experimental settings.

Standards issues--There are numerous standards organizations in 
competition for becoming the standard. There is a need for 
harmonization of these standards. EHR vendors have some but not all 
data in proprietary formats and new standards would require largely 
require retrofitting into their software.

Privacy & Security issues--Inappropriate disclosure of health 
information is one of the top concerns for consumers. Fear of 
discrimination especially from employers makes people cautious about 
sharing their health information. Among the many issues, patient 
control over access is a prominent one.

Business case and sustainability issues--It is well-recognized that in 
order for the building of information technology systems to be funded 
that the investors must recognize some value or return on their 
investment. Furthermore, operating expenses of these systems must be 
offset by a revenue source in order to be financially sustainable. 
Studies of the value of HIT and projections regarding whom benefits and 
how much have been published in the past couple of years. 
Sustainability models are likewise being devised and tested in some 
communities are around the U.S. The answers in this realm are not 
readily apparent and the question of who will pay is still largely 
unanswered.

Political will, governance, stakeholder cooperation, data sharing and 
trust issues--Part of the challenge of moving from an institution-
centric model to a patient-centered model is that it requires that data 
holding entities share information. Patients almost never get all of 
their medical care in a single location and thus it is inadequate to 
maintain walled off silos of data at the various points of care. 
However, institutions may view holding onto the records as a means of 
holding onto the patient. Thus competitive issues between health care 
entities may lead to an unwillingness to share. Establishing a 
governance in which the various entities have a seat at the table and 
agree to rules for decision-making and data sharing is one of the major 
challenges.

Role of the Oregon Healthcare Quality Corporation:

    The Oregon Healthcare Quality Corporation (QCorp) has four 
initiatives, all of which relate directly or indirectly to the use of 
health information technology.

Chronic Disease Data Clearinghouse
    This proof-of-concept pilot demonstrated that 12 health plans, 
working together, can provide helpful tools that physicians will use to 
manage care for patients with diabetes and asthma.
    Analysis is providing answers about where people receive their care 
to guide decisions about how to reduce fragmentation through common 
data systems.
Common Practice Measurements
    Providers, health plans and purchasers are working together to 
identify a shared set of appropriate out-patient practice quality 
measurements. These will be used by multiple stakeholders for 
assessing, reporting and rewarding quality care in Oregon.
Advocacy and Education
    Legislative testimony, serving on multiple Health Policy Commission 
committees and cross-organization board memberships are a few of the 
ways that Quality Corporation staff advocate for a collaborative 
quality agenda. Sponsoring and participating in numerous conferences 
bring Oregonians together for a shared agenda for quality improvement.
Oregon Health Information Infrastructure (OHII)
    A strategic plan, developed through stakeholder meetings, is 
setting the agenda to encourage adoption of electronic health records 
and systems for securely and efficiently getting information to where 
it is needed. OHII work (with partners) has included: multiple state-
wide conferences, CIO/CMIO forums, a pilot project proposal, EHR 
inventory to establish a baseline. The Quality Corporation is working 
to foster the formation of a regional health information organization 
(RHIO). The Office of the National Coordinator for Health Information 
Technology (ONCHIT), has called for at least one RHIO per state and one 
overarching RHIO. In Dr. Brailer's view, a RHIO provides governance and 
oversight. He believes it is essential to develop a process for making 
decisions in public and RHIOs should have this public governance 
process. The OHII effort endeavors to play a role in establishing an 
open, neutral, inclusive governance process for Oregon and is engaged 
in dialogue with top health care leaders including those in the Oregon 
Business Council's EHR and Inter-operability Subcommittee.

Role of the State of Oregon:

    The following is taken from the report to the Oregon Health Policy 
Commission entitled ``Report to the 73rd Legislative Assembly: 
Electronic Health Records & Data Connectivity,'' http://
egov.oregon.gov/DAS/OHPPR/HPC/docs/
EHR-LegReport-March05.pdf

The report made recommendations regarding the State's possible roles:

          Convene stakeholders

          Assess EHR adoption and community inter-operability 
        efforts

          Sponsor meetings

          Examine State laws regarding HIT

          Collaborate with Public Health

          Engage the public

          Coordinate efforts around the state

          Provide funding, if possible

          Partner with the private sector

          Incentivize HIT adoption in role as Payer through 
        Oregon Medical Assistance Program (OMAP)

          Incentivize HIT adoption in role as Purchaser through 
        Oregon Public Employees Benefits Board (PEBB).

Role of the Federal Government:

    The Office of the National Coordinator for Health Information 
Technology (ONCHIT) is organized into the following offices:

         Office of HIT adoption

         Office of Inter-operability and Standards

         Office of Programs & Coordination

         Office of Policy & Research

    They have the following as their major initiatives with the 
corresponding roles:



A Recommendation for Action:

    We don't have the answers to all the issues but what we do have is 
a framework and a forum for discussion in the Office of the National 
Coordinator for Health Information Technology (ONCHIT). The good news 
is things are progressing in the ONCHIT agenda but the missing piece is 
significant money flowing to the states. The activities that need to 
take place at the national level are underway but the activities that 
need to occur at the state level are not well-supported. Exceptions are 
communities that have received funding or have already been working on 
this for over a decade. The expectation is not for the government to 
fund this indefinitely, but assistance with start-up capital could be 
helpful. There are business models being studied and demonstrated in 
some communities in the country.
    An example of a working model for government funding is the Federal 
contract process, e.g., with Research Triangle International (RTI) and 
the Health Information Security and Privacy Collaboration (HISPC). RTI 
serves as a prime contractor and states as subcontractors. This allows 
contract money to be awarded to states in a semi-competitive process 
with coordination at the national level. Working through the Governor's 
office is an effective way to engage state leadership.
    So this process requires some leadership and some followership.

Economic Analysis of Health Information Technology impact:

    Several groups have begun to tackle some of the economic issues 
relating to the adoption of HIT, the implications for inter-operability 
and the use of clinical decision support tools. Below are some high-
level numbers that have been cited as relevant to the discussion.

    U.S. health care industry expenditures = $1.7 trillion per year

    RAND estimates $81 billion per year savings with EHR implementation 
and networking.

    The Center for Information Technology Leadership (CITL) estimates 
fully standardized health information exchange and inter-operability of 
could yield a net value of $77.8 billion per year once fully 
implemented. Combined with potential savings from adoption of CPOE in 
office EHR of $44 billion, the CITL suggests adoption of HIT could save 
approximately five percent of health care expenditure.

    A study out of Harvard published in the Annals of Internal Medicine 
last year estimates the cost to build the National Health Information 
Network at $156 billion in capital investment over five years and $48 
billion in annual operating costs. (Annals of Internal Medicine 2005; 
143:165-173.)

    The Bush Administration has requested $169 million for health 
information technology in the 2007 Health and Human Services Department 
budget, a $58 million increase from the $111 million allocated for 
health IT in the fiscal 2006 budget passed last month. The health IT 
funding line includes a requested $116 million for ONCHIT, $50 million 
for the Agency for Healthcare Research and Quality and $3 million for 
the HHS assistant secretary for planning and evaluation's budget. 
(Source: Government Health IT, Feb. 6, 2006)

U.S. health care industry expenditures = 1.7 trillion/yr
Estimated Operating Savings = $124 billion/yr
Estimated Operating Cost = $48 billion/yr

Net Operating Savings = $ 76 billion/yr

The CITL suggests adoption of HIT could save approximately five percent 
of health care expenditure.

ONCHIT budget = $169 million/yr

The estimated capital investment is $156 billion, the proposed budget 
is $169 million--this is 1/1,000th of the necessary funding.

    These figures help to make the argument for federal funding to help 
move this effort forward and for CMS in it's role as a payer to 
incentivize HIT adoption.

Closing Comments:

    I will close with these points:

        1.  There is a critical need for better information flow in 
        health care to achieve safe, efficient and high quality care.

        2.  Real change involves rearranging the system such that the 
        patient is at the center. Until we do this, changes are 
        incremental, not transformational. There is a need for the data 
        holders to share their data for the good of the patient. We 
        need to resolve the arguments regarding data ownership. A 
        person's data needs to be made available to them without 
        question. It is understood that the data holders, i.e., 
        providers, health systems and health plans need to keep a copy 
        for their own records, however they should endeavor to make 
        patient-centered data sharing arrangements.

        3.  The Office of the National Coordinator for HIT is a vehicle 
        already in place for change and to a great degree it is 
        working. We have a forum for discussion and a framework for 
        strategic action. The ONCHIT has been able provide some money 
        for national coordination but very little money to pass through 
        to the states and communities for RHIO formation. What we're 
        lacking is the real financial commitment for this effort at a 
        state level. Start-up capital could help to build the 
        infrastructure that is necessary to derive value and ultimately 
        achieve financial sustainability.

        4.  Support legislation that authorizes the Secretary of Health 
        and Human Services to make health information technology grants 
        or contracts for the development of information sharing 
        infrastructure and collaborative efforts to spur adoption by 
        small physician groups and others.

ADDENDUM:

Specific examples of issues or barriers:

    Solicitation of some health information technology colleagues in 
Oregon yielded the following specific examples:

    Example of lack of regulatory harmonization: A health IT colleague 
`on the ground' implementing systems points to regulation from various 
compliance organizations, e.g., JCAHO, NEC, UL, EOC, etc., that result 
in layers and layers of regulations. There is apparently a need for 
harmonization of these sometimes contradictory and stifling 
combinations. It was conveyed that the regulations make sense in 
isolation but become nearly unimplementable when several overlap. There 
is also a concern that increasing regulation increases the cost of 
implementation of systems.

    Example of vocabulary standards issue or need: Colleagues at Oregon 
chapter of the American Health Information Management Association 
(AHIMA) have brought this issue to the fore. They feel that the U.S. 
needs to adopt and begin implementing ICD-10 clinical coding systems in 
order to improve the quality of health data and patient care. Their 
concern it that current classification system, ICD-9-CM is obsolete. 
Developed nearly 30 years ago, they assert that it cannot accurately 
describe the diagnoses and inpatient procedures of care delivered in 
the 21st century. Furthermore, they point out that the U.S. is the only 
industrialized country in the world that has not adopted it. Ninety-
nine other countries have preceded the U.S. thus far.

    Example of potential legislative need: The U.S. might consider 
lengthening the statue of limitations on keeping a medical record from 
seven years to 107 years. The rationale is that records need to be 
available for the duration of a person's life.

                       Biography for Jody Pettit

    Dr. Pettit is working in a dual role regarding health IT in Oregon. 
She was recently selected by the Oregon Office of Health Policy and 
Research to serve in the role of Health Information Technology 
Coordinator.
    She is the Director of the Oregon Health Information Infrastructure 
project of the Oregon Healthcare Quality Corporation, a multi-
stakeholder collaborative dedicated to improving health care quality. 
The organization has as one of its primary goals to foster the building 
of an Oregon Regional Health Information Organization.
    She is a Board-Certified Internist practicing part-time as faculty 
with the Department of Medical Education at Providence Ambulatory Care 
and Education Center, the Department of Medicine Faculty Practice at 
St.Vincent's and with Legacy Health Systems in Portland.
    She was the Medical Director of the InterHospital Physicians 
Association (IPA) in Portland, Oregon from 2001-2005.
    Dr. Pettit worked in the role of clinical consultant for the 
electronic health records company MedicaLogic in Hillsboro, Oregon from 
1999-2001.
    She is a Clinical Assistant Professor at the OHSU Department of 
Medical Informatics and Clinical Epidemiology.
    She has been on the Board of the Oregon Healthcare Quality 
Corporation (QCorp) since 2001 and served as the Chairperson of the 
Chronic Disease Data Clearinghouse.
    Dr. Pettit served as Chair of the Electronic Health Records and 
Healthcare Connectivity Subcommittee for the State of Oregon, under the 
Oregon Health Policy Commission 2005.
    She participated in the State of Oregon Evidence-based medication 
review process in three subcommittees, acting as Chair of the Triptan 
subcommittee.
    She earned her Medical Degree from Medical College of Virginia and 
a Master's Degree in Health and Wellness Administration and a BS in 
General Science from the University of Iowa.

    Mr. Reichert. The Chair recognizes Ms. Diane Cecchettini.

   STATEMENT OF MS. DIANE E. CECCHETTINI, PRESIDENT AND CEO, 
          MULTICARE HEALTH SYSTEM, TACOMA, WASHINGTON

    Ms. Cecchettini. Thank you, Mr. Chairman and Mr. Wu.
    I'm Diane Cecchettini. I'm a registered nurse and I'm 
currently serving as President and CEO of MultiCare Health 
System.
    To give you a frame of our organization: We're a not-for-
profit, community-governed health care system who operates two 
adult hospitals and a pediatric hospital, 593 licensed beds, 
six ambulatory care centers, six urgent care, and we employ 200 
physicians in our care system.
    Over the past eight years, MultiCare Health System has 
invested over $50 million implementing an electric health 
record in our ambulatory center. Currently, we're implementing 
the electronic health record in our inpatient hospitals, and 
it's $50 million and counting. One of the huge barriers to the 
implementation is the huge training costs of all of our staff, 
plus the redesign of work flow so that we really achieve a 
transformation of the health care system, centered around 
patient, centered around information flow. We believe in these 
investments. We are funding this out of operating earnings and 
reserves because it's the right thing for the next level of 
care.
    Our patients are already starting to see the benefit of 
this. Our patients now can see--they have access to their 
medical records through secure electronic access. They can view 
their medical problems, they can see lab work results, make 
appointments, review education specific to their disease, and 
even refill prescriptions. So we're on that first step of 
access.
    Since we've been in the ambulatory clinics for so many 
years, we looked at what are the results of providing 
physicians with information technology tools to really better 
manage complex diseases. We've studied the 5,316 diabetic 
patients and have seen significant clinical outcome results. 
When you're able to provide physicians consistent data in terms 
of how they are achieving hemoglobin A1C--and that's how you 
manage and control blood glucose, how you manage blood 
pressure--we consistently monitor this with our patients and so 
it's a continuous stream of measuring outcomes. We know--and 
we've extrapolated the data--that we have prevented heart 
attacks, we have prevented ED admissions, and we have decreased 
morbidity and mortality from this disease.
    Our goal is ultimately to establish one health record 
across the continuum and decrease the fragmentation that exists 
in health care with patients not having the data flow with 
redundant imaging tests, by being able to direct the patient at 
the right site with the right information needed for care of 
the patient. We're already seeing that impact in our emergency 
department. When people in our clinics come to the ED, we can 
immediately access the history, the medications, and expedite 
treatment.
    We also see that we're able to recall patients when there 
are drug alerts, when we find more information about drugs that 
we need to change therapy. So with the recent Vioxx, we were 
able to immediately contact our patients and change therapy. We 
were able to address our 15,000 women with the hormone 
replacement therapy that were issues. With preventative 
measures, we're able to achieve a 100 percent childhood 
immunization rates in our clinics, and our mammogram compliance 
rate exceeds 97 percent.
    We believe, with all the barriers and challenges, that 
payment incentives are key to the doctors of technology in 
order to achieve successful expansion. So we're very interested 
in payment incentives. We have concerns about pay for 
performance, but my concern is that pay for performance needs 
to be tied to clinical outcomes. We have a number of primitive 
efforts in Washington state, where the commercial insurers data 
is corrupted, and it's from claims history. So it really needs 
to be tied to clinical outcomes.
    We also have concerns--We're ready to extend our electronic 
health records to smaller physician and independent physician 
practices and other hospitals. And so we encourage CMS to 
continue to examine its interpretation of the Stark Law in 
order to encourage connectivity in regional networks at a fair 
market value. That will allow us all to get there quicker.
    And, finally, I think it's important to consider the 
implications of the electronic health record on access to and 
recovery of data during a disaster such as Hurricane Katrina. 
Of all the lessons learned, area hospitals that already had 
electronic health record capacity lost virtually no patient 
data. So implementation and inter-operability standards 
facilitating safe information exchange and appropriate 
redundancy planning in case of another disaster is critically 
important.
    Thank you, Mr. Chairman. That completes my statement.
    Mr. Reichert. Thank you.
    [The prepared statement of Ms. Cecchettini follows:]

               Prepared Statement of Diane E. Cecchettini

    Thank you Mr. Chairman and Members of the Subcommittee. My name is 
Diane Cecchettini. I'm the President and CEO of MultiCare Health System 
in Tacoma, Washington, and I'm also a registered nurse. Thank you for 
inviting me here today to discuss the benefits of Information 
Technology (IT) to providers and consumers of health care, the impact 
of IT on quality and costs, and the incentives and barriers that exist 
to the broader adoption of IT in the health care industry.
    MultiCare operates two adult and one pediatric hospital and we 
serve as a Level II trauma center for both children and adults. We have 
593 licensed beds, five ambulatory surgery centers, six urgent care 
centers, and a certified home health agency and hospice program. We 
also employ 200 physicians in our MultiCare Medical Group. Over the 
last eight years, MultiCare has invested 50 million dollars 
implementing an electronic health record in our ambulatory physician 
practices. Currently, we are implementing the electronic health record 
(EHR) in our three inpatient facilities which will cost another 50 
million dollars. We believe this is a critical investment to support 
improvements we've seen in patient care, but the costs are truly 
monumental. With the EHR we have a much greater ability to track our 
care processes using evidence-based guidelines, communicate among 
different providers who care for the same patient, and improve patient 
outcomes because of our ability to track and study data trends. Our 
patients also see specific benefits. Most importantly, they can 
participate in their care through secure electronic access to their 
medical record to view medical problems, see lab work results, make 
appointments, review educational materials specific to their diagnoses 
and even refill prescriptions.
    In 2001-2002, MultiCare conducted a study of 5,000 diabetic 
patients in MultiCare Medical Group and estimated that as a result of 
implementing specific physician practice guidelines, which included 
tracking and reporting of certain lab values like blood glucose and 
cholesterol, along with blood pressure, 33 heart attacks and 28 deaths 
were prevented in one year. This of course has the downstream effects 
of less Emergency Department (ED) visits, less Coronary Care Unit stays 
and fewer cardiac catheterizations to name a few, all of which can cost 
tens of thousands of dollars each. The potential annual cost savings in 
this group of 5,000 diabetic patients alone had an estimated downstream 
savings to Washington State health care of 4.3 million dollars annually 
(Reed and Bernard, 2005). The journal article describing the study is 
attached to my written testimony. We believe firmly that while terribly 
expensive on the front end, EHRs save lives and will save the national 
health care system significantly over the long run.
    Our mission is quality patient care. Because, ultimately, it is the 
patient who owns their clinical data, our goal is to establish one 
health record that spans the continuum of our services. Physicians in 
our EDs have access to medications and past medical history via the 
ambulatory record. Our ambulatory physicians and home health nurses are 
able to see the course of treatment when a patient is in the hospital. 
Our community physicians are able to remote into our system using a 
secure connection. Now, instead of relying on just faxes and mail, our 
medical records department is beginning to work with physician offices 
to access patient information electronically. This is much more 
efficient to the physician and to our hospital. Secure access for our 
providers can even be extended to them at home, meaning they can see 
important lab and radiology results as soon as they are available, even 
at night or on weekends. This is good for care continuity and it also 
saves money because duplicate lab tests or other interventions that 
might be repeated, are not. Another real advantage of an EHR is the 
ability to contact patients quickly when a drug is recalled or found to 
have ill-effects for certain populations. For example, as soon as we 
learned of the potential problems with the drug Vioxx, we were able to 
immediately contact our patients receiving the drug and schedule them 
to talk with their doctor. When concerns arose about hormone 
replacement therapy in 2002, information was targeted to 15,000 women. 
With traditional paper systems this would be extremely time intensive, 
if not impossible.
    Our prevention programs have also seen tremendous improvements with 
the EHR. Childhood immunizations have reached 100 percent in some of 
our clinics. Our mammogram compliance rate exceeds 97 percent. In 2003, 
influenza administration reminders were mobilized in seven days for new 
CDC recommendations.
    We feel strongly that Information technology provides our health 
system with several specific benefits. In particular, it allows us to:

          Practice evidence-based medicine;

          Implement disease management programs that focus on 
        prevention and care of the chronically ill;

          Lengthen lives and allow patient participation in 
        care;

          Prevent costly hospitalizations; and

          Support public health and biosurveillance.

    We equally believe that payment incentives are key for the adopters 
of technology in order to achieve successful expansion throughout the 
country. Specifically, we would encourage the State and Federal 
Government to:

          Adopt a common set of operating standards to support 
        inter-operability;

          Provide payment incentives for adopters of 
        technology;

          Ensure protection of consumer privacy by enforcing 
        encryption, user authentication and audit trails;

          Encourage a common set of measures to audit 
        performance among all of the payers for health care; and

          Support a common, agreed-upon, and detailed 
        vocabulary for all medical terminology, such as SNOMED.

    A significant barrier will continue to be how to pay for 
information technology, especially for small hospitals, rural 
providers, and individual physician practices. While some federal and 
private grant money has been available for Health Information 
Technology (HIT) adoption, there simply is not enough to go around. We 
would like to extend the use of our EHR to smaller physician practices, 
and even to hospitals through application service provider arrangements 
(ASP). I would encourage CMS to continue to examine its interpretation 
of the Stark Law, in order to encourage connectivity in regional 
networks at a fair market value. We would also encourage CMS and other 
payers to ramp up efforts to expand pay for performance and 
reimbursement incentives for organizations that adopt information 
technology. Once payment is tied to the use of technology, the urgency 
of adoption will increase. However, hand in hand with these efforts 
need to be a uniform set of standards that vendors must adhere to in 
order to achieve the inter-operability needed to ensure patient records 
are always available when and where they are needed.
    It is also important to consider the implications of the EHR on 
access to and recovery of data during a disaster such as hurricane 
Katrina. Hospitals, clinics and other care settings, along with the 
paper medical record information in those facilities were literally 
destroyed. As evacuees crowded into shelters with many in need of 
medical attention, doctors who treated the patients had to do so with 
only a rudimentary knowledge of their past treatments. However, area 
hospitals that already had electronic health record capacity lost 
virtually no patient data. Implementation of inter-operability 
standards facilitating safe information exchange and appropriate 
redundancy planning in case of another disaster can ensure that 
electronic patient information can be available much sooner, 
alleviating many of the challenges faced by care givers in difficult 
circumstances.
    I have the honor of currently serving as the Chairperson of the 
Washington State Hospital Association. As a state, the health systems 
in Washington have actively embraced the Institute for Healthcare 
Improvement's 100,000 lives campaign. We firmly believe that technology 
can improve care quality in our hospitals and save money. While the 
return on investment is not immediate, EHRs are key to achieve the 
efficiencies and care management so crucial to patient safety in the 
hospital, and to address the needs of the chronically ill. The task of 
developing a National Health Infrastructure is extremely difficult and 
complex--it is a long-term endeavor. However, it is imperative that it 
be done and I appreciate the leadership of the Subcommittee.
    Thank you. Mr. Chairman, this completes my statement. I will be 
happy to answer any questions that you or other Members of the 
Subcommittee might have for me.




                   Biography for Diane E. Cecchettini

    Ms. Cecchettini has served as President and Chief Executive Officer 
of MultiCare Health System since 1999. Prior to the CEO role, she 
worked in various capacities at MultiCare Health System--Executive Vice 
President, and Vice President Patient Services.
    Ms. Cecchettini's previous experience includes multiple leadership 
positions in 11 years at Sutter Health in Sacramento, and direct 
clinical experience at UCLA Medical Center in Los Angeles, California. 
Ms. Cecchettini received a Bachelor's degree in Nursing in 1970 from 
the University of California, Los Angeles, and a Master of Science 
degree in Human Resources Management in 1976 from the University of 
Utah.
    In 1993, Ms. Cecchettini retired as a Lieutenant Colonel from the 
Air Force Reserve, having served 21 years as a Flight Nurse in 
Aeromedical Evacuation--serving in the Vietnam era and as a Troop 
Commander in Desert Storm.

    Mr. Reichert. And the Chair recognizes Mr. John Kenagy.

 STATEMENT OF MR. JOHN JAY KENAGY, CHIEF INFORMATION OFFICER, 
              OREGON HEALTH AND SCIENCE UNIVERSITY

    Mr. Kenagy. Thank you, Mr. Chairman and Mr. Wu. I'm pleased 
to be here to present testimony.
    We have a lot of people coming from very different 
perspectives, and what I'd like to do--I have a longer 
testimony, but I'd just like to highlight some of the things 
from my perspective as an IT professional.
    I am the chief information officer for Oregon Health and 
Science University and have been in that role since 2001, and 
also serve as the Chair of the CIO council for the university 
health system consortium of academic medical centers around the 
United States. In 21 years' experience in health care IT, it's 
been a wild ride over those 20 years.
    OHSU, as Oregon's only academic and research center, has 
sort of a unique perspective. We're really in the business, at 
its core, of knowledge--creating it through advanced research, 
imparting it to students through education, using it in the 
delivery of health care, and sharing it through our community 
service mission. What we feel is information is really the 
currency for knowledge. It is the way that it is developed and 
analyzed and used and stored. And as an institution, we've 
spent a lot of money, time, and resources into developing a 
very comprehensive IT architecture. Are we there yet? Far from 
it.
    Since year 2000, we've spent about $25 million on different 
IT solutions. In 2003, we embarked on an electronic health 
record, like MultiCare, $50 million and counting. And I 
appreciate that comment. I think one way to express sort of 
what we deal with on a day-to-day basis, I brought a graphic, 
that you cannot see and cannot really read, but that's somewhat 
of the point I want to make. At OHSU, we have not one 
electronic health system or, like banking, where you have a 
core system; we have a significant interaction of about 100 
different disparate islands of information that, every day, day 
in and day out, patient records are actually not in an 
electronic health record--it's sort of a misnomer in our 
industry; we actually have a significant number of these 
systems--that are woven together by people who work on my staff 
and, fundamentally, by paper. So what we've been--what we have 
been using in terms of our information system is an attempt to 
use these different islands of information.
    The health care IT industry, for all intents and purposes, 
is a 40-year-old industry; but, still, the products are 
extremely immature, especially around a comprehensive 
longitudinal electronic record. In the paper environment, this 
situation is not bad; in fact, it is the way--This is not 
atypical; it is the way most health care organizations in the 
United States run--certainly, academic medical centers, in what 
we call a best of breed approach. As we approach the 
marketplace or approach a need, we actually look at the niche 
that is needed and buy an application that meets that niche.
    A number of us were in San Diego for the national HIMSS 
conference, the annual health care IT marketplace. There were 
over 800 vendors there on the floor, showing their wares, 
showing different products. In many ways, that's a great--
there's a lot of interest in this field, there are a lot of--
there's a lot of progress being made in IT. On that floor, I 
could see systems that did diabetes care and cardiology care 
and intensive care and home care; but as an institution, we 
have patients who come in--a woman comes into our ED with chest 
pain complicated by diabetes, who needs to go to the ICU and 
then eventually be followed up at home. Is it really 
reasonable, logical, smart for us to have her record in four 
different systems, or six or eight? It's what we deal with 
every day, where standards and inter-operability is an issue. 
So one of the barriers, I would say, in adopting electronic 
health records is not the dearth of choice; it is the plethora. 
It is what we face all the time as an IT professional trying to 
pull these together.
    A couple other barriers, finances and resources, of course, 
are mentioned all the time. We were both saying that we're 
investing $50 million of our own institution's money to put 
this in. Do I think the health care IT will make health more 
cost effective? I think that's debatable. It will certainly 
replace a lot of low paid file clerks with a lot of high paid 
IT professionals.
    One--certainly some of the issues around the barriers of 
resources, one is clinician time, and I want to stress that 
point. As we implement our electronic health record at OHSU, 
and as research has shown throughout the U.S., the active 
involvement of physicians and nurses and members of the health 
care team to be involved in changing the work flow--it's not a 
deployment of a technology, but it's really the change in the 
way we practice medicine--requires their time and attention. As 
we've been implementing EPIC electronic health records, we're 
actually requiring physicians to spend 14 hours in classroom to 
learn how to use the tool effectively. That's just to use the 
tool, let alone designing and implementing the system.
    As Medicare, Medicaid, the insurance company, who works 
towards cost containment and tries to deal with what is 
considered from the outside, run-away health care inflation, we 
have no extra time of our clinicians to engage in the change of 
their practice to adopt this system. That is a significant--I 
think it's the--what's under the tip of the iceberg is this 
clinician time.
    The other one that I'm facing right now is the lack of IT 
professionals--few IT professionals who have this knowledge and 
experience to come into our field. As a provider organization, 
I and many of my colleagues, we sort of look at the 
consulting--consulting businesses to go to different companies 
to bring those resources. But they also face the same problem, 
to bring in qualified IT professionals in order to do this.
    The final barrier I would highlight, again, as maybe a 
defensive CIO, is what I would call the expectations gap. I 
think there's an expectation, certainly within our industry as 
well as outside, that IT in health should cost less and should 
be more effective, it should be easier and cheaper. Frankly, it 
isn't. And we face that all the time, trying to explain--going 
to the board to explain cost overruns and to explain why we are 
so far behind.
    Congressman Wu, I appreciate your mentioning the point 
about the investment health care makes. And you'll see, we at 
OHSU spend a little bit less than three percent of our--as most 
institutions in this industry do, three percent in health care; 
but banking and finance, which are used as hallmarks of IT 
investment, are at 10--eight to 10 to 12 percent. It's my 
recommendation.
    I think there are a lot of roles that the Federal 
Government can play. I think one is to continue and expand 
research in health care IT. We do a lot at OHSU, through our 
Department of Medical Informatics, which is a leading research 
institute for this field. I think there's a lot of additional 
study that needs to take place on how can these be effectively 
implemented successfully.
    I think the other thing that the Federal Government can do 
is expand training programs for clinicians and for IT 
professionals, to really create the understanding and the body 
of the pipeline of people who can help. I think there are many 
economic disincentives to doing health care IT--like I said 
earlier, the lack of spare clinician time to be able to invest 
in this; and cost containment pressures from other parts of the 
Federal Government make that even more difficult.
    Finally, I do think that there is a requirement for inter-
operability. I could make comments about my sense of what the 
priorities are. I certainly think inter-operability between 
institutions is a critical priority; inter-operability within 
an institution, I think, is better served by integrated 
information systems and not a continuation of a hundred 
different disparate systems.
    Thank you for letting me testify.
    [The prepared statement of Mr. Kenagy follows:]

                 Prepared Statement of John Jay Kenagy

Chairman Ehlers and Members of the Committee on Science:

    On behalf of Oregon Health & Science University (OHSU), I submit 
the following written testimony to the Environment, Technology, and 
Standards Subcommittee of the U.S. House of Representatives' Committee 
on Science. I serve as the Chief Information Officer (CIO) for OHSU, a 
position I have held since 2001. In that role, I am responsible for 
information technology (IT) strategy and implementation for all 
missions of OHSU, including health care, education, research, and 
community service.
    As Oregon's only academic health and science center, OHSU provides 
high-quality health care to more than 150,000 patients each year. The 
OHSU health care system offers the most comprehensive health care 
services in Oregon, including many innovative clinical care and 
diagnostic services. It is nationally recognized for clinical research 
and education, helping to develop tomorrow's health professionals.
    At its core, OHSU is in the business of knowledge: creating it 
through advanced research, imparting it through excellent teaching, 
using it in effective and safe clinical care, and sharing it in service 
to the community. Information serves as the currency for knowledge-the 
method to develop, analyze, store, and distribute it. Effective IT 
solutions therefore are fundamental to our organization. In 2003, OHSU 
adopted the Strategic Information Plan that establishes a compelling 
vision for the IT-enabled organization and sets forth goals and 
objectives in ten key strategic areas. Among the key strategic areas 
are health care, business intelligence, information security and 
privacy, and technology and infrastructure. OHSU has an extensive IT 
infrastructure requiring significant, on-going investment to sustain 
and grow. The organization invests just under three percent of its 
operating budget in IT.
    Health care IT has gained significant national attention since the 
beginning of the decade. The health care sector, one of the largest in 
the U.S. economy, lags other industries in the use of IT to enhance 
efficiency, improve effectiveness, and achieve quality. President Bush 
included it as one of his administration's goals in the 2004 State of 
the Union address: ``By computerizing health records, we can avoid 
dangerous medical mistakes, reduce costs, and improve care.'' Landmark 
studies by the Institute of Medicine [To Err Is Human: Building a Safer 
Health System in 2000 and Crossing the Quality Chasm: A New Health 
System for the 21st Century in 2001] called for widespread adoption of 
IT solutions to enhance patient safety.
    While calls for enhanced automation have increased, landmark 
research from OHSU demonstrates the lack of progress nationwide. In a 
2002 study published in the Journal of the American Medical Informatics 
Association, Joan Ash, Ph.D., and the Provider Order Entry Team 
surveyed hospitals and found that fewer than ten percent had a fully 
implemented CPOE system. Of those, only one-third achieved a high 
penetration with more than 90 percent of orders entered through a 
health care IT system.
    As a health care CIO, I believe that in the absence of a 
comprehensive health care IT infrastructure, our industry will be 
unable to achieve its goals of patient safety, clinical effectiveness, 
and operational efficiency. Health care is highly information-
dependent. Clinical decisions are made minute by minute and require 
access to patient-specific data and expert clinical knowledge. An 
objective that resonates with our role as an academic health 
institution, we need to implement systematic tools so that all of us 
know what the best of us knows.
    From my perspective within a provider organization, the health care 
IT sector is beginning to deliver comprehensive IT solutions that 
effectively meet our needs as users. Our industry traditionally has 
developed niche systems (patient financial, patient management/
scheduling, laboratory, pharmacy, etc.) that were interfaced where 
possible and practical. While much attention is being paid to sharing 
information across institutional boundaries and among community 
providers, many systems have been limited in their ability to exchange 
information within the hospital's four walls. The goal of a 
comprehensive, patient-centered, paperless electronic health record 
(EHR) remains a futuristic goal for the vast majority of health care 
providers.

1.  How does OHSU use health care-specific information technology? What 
benefits has OHSU realized so far? What future benefits are expected 
from this kind of technology?

    OHSU's health care IT infrastructure supports its patient care 
functions (ancillary testing and reporting, pharmacy, digital 
radiology, order entry); safety and quality functions (infection 
control, data warehousing, trend monitoring); and administrative and 
business functions (admitting/discharge/transfer, scheduling, patient 
billing). OHSU has been a long-standing user of health care IT dating 
back to early internal development efforts in the 1970s. In the mid 
1980s, OHSU became one of the first sites in the country to implement 
Shared Medical Systems' (SMS, now Siemens Health Services) Independence 
system, a platform we continue to rely on today. Through the Integrated 
Advanced Information Management System grant from the National Library 
of Medicine, we developed a physicians' workstation as an early attempt 
to combine disparate sources of information into one portal. In the mid 
1990s, OHSU deployed the Siemens Lifetime Clinical Record which has 
grown to be one of the vendor's largest longitudinal repositories of 
clinical data. OHSU also implemented clerical order entry and 
communication, effectively eliminating paper order transmittal from 
outpatient clinics and inpatient units.
    The Information Technology Group (ITG) maintains this extensive 
health care IT infrastructure. Roughly two-thirds of our annual $30 
million budget supports the hospital's IT services. Nearly 120 IT 
professionals are dedicated to our health care mission. These 
individuals maintain over 100 different IT applications on a multitude 
of hardware and database technologies; design, code, and manage over 80 
different interfaces that exchange critical clinical data among the 
disparate systems; install and support over 5,000 personal computers 
deployed throughout the institution; manage over 400 active health care 
IT projects; and train many hundreds of physicians, nurses, and other 
members of the health care team.
    OHSU continues to make considerable investment in health care IT 
solutions building upon the core patient administrative and clinical 
repository system. Our model remains to implement commercially 
available software solutions (``buy'' versus ``build'') and to make 
limited but necessary local modifications and customizations. Since 
Year 2000, OHSU has invested over $50 million in capital for both 
enterprise and departmental health care IT solutions. As is common with 
academic health centers, we historically have been ``best of breed'' in 
our approach to commercial software, seeking the optimal solution for 
each unique application and interfacing it to the common core. 
Supported by positive industry developments, however, OHSU is embracing 
a strategy that minimizes data interfaces and strives for integration.
    Early this decade OHSU make the strategic decision to invest in an 
electronic health record (EHR), starting with ambulatory care and then 
proceeding to inpatient care and the emergency department. This 
strategy contemplates a fundamentally different use of IT in health 
care--rather than being a passive repository of clinical and 
administrative data, the delivery of health care itself will be 
transformed using IT. Members of the interdisciplinary health care team 
will document, order, and plan treatment on line. As significant as 
OHSU's past IT investments have been, health care practice is still 
based on paper charts. A single stay in the hospital may generate 
upwards of 100 pages of documentation, orders, vitals, and other 
relevant clinical data. To eliminate filing and improve ready access to 
information after the fact, OHSU implemented a document imaging 
solution to scan every piece of paper after discharge, but active 
inpatient care still relies on paper.
    OHSU selected Epic Systems to provide our ambulatory EHR and have 
now deployed this advanced clinical IT solution in seven outpatient 
practices. Before the $22 million investment was approved, an extensive 
return on investment calculation was performed. The project showed a 
positive net present value considering only hard benefits. These 
benefits included transcription savings, staff savings (reduced charge 
entry, medical records, and support staff), supplies and storage 
savings. So far, the results have validated--and in some cases, 
exceeded--the anticipated benefits. For instance, Family Medicine 
showed a reduction in transcription lines per month from a pre-live 
high of 94,093 to post-live of 1,743.
    Quality outcomes are difficult to quantify as hard financial 
savings, but present the real strategic benefits of EHR. As OHSU moves 
to implement an enterprise EHR across inpatient, outpatient and ED, we 
anticipate significant benefits to patient care. We will provide 
direct, secure, on-line access to records by patients. Clinical 
decision making will be supported by best practice guidelines. Decision 
support rules will provide timely, data-driven input to physicians when 
ordering tests and treatment.
    A personal story (note: no HIPAA implications) may illustrate the 
real benefits to patient care of this IT investment. Not only am I 
OHSU's CIO, I am also a patient. Since 2000, one focus of our 
investment has been diagnostic imaging services, with advanced 
technologies such as an entirely digital enterprise repository (Picture 
Archiving and Communication System), voice recognition, digital 
radiography, and secure external communication. Each was a major IT and 
clinical re-engineering project. Overall, they have taken multiple 
years and countless hours of work. After all this effort, the results 
for patient care are clear. When I was recently referred for an X-ray 
exam, my physician was able to review and share with me the completed 
results just 11 minutes after the study (all digital capture and read, 
voice recognition transcription, and secure e-mail transmission of 
final results). Eighteen months prior, this normal exam would have 
taken at least 48 hours to be completed.
    While OHSU's investments have been successful and the benefits 
real, we have yet to achieve what should be possible with a 
comprehensive EHR at OHSU. As early as 1970, Morris Collen, M.D., 
published a seminal paper on the characteristics of a medical 
information system. A third of a century later, our industry has yet to 
witness widespread adoption of IT.

2.  What incentives and barriers exist to the broader adoption of 
information technology in the health care industry, and are these 
financial, technical, or of some other nature? What has been OHSU's 
experience with these incentives and barriers?

    From my perspective from helping craft our strategic vision for 
health care IT, the most significant incentive to a broad adoption of 
IT is the strongly held belief that IT is essential for the practice of 
medicine in the 21st century. As this institution planned to build 
health care facilities for the future, there was near unanimous 
approval for significant investment in an EHR solution. A compelling 
question was posed as we began to design the space: Should we really 
carve out clinical space in 2006 for a large paper file room in each 
practice setting? The EHR also was seen as vital to patient-centered 
care. Our tech-savvy customers in the Pacific Northwest are starting to 
expect the ability to e-mail their physicians, schedule an appointment, 
review their child's immunization record, and pay their bill on line. 
This was an important incentive for OHSU's strategic decision to direct 
scarce capital dollars into IT.
    While not an incentive per se, another source of support for 
widespread health care IT adoption comes from our role as an academic 
health center. Today's medical, nursing, and dental students were born 
after the invention of the personal computer and have grown up in the 
high-speed information age. In fact, to our X-box-generation residents, 
our systems sometimes feel as antiquated as Atari PONG. A tech-savvy 
workforce makes IT-enabled clinical practice an expectation.
    To date, there have been few financial incentives to adopt EHRs 
within an institution or share data through Regional Health Information 
Organizations (RHIOs). While health care IT may enhance clinical 
quality and effectiveness, cost containment continues to be a driving 
factor in health care. Pay for performance, Federal Government funding, 
and other programs have been debated, but nothing to date has 
translated into an economic support for this IT investment.
    As studies have shown, only pioneering institutions have 
implemented comprehensive health care IT solutions--and some have 
resulted in significant failure. An article in the LA Times in 2003 
reported the suspension of the multi-million-dollar computerized system 
for doctors at Cedars-Sinai Medical Center after significant physician 
complaints. A number of practitioner articles and scholarly studies 
have attempted to address barriers to successful implementation of EHR 
and health care IT solutions. I would propose that the major barriers 
include the expectations gap, technology barriers, and resource 
barriers--though the latter two may not be the traditional definition 
of these type of barriers.
    In my opinion, a serious issue facing health care CIOs is an 
expectations and perception gap between the IT department and IT users 
and their senior leadership. Hospital leaders often believe IT should 
cost less and deliver more. It simply ought to be much easier; it is 
not. Complicating this gap is the extent of IT project failure or cost 
overruns. Any IT project has inherent risks and challenges; enterprise 
health care IT projects are extremely complex with competing 
requirements, multiple users, different data types, and complicated 
work flows and information needs. Looking broadly at all IT projects in 
the public and private sector, the Standish Group reported that only 16 
percent of IT projects completed on time, budget, and scope. They 
estimated that U.S. companies and government agencies would spend $81 
billion on canceled software projects in 1995 alone. Health care 
organizations may not recognize their extent of investment (time, 
resources, and capital) required or may not trust their IT department 
to deliver successfully.
    OHSU is addressing this barrier in our ambulatory EHR deployment, 
though it is an on-going effort requiring continual dialogue. We have 
faced budget challenges--underestimating the complexity of system-to-
system interfaces and the resources required to support such dramatic 
clinical practice transformation. We have built trust and mutual 
understanding, but this takes attention to sustain the relationship.
    Another major barrier relates to technology. It is evident in the 
focus on inter-operability standards and data exchange. I argue however 
that this focus addresses the symptom and not the underlying condition. 
From the perspective of a provider organization CIO, our industry 
suffers from too many ``choices'' rather than too few. Hospitals and 
physician groups face a staggering array of options for health care IT. 
IT units are often confronted with the Herculean task of trying to tie 
together these islands of information. At the Health Information and 
Management Systems Society (HIMSS) exposition in San Diego last week, 
there were over 800 different vendors showing IT software. You could 
purchase individual systems tailor-made to support diabetes care, 
cardiology care, intensive care, and home care. But what about the 
patient admitted with chest pain and complications from diabetes who 
requires an ICU stay and follow-up back at home? Should her record 
really be in four different systems (at best)? Can I guarantee that 
relevant clinical data from each is readily available to all?
    With the paper record as the common denominator to all, this 
situation was not uncommon or particularly troublesome. Each system 
printed final documents and these were all filed in the integrated 
paper chart. (Relevant documents from outside providers were handled in 
the same manner.) Yet as we embrace the EHR, we are faced with the 
option of implementing a comprehensive, integrated platform or managing 
and interfacing multiple disparate solutions. Both paths have their 
challenges. As I stated earlier, OHSU is now starting to support the 
concept of global optimization, though sometimes sacrificing local 
customization. Changing our health care IT paradigm, however, is 
difficult--clinical users can make strong cases for their targeted, 
niche solution. Fortunately, the vendor marketplace is now producing 
products where integration does not require significant trade-offs in 
functionality.
    Resources present another significant barrier to adoption and 
diffusion of health care IT. On the surface, one barrier is simply the 
cost of the software and hardware itself. Health care organizations 
face the challenge of diverting funds from facilities and clinical 
technology to invest in IT--often with a significant leap of faith. 
This investment is indeed significant. For OHSU, it was over $7 
million.
    The more significant resource barrier in my opinion is human 
resources: the clinician time to help design, develop, and implement a 
successful tool and the IT professionals to build and maintain the 
technology. Many studies of health care IT successes and failures have 
pointed to the need to engage clinicians in all aspects and phases of 
the project. EHR represents a significant modification to the work of 
all clinicians; they must be actively engaged to adopt the new tools. 
At OHSU, physicians must participate in 14 hours of classroom training 
just for the ambulatory EHR. We have found that this participation 
alone is not adequate. It requires a rethinking of the outpatient 
clinic encounter, their interaction with data, and their workflow. Each 
clinical specialty also requires up front design and build effort as 
well. Extensive work also will be required for our inpatient 
implementation, especially around nursing care.
    With constant pressures to cut costs, there is little spare time 
for physicians, nurses, pharmacists, and other members of the health 
care team to engage in designing and implementing health care IT 
solutions. This may be a major hidden cost of implementation. As OHSU 
deploys our EHR to more ambulatory practices, we continue to find this 
barrier to success.
    The other human resource barrier is finding IT professionals to 
assist with implementation. With more organizations planning for major 
EHR implementations, I have personally witnessed a growing shortage of 
qualified health care IT professionals to fill vacancies and hit the 
ground running. Hospitals turn to vendors and consulting firms to help, 
though they appear to face the same problems with recruitment and 
retention. OHSU's role as an academic health center may help--our 
department of medical informatics and clinical epidemiology can build 
the staff pipeline and I hope to develop with them some innovative 
programs to train individuals for advanced health care IT roles. 
However, I see a very significant problem looming as the industry at 
large embraces IT solutions.
    Finally, I would like to make a comment about the barrier to RHIOs 
and sharing data across organizational boundaries. There are a host of 
technical, financial, legal, and regulatory barriers. Who benefits and 
who will pay? Is funding a duplicate, though clinically necessary, CT 
scan a disincentive to sharing clinical data? How do we ensure patient 
security under HIPAA's generally defined guidelines? How do I know that 
this ``John Kenagy'' is the same as that ``John Kenagy''? With the 
right attention, priority, investment, and perseverance, these barriers 
can be overcome.
    The more critical barrier today is that I cannot exchange what I do 
not have electronically in the first place. While the Portland market 
(and the Pacific Northwest in general) represents some of the most 
advanced IT systems in the U.S., we each have major EHR projects 
underway that will last through the end of the decade and serve as the 
core foundation piece for extensive data interchange. We need to 
proceed with our internal IT implementations in order to have the data 
to share. Nonetheless, the health care CIO community here is engaged in 
active dialogue to take demonstrable steps forward.

3.  To what extent have the Department of Health and Human Services and 
the National Institute of Standards and Technology reached out to 
institutions like yours in an effort to develop a national strategy on 
Health IT?

    OHSU has contributed significantly to the body of knowledge in 
health care informatics research and our Provider Order Entry Team 
(www.cpoe.org) has been awarded a number of grants for evaluating, 
interpreting, and disseminating evidence of computerized provider order 
entry success.
    Apart from these research programs, OHSU's ``production IT unit'' 
with responsibility for implementing and maintaining our health care IT 
infrastructure has had little direct input into HHS or NIST efforts. 
Through a partnership with the Oregon Chapter of HIMSS, OHSU has been 
involved with several local efforts to understand and contribute to 
efforts such as the Certification Commission for Healthcare Information 
Technology (CCHIT) and other initiatives. However, these have mainly 
focused on education and awareness.
    As a CIO who relies on the commercial marketplace for health care 
IT solutions, I believe that HHS and NIST needs to focus attention on 
the vendor community for standards adoption. As an institution, OHSU 
will not adopt the standards per se, but will look toward our product 
suppliers to be compliant and take advantage of the functions. 
Nonetheless, I recognize my power as a consumer--vendors are more 
likely to adopt standards if they feel it is an important requirement 
that makes a difference in product sales.
    From my perspective at a major tertiary referral site, I am most 
keenly interested in basic data exchange between disparate information 
systems, especially as more hospitals and physician groups adopt EHRs. 
OHSU needs to receive relevant clinical data that led to a referral to 
our site and we need subsequently to transmit the results and follow-up 
plan of care to the referring physician. Exchange standards should be 
set to a lowest common denominator--even using Adobe portable document 
format and a manual process to match patients to enable information 
exchange now. My concern is that our industry will attempt to design 
the ``perfect'' IT solution that either cannot be implemented or 
assumes too much technology overhead (e.g., a regional or national 
patient index).
    Developing standards for inter-operability of health care data is 
an unbelievably complex undertaking and is fundamentally driven by 
expectations and requirements. For instance, does inter-operability 
mean that I can begin my nursing documentation in a stand-alone ED 
system, continue it in an OR system, and add to it in an inpatient EHR? 
Is the allergy I document in one system replicated to everything else? 
Is that the desired level of inter-operability? In implementing OHSU's 
ambulatory EHR, I face this problem today. Interfacing systems for 
simple demographic information (e.g., keeping patient address in synch) 
has been challenging and a resource drain. We were unable to address 
data exchange for patient allergies and stepped back to paper 
documentation on the inpatient side. With this experience, I have 
strongly encouraged OHSU to move toward a single integrated system. 
Even between sites with the same core vendor (Kaiser Northwest, OCHIN, 
and OHSU all have Epic) we cannot exchange data electronically. I am 
challenged to think that complete inter-operability is possible, even 
if desirable.
    It would be worthwhile for provider institutions like OHSU to play 
a more active role in establishing requirements and priorities, sharing 
our perspectives from the front line of dealing with multiple systems. 
I suggest that our involvement with HHS and NIST is not due to their 
lack of interest or mechanisms for input, but our time constraints and 
challenges at the local level. Standards seem so far off and I have end 
users needing attention now. Piqued by this question, however, I 
encourage HHS and NIST to make a greater concerted effort to seek 
provider CIO input. I will do my part to share my perspective as well.

4.  What specific measures can the Federal or State governments take to 
help the broader adoption of health information technology?

    The Federal and State governments play many roles in the health 
care sector. I suggest several important steps to enhance incentives to 
adopt health care IT.

          Continue and expand research funding in health care 
        informatics. As EHRs and CPOE become more prevalent, these 
        offer unparalleled opportunities to study the antecedents of 
        and barriers to success.

          Expand support for training programs to develop 
        clinical and IT professionals in the field of health care 
        informatics. If the 90 percent of U.S. hospitals that do not 
        have CPOE start to implement these systems, I fear we do not 
        have the human resources to meet the need.

          Address the economic disincentives to invest in 
        health care IT. The constant pressure to cut health care costs 
        by reducing payments to hospital and doctors stands in direct 
        opposition to requiring these entities to invest millions of 
        dollars of capital and, more importantly, scarce clinical time 
        in designing, testing, implementation, and using advanced IT 
        systems.

          Work in partnership with the vendor community to 
        address exchange of data among disparate EHRs and with emerging 
        standards of personal health records (PHRs). I personally do 
        not think strong government regulation of this industry is 
        needed (e.g., FDA regulation of EHRs), but believe the market 
        cannot and ultimately will not sustain the number that 
        currently exist.

    Thank you for the opportunity to share my perspectives as a 
provider-institution CIO. With 20 years experience in health care IT, I 
am very encouraged by recent developments. There is increasing 
attention and awareness of the important role IT must play in health 
care quality, safety, effectiveness, and efficiency. At the same time, 
the marketplace is maturing and products are emerging that can deliver 
comprehensive, patient-centered electronic health records. Barriers and 
challenges remain, but the ultimate goals compel us to strive ahead.

                     Biography for John Jay Kenagy

    John Jay Kenagy, MHA, FHIMSS, is Chief Information Officer at 
Oregon Health & Science University (OHSU), in Portland, Oregon, serving 
in this role since July 2001. His responsibilities include developing 
the information technology strategy and directing the IT department for 
the health care, academic, research, and community service missions of 
the university. From 1999 to 2001, John served as Associate CIO for 
OHSU. The Information Technology Group has an annual operating budget 
of $30 million and a capital budget of $10 million. The department of 
325 staff maintains a complex information technology and 
telecommunications environment.
    As an academic health system CIO, John has served on a number of 
national and regional IT bodies. He serves as the Chair of the 
University HealthSystem Consortium Chief Information Officer Council 
(2005-2006). He was elected as president of the Oregon Chapter of the 
Healthcare Information and Management Systems Society (2003-2004). He 
has served on the board of Siemens Customer Health Information 
Executive Forum.
    In 2003, John was appointed to Fellow status in the Healthcare 
Information and Management Systems Society. He is also a Certified 
Professional in Healthcare Information and Management systems.
    John is pursuing a Doctor of Philosophy degree from Capella 
University's School of Business. His doctoral research is focused on 
health care information technology implementation success. John earned 
his Bachelor of Science degree in electrical engineering at Stanford 
University. He was awarded a Master's degree in Healthcare 
Administration at University of Southern California and received the 
Alexander Cloner Outstanding Student Award at graduation.
    In addition to the IT operational responsibilities, John has 
enriched his experience and knowledge through teaching and mentoring. 
He has an appointment as Assistant Professor in the Department of 
Medical Informatics and Clinical Epidemiology in the OHSU School of 
Medicine. John has taught at the University of Oregon and University of 
Southern California.
    Prior to joining OHSU, John worked for thirteen years at the 
Department of Veterans Affairs, most recently as Chief Information 
Officer for the VA Desert Pacific Healthcare Network in Long Beach, 
California. John directed major IT projects and strategy for this 
extensive network of health care facilities and served on several 
national IT committees.
    Notable awards include a U.S. Department of Veterans Affairs 
Commendation and American Legion Medal of Valor for deeds following the 
1994 Northridge Earthquake and the 1999 Emerging Leader Award by the 
USC Health Services Administration Alumni Association.

    Mr. Wu. Thank you.
    Mr. Reichert. Thank you. Now we're going to just pause for 
a minute while we play musical chairs. The Chair recognizes Dr. 
Chin.

  STATEMENT OF DR. HOMER L. CHIN, MEDICAL DIRECTOR, CLINICAL 
    INFORMATION SYSTEMS, KAISER PERMANENTE; NORTHWEST CHIEF 
   INFORMATION OFFICER, OREGON HEALTH AND SCIENCE UNIVERSITY

    Dr. Chin. Good afternoon, Mr. Chairman and Congressman Wu, 
ladies and gentlemen.
    My name is Homer Chin. I'm the Medical Director for 
Clinical Information Systems for the Kaiser Permanente 
northwest region.
    Kaiser Permanente serves over eight million members in 
eight separate regions. My comments today about our experience 
relate specifically to the northwest region.
    In 1998, Kaiser Permanente Northwest completed the 
implementation of a comprehensive electronic medical record 
that allows physicians to document, prescribe, order, refer, 
and to message other health care providers. We no longer 
create, move, or file paper medical records. We also provide 
patients direct, secure Internet access to parts of their 
medical record and the ability for them to directly message 
their physicians.
    Along with the usual benefits of IT systems that were 
mentioned by Diane earlier, our system embeds clinical decision 
support to help guide physicians as they deliver care, provides 
a comprehensive database that allows us to monitor and to 
provide care across the population, and allows for modalities 
of care such as self-service appointing and additional ways for 
patients to access care and communicate with their physicians.
    What distinguishes Kaiser Permanente from other health care 
organizations is, number one, our integrated comprehensive 
health care system where all services for our members, both 
inpatient and outpatient, are delivered under one umbrella; 
and, number two, prepaid capitated health insurance. These two 
aspects of Kaiser Permanente provide both a structure and 
incentive for us to fully leverage information technology in 
the delivery of health care services.
    In my view, there are two significant barriers to the 
adoption of IT in health care. The main barrier is the lack of 
incentives to be efficient and effective at producing the 
product, health. Organizations may be efficient at producing 
office visits, radiology tests, laboratory tests, procedures 
and prescription, but they're not incented to produce health 
and they're certainly not incented to work with other 
organizations that they compete with, to reduce the overall 
cost of health care.
    A second barrier is the information intensive and complex, 
subjective and changing nature of health care itself. Unlike 
other industries that are relatively more static, medical 
knowledge, practice, regulation, and technology are constantly 
changing, making it necessary to build complex yet flexible and 
modifiable systems to meet the different and constantly 
changing environments. As a consequence, there are few well-
charted paths to implementing health care IT, at least in the 
clinical arena. Unlike installing a refrigerator, where you buy 
it, you bring it home, plug it in and derive refrigeration, 
implementing health care IT is still more of an art than a 
science.
    Although health care IT holds great promise, we must 
remember that the systems are not ends in and of themselves.
    A good implementation will improve things; but a bad 
implementation may fail, may yield few benefits, or make things 
worse. We must remember that health care IT is just the 
enabling means and not an end in and of itself.
    Finally, what can the federal and state governments do? 
Number one, and I would say most importantly, they should--they 
should provide incentives for health care organizations to 
implement IT and to share that information between 
institutions. And, number two, they should require standards or 
at least facilitate the means to allow the identification of 
individuals between health care entities; that will allow you 
to aggregate information between individuals, across 
organizations. Any further standards should be evaluated in 
terms of the benefits and costs of developing and imposing that 
particular standard. At a minimum, standards that require each 
piece of information to be indexed by date and the type of 
information, will allow at least the merging of information 
between separate entities into a single view.
    Thank you for allowing me to testify today. I'd be happy to 
answer any questions.
    Mr. Reichert. Thank you, Doctor.
    [The prepared statement of Dr. Chin follows:]

                  Prepared Statement of Homer L. Chin

Introduction:

    Good afternoon, Mr. Chairman and Members of the Subcommittee. My 
name is Homer Chin. I am the Medical Director for Clinical Information 
Systems for the Kaiser Permanente Northwest Region, which is one of 
eight Kaiser Permanente Regions that together make up the Kaiser 
Permanente Program.
    Kaiser Permanente is the Nation's largest nonprofit health plan. 
Over 140,000 employees and 11,000 physicians serve 8.4 million members 
in over 30 hospitals and 430 medical office buildings.
    Kaiser Permanente is actually made up of two separate but closely 
aligned entities: Kaiser Foundation Health Plan and Hospitals, which is 
responsible for administering the prepaid insurance and for running 
much of day-to-day operations, and The Permanente Medical Groups, who 
are responsible for the delivery of professional medical services.
    What distinguishes Kaiser Permanente from most other health care 
organizations is:

        1.  Integrated comprehensive health care where primary care, 
        specialty care, inpatient outpatient and ancillary services are 
        delivered under one umbrella, and

        2.  Prepaid health insurance--which encourages us to keep our 
        members healthy, prevent disease, and improve the effectiveness 
        and efficiency of our care delivery system.

    These two aspects of Kaiser Permanente--comprehensive integrated 
care and prepaid health insurance--provide both the structure and 
incentive for us to fully leverage information technology in our 
delivery of health care services.

Kaiser Permanente Northwest and Health Care Information Technology:

    Although some of my comments today are about the Kaiser Permanente 
Program as a whole, many of the more specific examples and comments 
relate specifically to our experience here in the Kaiser Permanente 
Northwest Region.
    In 1994, KPNW embarked on the implementation of a single integrated 
EMR for all members of this region. This system is not only an 
electronic version of the outpatient medical record, it also automates 
all information transmission processes in the outpatient setting. 
Physicians use this system to document, prescribe, order, refer, and to 
message other health care providers. By 1998, we had completed our 
implementation of an entirely electronic medical record throughout our 
region, and from that point forward we no longer created a paper 
medical record for members that joined our program. In 1999, we created 
an Internet portal for members to provide them with a wealth of health 
information along with the ability to request appointments and refill 
their medications on-line. In 2002, we provided patients direct access, 
through a secure Internet connection, to parts of their medical record 
along with the ability for them to directly electronically message 
their physicians. That system, KP HealthConnect Online, is now being 
used by over 100,000 members in this region--roughly 20 percent of our 
membership.
    Over the years we have studied and published results of the many 
benefits of having an integrated electronic medical record. Benefits 
can be general classified into:

        1.  Integrated and Comprehensive Lifetime Clinical Record. All 
        medical information from all sources is accessible 
        electronically in an integrated system.

        2.  Multiple users in multiple locations can simultaneously 
        access the chart.

        3.  Time and location independent interaction between 
        providers, and between providers and patients.

        4.  Embedding of best practices and guidelines into the 
        processes of care.

        5.  Embedding alerts and reminders into the care process.

        6.  Identifying patients for specific interventions, such as 
        identifying all patients that were given Phen-Fen weight loss 
        treatment, and requesting that they come in for a screening 
        cardiac ultrasound.

        7.  Ability to carry out systematic population care strategies, 
        such as notifying all patients who are overdue for screening 
        mammography, or identifying all patients with diabetes that 
        need more aggressive treatment of their cholesterol.

        8.  Improved new modalities of care, such as self-service 
        appointing and electronic methods of communication.

        9.  Databases that can effectively monitor and improve overall 
        organizational performance.

    In 2003, The Kaiser Permanente Program embarked on the 
implementation of an integrated health care information system called 
KP HealthConnect, at an estimated cost of over $3 Billion over ten 
years. This system is envisioned to be a comprehensive integrated 
system covering practice and hospital management, inpatient and 
outpatient electronic medical records, data warehousing, health plan 
administration, and patient self-service and communication systems. All 
eight Kaiser Permanente Regions have already implemented significant 
portions of this system.

Incentives and Barriers to the Adoption of Information Technology in 
                    Health Care:

    There are three significant barriers to the adoption of IT in 
Health Care.
    One of the main barriers to the adoption of information technology 
in health care is the lack of incentives for organizations to be 
efficient and effective at producing the product ``health.'' 
Organizations may be effective at producing office visits, radiology 
tests, operations, prescriptions, but they are not incented to produce 
``health,'' and are certainly not incented to work with other 
organizations that they compete with to reduce the overall cost of 
health care.
    A second significant barrier to IT adoption is the relative 
immaturity of the field of health care IT. There are few well trodden 
paths that organizations can follow to get from here to there in the 
implementation of electronic medical record systems.
    A third significant barrier is the inherent complex, subjective, 
and changing nature of health care. Unlike other industries that are 
relatively more static or certain, medical knowledge, practice, 
regulation, and technology are constantly changing. The implementation 
of an Electronic Medical Records is not like installing a refrigerator, 
where you buy it, plug it in, and derive the benefits. The 
implementation of an EMR is currently still more of an art than a 
science. A good implementation will improve the efficiency of a 
functional process, but a bad implementation may fail, have unintended 
negative consequences, or worsen existing processes. Because medicine 
is inherently uncertain, changing, and not well defined, a good 
implementation of IT in health care requires a certain skill-set and 
the right conditions. Although there are many instances of health care 
IT systems that have been successfully implemented with significant 
benefit, there are also many instances of implementations that failed 
or resulted in little or no benefit.

Reasons for Successful Health Care IT Implementation at Kaiser 
                    Permanente Northwest:

    KPNW was successful because it had:

        1.  Aligned incentives to maximize effectiveness and efficiency 
        in maintaining health.

        2.  One unique patient identifier (the insurance number is also 
        the health record number), allowing for the easy aggregation of 
        information across systems.

        3.  Minimal issues with terminology or data standards. In most 
        cases, KPNW had a single instance of most systems--for example, 
        a single Pharmacy System, Radiology System, Lab System, etc. 
        The terminology that the particular single system used became 
        the defacto standard for the enterprise. There was no need to 
        impose a terminology or data standard or translate data between 
        the various systems.

        4.  An integrated implementation team partnering physicians, 
        project management staff, and IT professionals.

Implications for other health care systems:

    There must be incentives for health care organizations to share 
information. KPNW has contracts with several non-KP hospitals in the 
community where we hospitalize our patients. All transcribed 
information on our patients in those facilities is electronically sent 
to us and integrated with other information in our Electronic Medical 
Record. The incentive for organizations to send us this information is 
clear--it is a requirement for us to do business with them.
    A minimum requirement to support the interchange of health care 
information between entities is to be able to identify specific 
individuals between health care entities. This implies either a unique 
patient identifier, or demographic standards that will allow the 
identification of the same individual between health care entities with 
reasonable certainty.
    The optimal level of information standardization, beyond that 
minimum requirement of patient identification, is unclear. At one end 
of the spectrum, scanned images of the paper record could be 
electronically transferred from one health care entity to another. That 
would require minimal changes in each system but would not allow for 
any significant integration of data between the two entities. At the 
other end of the spectrum, a very rigid and detailed standard at a very 
atomic level could be defined that would allow for complete integration 
of information between entities, but would require significant work in 
each organization, and would require significant on-going maintenance 
and organizational adaptation.
    Such a rigid detailed atomic standard for all data in medical care 
is unlikely to be successful because of the changing nature and 
variation in the practice of medicine between locations and over time, 
and the enormous cost involved in migrating existing systems and 
terminologies into a rigid standard and the cost required to adapt to 
ongoing changes. Because of the inherent uncertainty and subjective 
``fuzzy'' judgment involved in health care, requiring adherence to a 
rigid detailed standard in all areas may also introduce more problems 
than it will solve.
    On the other hand, imposition of higher level standards will 
greatly increase the ability to integrate information between health 
care entities at a relatively low cost. For instance, the requirement 
to date stamp and label pieces of information into broad categories 
such as: Lab Result, Radiology Report, Progress Note, Medication, etc., 
would allow the merging of the information between institutions into 
separate electronic ``tabs'' and display that information in 
chronologic order.
    Within each area of medical data, there are varying levels of cost 
and benefit to the various levels of standardization, so the optimum 
level of standardization will vary depending on the specific area and 
situation.

Summary:

    In summary, the key to improving information sharing between 
entities is to provide incentives for organizations to share that 
information.
    At a minimum, a mechanism to identify specific individuals between 
entities is needed. Beyond that, minimal further standard specification 
will allow the merging of clinical information between entities in a 
useful way at minimal cost.
    Thank you for allowing me to testify today. I would be happy to 
answer any questions.

Limited Bibliography

Chin HL. The Reality of EMR Implementation: Lessons from the Field. The 
        Permanente Journal Fall 2004; 8(4):43-48.

Chin HL, Dworkin L, Krall MA, et al. The Comprehensive Computer-Based 
        Patient Record (CPR). The Permanente Journal Summer 1999; 
        3(2):13-24.

Chin HL; Wallace P. Embedding guidelines into direct physician order 
        entry: simple methods, powerful results. Proc AMIA Symp 
        1999;:221-5.

Chin HL; Krall MA. Successful implementation of a comprehensive 
        computer-based patient record system in Kaiser Permanente 
        Northwest: strategy and experience. Eff Clin Pract 1998 Oct-
        Nov;1(2):51-60.

Chin HL, Brannon M, Dworkin L, et al.: The comprehensive computer-based 
        patient record in Kaiser Permanente Northwest. In, 4th Annual 
        Nicholas E. Davies Award, CPR Recognition Symposium Proceedings 
        (Edited by: Overhage JM). McGraw Hill 1998, 69-129.

Marshall PD, Chin HL. The effects of an Electronic Medical Record on 
        patient care: clinician attitudes in a large HMO. Proc AMIA 
        Symp 1998:150-4.

Chin HL, Krall MA, Lester S. Adapting clinical coding systems for the 
        computer-based patient record. Proc AMIA Annual Fall Symposium 
        1997:849.

Chin HL, McClure P. Evaluating a comprehensive outpatient clinical 
        information system: A case study and model for system 
        evaluation. Proc Annual Symp Comput Appl Med Care 1995:717-21.

    Mr. Reichert. The Chair recognizes Mr. Machuca.

   STATEMENT OF MR. LUIS MACHUCA, PRESIDENT AND CEO, KRYPTIQ 
                 CORPORATION, HILLSBORO, OREGON

    Mr. Machuca. Mr. Chairman, Mr. Ranking Member, and 
colleagues, good morning--or afternoon, I guess. I'm honored to 
offer my thoughts on health care IT adoption. I'm particularly 
grateful to you and your committee staff for taking on this 
very important topic.
    My testimony will illustrate three major points: That the 
lack of data mobility in health care is at the heart of the 
cost and quality issues there; that the standards-based 
clinical messaging represents the best opportunity to modernize 
the system; and that the technologies to accomplish this are 
neither complex nor expensive.
    Locally, we have recently witnessed a media frenzy 
regarding the theft of medical records, but where are the 
voices of outrage regarding the errors that occur due to the 
lack of timely patient information? Preventable medical errors 
are a greater risk to patient health than car accidents, breast 
cancer, or AIDS. The average Medicare patient sees more than 
six physicians per year, and their care is not coordinated. And 
chronic conditions now account for a majority of health care 
expenditures, yet 70 percent of patients who have hypertension, 
diabetes, or severe asthma are not in treatment compliance. We 
get e-mails from our car dealer about our car needing an oil 
change, but where are the e-mails from our doctors saying we're 
overdue for a blood pressure check? The price we pay for not 
having data mobility is unsafe care, high cost, and 
productivity loss.
    And we created Kryptiq to solve that problem.
    In just three years, our customer base has grown to over 
700 organizations in 48 states. More significantly, the number 
of secured clinical messaging customers grew by more than 200 
percent last year alone. Every one of those clinics that 
purchased connectivity software did so with a specific intent 
to collaborate with other clinics, and did so in some cases to 
collaborate in sharing information also with their patients. 
And we also know from the CITL, the Center for Information 
Technology Leadership, study that two thirds--that at least two 
thirds of the potential savings from IT adoption can only be 
realized through collaboration, as opposed to internal office 
automation.
    Much attention has been given to the President's goal to 
enable EHR adoption; however, EHR adoption alone does not 
result in collaboration. In fact, experience suggests that most 
EHR implementations create islands of automation no more 
capable of sharing information than the paper records they 
replaced. We really need to look at how we move the data, not 
just how we store it.
    As highlighted by Forrester Research, efforts spearheaded 
by ONC to create RHIOs for information sharing have largely 
stalled, and largely stalled on issues regarding governments, 
infrastructures, standards, and sustainability. We believe 
there's a smarter approach. The concept of an organic and 
incremental RHIO, which is defined as the exchange of data 
between providers, using e-mail and the Internet, enables 
immediate data mobility in a self- sustaining model. Forrester 
has coined this concept ``managed clinical messaging.'' This 
approach includes any clinic that has e-mail access, not just 
those that have EHR; and collaboration begins on day one, not 
in a multi-year program.
    Personally, I know this model will succeed. I spent 15 
years in Intel at the critical time of PC adoption, and I can 
tell you that the transition from early adoption to widespread 
business use really happened because of e-mail. More 
importantly, I know that the organic approach works because I 
see our customers doing it every day.
    Oregon has been the home to many health care IT 
breakthroughs. Continuing this tradition, Providence and the 
Oregon Clinic recently transitioned to electronic referrals, 
saving a combined $10 per referral. And further, a 
comprehensive study at Providence revealed a 58 percent 
improvement in diabetes clinical outcomes through increased 
patient interventions, with no additional staffing costs.
    There are dozen examples--dozens of examples of Kryptiq 
customers like these across the country, realizing the gains of 
the organic approach. Some are informal RHIOs and some are just 
RHIOs without telling anybody about it. Examples such as these 
illustrate that the market is creating the standards for 
baseline inter-operability; the next step is a common 
interchange standard for patient medical records, such as CCR 
or CDA, clinical data architecture. This standard should be 
accessible by both health care providers and patients, and 
should also work in both an EHR and in a non-EHR environment. 
This should help mediate between these approaches.
    We want to continue to build the success that will drive 
collaboration. To this end, we recommend the government's 
funding for health care IT address the following among more 
recommendations that we have in our full testimony.
    Number one, prioritize organic RHIO expansion while 
limiting any additional spending on centralized or federated 
models.
    Number two, the government is in the business of public 
health, and as such it should fund the implementation of 
electronic collaboration technologies in the public health 
settings.
    Number three, mediate a standard--a standard for patient 
medical records as above.
    And number four, combine any changes in Stark laws with 
collaboration mandates that ensure the technology recipients be 
in an open network.
    We have shown that the benefits of electronic collaboration 
are real. We are on the eve of a major breakthrough of 
technology adoption to make health care industry safer, most 
cost-effective, and more competitive.
    Thank you very much.
    Mr. Reichert. And thank you.
    [The prepared statement of Mr. Machuca follows:]

                   Prepared Statement of Luis Machuca

    My name is Luis Machuca and I am the CEO of Kryptiq Corporation 
based in Hillsboro, Oregon. I am honored to offer my thoughts and 
perspectives on the opportunities and barriers for health information 
technology adoption. This testimony will illustrate that secure 
clinical messaging represents the single biggest opportunity to quickly 
and cost effectively modernize our health care system.
    As residents in the Portland metropolitan area we have just 
witnessed the media frenzy regarding the theft of medical records. We 
have heard the raised voices of outrage that personal data may have 
been exposed due to this incident. An Oregonian editorial indicted the 
health system for its failure to manage health data appropriately.
    But where are these voices of outrage regarding the errors in 
clinical judgment and decision-making that occur in every health system 
in every city, in every state, every day of the year, due to the lack 
of clinical information being available at the right time. Why is this 
not the target of our outrage and concern as a society?
    To cite the Institute of Medicine (IOM) Report published in 2000 
``To Err is Human,'' our U.S. health system, which is capable of the 
most miraculous acts of life-saving, is frequently the source of 
patient harm. Between 44,000 and 98,000 patients die in hospitals each 
year from preventable medical error. Preventable, but unprevented, 
medical errors are a greater risk to patient health than motor vehicle 
accidents, breast cancer, or AIDS. In terms of lives lost, patient 
safety is as important an issue as worker safety. Every year, over 
6,000 Americans die from workplace injuries. Yet this number is 
exceeded by the 7,000 Americans who die annually from errors in 
medication prescription or administration.
    In addition, our health care system is overwhelmingly expensive. 
Health care in the U.S. is estimated to cost up to $2 trillion per 
year, consuming 13 percent of the GDP. Centers for Medicare and 
Medicaid Services (CMS) estimates predict this will rise to $3 trillion 
and close to 20 percent of GDP within the next 10 years, or an average 
of $10,000 per American resident. Employers will not be able to afford 
health benefits approaching $40,000 per year for a family of four, 
while remaining competitive in a global economy--nor can they continue 
to afford the staggering (yet unmeasured) productivity loss from 
subjecting workers to an inefficient health care system.
    The decentralized and fragmented nature of the health care delivery 
system contributes to unsafe conditions for patients, and serves as an 
impediment to efforts to improve safety. Even within hospitals and 
large medical groups, there are rigidly-defined areas of specialization 
and influence. The average Medicare patient sees more than six 
physicians in the course of a single year, but their care is frequently 
``silo-ed,'' and lacks coordination and communication. At the same 
time, the loose affiliation of most provider groups makes it difficult 
to implement improved clinical information systems capable of providing 
timely access to complete patient information across all providers. 
Unsafe care, high cost and productivity loss is the price we pay for 
not having data mobility in our health care system.
    The IOM followed their 2000 report with a 2001 report that boldly 
stated that between the health care we have and the care we could have 
lies not just a gap, but a chasm.
    A highly fragmented delivery system that largely lacks even 
rudimentary clinical data mobility results in poorly designed care 
processes characterized by unnecessary duplication of services and 
delays. There is substantial evidence documenting overuse of many 
services--services for which the risk of harm may outweigh the 
potential benefits.
    Meanwhile we are stuck in a health system that pays for quantity 
not quality and is centered on a 400 year model of treating patients 
when they are acutely sick, rather than ensuring the services needed to 
maintain their health. For the last four decades, the needs of the 
American public have been shifting from predominantly acute, episodic 
care to care for chronic conditions. Chronic conditions are now the 
leading cause of illness, disability, and death; they affect almost 
half of the U.S. population and account for the majority of health 
care. Yet these conditions are seriously under managed when it comes to 
ensuring Americans get the most appropriate evidence-based care that 
they should expect.
    For example, hypertension affects nearly one in three American 
adults. It is called ``the silent killer'' due to the strong link 
between unmanaged hypertension and later incidents of coronary vascular 
disease. Yet only 23 percent of diagnosed hypertensives have their 
blood pressure under control, despite readily available and cost-
effective medications. Diabetes was referred to in a recent New York 
Times article as a disease of epidemic proportions, and yet more than 
70 percent of diabetics have unmanaged cholesterol levels, despite 
readily available cholesterol management treatments. Diabetes is the 
leading cause of non-traumatic lower limb amputations in the U.S., but 
barely one in five patients with diabetes receive the recommended 
annual foot exams that can expose loss of sensation. Additionally, 
almost 70 percent of our children with severe asthma are not receiving 
appropriate medications.
    A 737 stays grounded due to safety risks if a tray-table won't stay 
in it's locked and upright position, but the equivalent of a 737 load 
of people die every day from preventable medical errors.
    Many of us would not dream of letting our cars go more than 7,000 
miles without an oil change, and in fact get regular notifications 
about servicing so they don't break down on the side of the road. 
However, we may go years without a blood pressure or cholesterol check, 
and the first sign of coronary heart disease is when our bodies break 
down and we are rushed to hospital with a heart attack or stroke.
    As a society, we are outraged about a single occurrence of data 
being stolen, but ignore the daily health care crisis when 
opportunities for continuous and appropriate care are missed due to the 
lack of basic information systems with data mobility.
    The relevant technologies to address these problems are neither 
complex nor expensive. We don't need 4-D CAT scanning devices to ensure 
children receive immunizations and the elderly receive flu shots. We 
don't need to solve the genome code to notify patients in a timely and 
traceable manner when their lab results are normal or abnormal.
    We created Kryptiq to solve these problems.
    Today, more than 100 employees at Kryptiq Corporation are focused 
on enabling secure connectivity in health care. Last year alone our 
customer base grew 120 percent to over 700 health care organizations in 
48 states. More significantly, the number of secure clinical messaging 
customers grew by more than 200 percent in that same time frame. Every 
one of these clinics who purchased Kryptiq connectivity software did so 
with the specific intent to collaborate with other clinics and in many 
cases also with their patients. The primary application of Kryptiq 
software is ``provider-to-provider'' communication for referrals, lab 
results, consultations, admissions, and prescriptions. These products 
also allow ``provider-to-patient'' communication to deliver secure 
online access to medical record summaries, lab results, and 
administrative data. They enable patients with chronic diseases to ask 
questions and provide home monitored data to their physician office, 
and support eVisits to provide necessary care without the patient 
coming into the practice. The growth and adoption of Kryptiq software 
tells us that connectivity is not just a ``nice to have'' capability--
it is the best way to unlock the value that is trapped in the 
information silos of health care.
    Much attention has been given to President Bush's goal to enable 
Electronic Health Records (EHR) for nearly all Americans by 2014. The 
creation of the Office of the National Coordinator for Health 
Information Technology (ONC) has advanced the cause and awareness of 
EHR. Among other tangible benefits, Dr. David Bralier's efforts have 
been a positive and significant step forward in moving us away from 
paper and establishing a foundation for data storage and management. 
EHRs are of great value in organizing and maintaining the accuracy of 
patient information, while eliminating the burdens inherent in a paper 
system. However, EHR adoption alone does not result in collaboration. 
In fact the evidence to date suggests most EHR implementations create 
islands of automation, no more capable of sharing information than the 
paper records they replace.
    Efforts spearheaded by the ONC to create Regional Health 
Information Organizations (RHIOs) for information sharing have largely 
stalled. Yet Kryptiq customers are delivering significant and 
measurable gains by combining the EHR systems that already exist with a 
readily available and affordable messaging infrastructure to share 
information across their communities. Secure clinical messaging 
represents the greatest opportunity to modernize and improve health 
care. Therefore, we believe that in order to truly lower costs and 
improve quality, we need to look at how we MOVE patient information, 
not just how we STORE patient information.
    We all know about the growing cost of health care and the burden it 
is placing on our citizens, our businesses and our economy. Several 
studies have shown the tremendous potential for cost savings and 
qualitative improvements that can be realized through health care IT 
adoption. A recent study by the Center for Information Technology 
Leadership (CITL) at Partners HealthCare reported that if all 
information exchange between physician, hospitals, pharmacies, 
radiology centers, and public health facilities were fully automated in 
a standardized way, the U.S. health care system could save in excess of 
$77 billion dollars each year. The study specifically, and in my 
opinion rightly, points out that 70 percent plus of the savings 
opportunities exist through inter-office collaboration as opposed to 
internal office automation.
    The recent RHIO initiatives are an attempt by the government to 
address the data mobility issue. However, the ``typical'' RHIO (not 
unlike it predecessor, the CHIN) has a fatal flaw--it essentially 
requires that all infrastructure, governance, funding, and standards be 
agreed to and deployed BEFORE it can be of any use. This is analogous 
to building an entire road system before anyone can drive. In addition, 
questions about their sustainability have yet to be answered. This 
leads me to conclude that the current RHIO concept will require ever-
increasing and ongoing financial support from the government.
    There is a smarter approach. The concept of an ``organic'' or 
incremental RHIO fueled by secure messaging technology provides 
immediate data mobility in a self-sustaining model without the 
centralized high cost infrastructure and bureaucratic governance. 
Forrester Research, reflecting on the early and modest results from 
initial RHIO efforts, has coined this concept as Managed Connectivity 
and it is gathering support among industry leaders. Dr. Brailer 
illustrated this point in a recent article in Health Data Management, 
``Most [people] will want to make local decisions on how data will be 
shared. . .the less centralization there is, the more value people will 
see. . ..'' The Managed Connectivity concept is predicated on peer-to-
peer workflow-based collaboration. The technology foundation is e-mail 
and the Internet, which is already universally available at a minimal 
cost.
    By definition, this approach includes any clinic that has e-mail 
access as opposed to only those that have EHR. At the same time, it 
will serve to stimulate EHR adoption because electronic records are a 
place to store and manage data that is sent and received. The big 
benefit however is that collaboration begins on day one--there are no 
multi-year implementation projects.
    I know that this model will succeed. I spent 15 years at Intel at 
the critical time of Personal Computer adoption. As many of you may 
recall, the transition from early adopters to widespread business use 
occurred because of e-mail. Collaboration drove PC adoption, which in 
turn drove richer applications, and created the industry that made 
every industry more competitive and productive. This was referred to as 
a ``virtuous technology spiral.''
    More importantly, I know that the ``organic'' approach works 
because I see our customers doing it every day.
    Oregon has been the home to many health care breakthroughs, both in 
the private and public sector. The Oregon Health Plan, the early 
electronic medical record developed by Dr. Mark Leavitt, and the wide 
deployment of EHRs by both Providence Health System and Kaiser 
Northwest Permanente are examples of national leadership in health 
care.
    Recently, in partnership with our customers, Kryptiq has 
established that connectivity solutions significantly improve care 
delivery and reduce costs. For example, by transitioning patient 
referrals from paper-based systems to secure electronic communications, 
Providence Health System and The Oregon Clinic were able to save an 
approximate combined $10 per referral. Faxes and phone calls were 
replaced by electronic messaging in a matter of weeks. This was 
achieved without the need of external forces or government subsidies or 
multi-agency committees arguing about every last technical and business 
detail. In addition to reducing costs, moving to electronic referrals 
eliminated the time lag inherent in paper systems and ensured that 
relevant information was where it needed to be when it needed to be 
there.
    Meanwhile Providence Medical Group recently released the results of 
a comprehensive one-year study of significant improvements in patient 
outcomes using Kryptiq's CareManager Diabetes Module. Their ability to 
unleash the data stored in their EHR and use it to proactively 
communicate with chronic patients regarding their health status, 
instead of waiting for the next office visit, has lead to remarkable 
improvements in treatment compliance. They have demonstrated a 58 
percent increase in the number of patients with diabetes who achieved 
control of their cholesterol and blood pressure levels, significantly 
reducing the risk of disease complications. They also documented a 250 
percent increase in foot screenings, helping to stem the rate of later 
amputations. All of this was achieved without any additional staff 
requirements, and the extra revenue from providing necessary and 
medically appropriate care in a timely manner allowed the medical group 
to pay for the necessary IT investment, while undoubtedly saving the 
economy many millions of dollars in hospital visits and other longer-
term care costs.
    Similar examples exist throughout the country in physician offices 
adopting connectivity solutions at their own investment to improve 
their care services and generate additional revenue at a lower overall 
cost. Family Medical Specialists of Texas (FMS) believed that their 
busy patients would receive better care if they could have online 
consultations with their primary care physician to resolve medical 
questions and issues without an office visit. Rather than waiting on 
all the local health plans to support ``eVisits,'' FMS now charges 
individual patients $40 per year for their eCare program. Patients 
believe it pays for itself by avoiding co-pays; employers and employees 
save time by avoiding unnecessary office visits; FMS generates 
additional revenue without increasing staff costs; and the health plans 
save money by shifting office visits to more cost-effective and 
efficient forms of care.
    Memorial Hermann Healthcare System (MHHS) in Houston, Texas has 
adopted messaging technology for similar reasons. Dr. David Bauer, 
Residency Director for The Family Medicine Residency Program, cites a 
typical pre-messaging scenario of a patient calling in with a question 
regarding a medication she had been prescribed the previous day. ``She 
left me a message to call her back. But when I called her back she was 
in a meeting so I got her voicemail. When she returned my call I was 
busy seeing patients. Over the next 24 hours she spoke to three of my 
nursing team without reaching me, having to re-explain her issue each 
time, and we left each other seven voicemail messages.'' Dr. Bauer's 
scenario is a common one, happening all over the country every day, but 
for him it's now a thing of the past. ``Now we use secure messaging, 
which allows me to communicate with patients and other providers 
without our needing to be available at the same time.''
    Examples such as these illustrate that the market is creating the 
standards for baseline inter-operability. The next logical step in the 
evolution of such standards is a common interchange structure for 
patient medical records that is simple to deploy such as the ASTM 
Continuity of Care Record (CCR) or the HL7 Clinical Document 
Architecture (CDA). The standard should be accessible by patients and 
health care providers and work in both EHR and non-EHR environments. By 
contrast, emerging concepts, such as Cross Enterprise Document Sharing 
(XDS), promote collaboration but require significant infrastructure, 
are more complex to deploy and assume certain market outcomes that are 
still in question.
    Because there are competing definitions of a common interchange 
structure for patient medical records, health care IT vendors are 
reluctant to develop inter-operability solutions based on either 
standard. We believe that it is time for the government agencies such 
as NIST to help mediate between these competing approaches. We are also 
encouraged by NIST's involvement in developing reference 
implementations for the XDS standards. These efforts help promote the 
validity of standards and their applications.
    A common interchange structure for medical records will be a great 
leap forward for everyday collaboration. However, other standards will 
need to be developed to address more specialized health care-related 
homeland security needs such as the aggregation of emergency room data 
to identify pandemics.
    We've made great progress in a short period of time and this has 
led us to a solid foundation for the critical work that remains to be 
done. Clearly, we want to continue to build on the successes that will 
drive collaboration and improve the quality and delivery of care, while 
achieving critical cost savings. To this end, we recommend that the 
Government's continued and future funding for health care IT follow 
this direction:

        1.  Prioritize ``organic'' RHIO expansion while limiting any 
        additional spending on centralized or federated models unless 
        they demonstrate scalability and broad community participation.

        2.  Fund the implementation of electronic collaboration 
        technologies in public health settings. Public health is 
        largely funded by the government at a federal, State and local 
        level. To preserve the viability of the public health clinics, 
        they should be the recipients of targeted resources 
        specifically for this purpose.

        3.  Mediate a definition of a common interchange structure for 
        patient medical records to facilitate collaboration. 
        Specifically, settle the debate between CDA and CCR. CMS could 
        provide incentives for the adoption through its reimbursement 
        processes.

        4.  Combine any contemplated changes in Stark laws with 
        collaboration mandates that ensure that any recipient of 
        technology can participate in a fully collaborative and open 
        community-wide network.

        5.  Continue work towards differential reimbursement to 
        physicians who can prove better outcomes of care for their 
        patient population.

    As we have shown, the benefits of secure electronic collaboration 
are undeniable. We are on the eve of a major breakthrough of technology 
adoption that will make the health care industry safer, more cost-
effective and more competitive. We advocate a network of collaboration 
that maximizes provider and patient participation, and provides 
immediate and secure data mobility in a self-sustaining model without 
the high cost and complexity of a centralized system.
    Thank you.

                       Biography for Luis Machuca

    Luis Machuca is the President and Chief Executive Officer of 
Kryptiq Corporation, the leading provider of inter-operability and 
workflow connectivity solutions for health care. Mr. Machuca received 
his BSEE in 1980 and MSIE in 1981, both from Purdue University. In 
1981, he joined Intel Corp., where over a 15-year career, held a 
variety of roles in management before becoming co-General Manager of 
the OEM Products & Services Division where he established Intel as the 
number one motherboard supplier in the world. In 1996, he became the 
Executive Vice President of the NEC Computer Services Division of PB-
NEC Corp. In 1999, Mr. Machuca joined eFusion Corp. as President and 
COO and subsequently merged the company with ITXC. Mr. Machuca 
currently serves on the Oregon Health & Science University Foundation 
Board of Trustees, Lifeworks NW Board of Directors, the Boy Scouts of 
America Cascade Pacific Council Executive Board, Catholic Charities of 
Oregon and the Jesuit High School Board of Trustees. Mr. Machuca has 
also served on the Portland Metropolitan Family Services Board of 
Directors, and was a finals judge for the 2005 NewVenture Championship 
business plan competition sponsored by the University of Oregon's 
Lundquist Center for Entrepreneurship. In 1999, Mr. Machuca received 
the Outstanding Industrial Engineering Award in from Purdue University.

    Mr. Reichert. Lastly, we recognize Mr. Urali.

  STATEMENT OF MR. PREM URALI, PRESIDENT AND CEO, HEALTHUNITY 
                          CORPORATION

    Mr. Urali. Thank you, Chairman Congressman Reichert, 
Congressman Representative Wu, ladies and gentlemen.
    My name Prem Urali. I am the founder and CEO of HealthUnity 
Corporation, a 17-month old health information technology 
company based in Bellevue, Washington.
    First let me start by thanking you for giving me the 
opportunity to present our company's views in front of the 
Subcommittee and in front of the general public here today.
    HealthUnity was founded with the singular vision of 
providing the solution for getting the right clinical 
information to the right person at the right time. We had two 
earlier deployments underway: One in the Seattle east side, 
namely, Bellevue, Washington; and another one in Baltimore, 
Maryland. In both of these locations, we have had early 
successes in enabling health information exchanges to flourish.
    HealthUnity's approach and early success can be summarized 
in the following key points: Our approach is targeted at the 
grass roots, namely, we target the clinicians first. They are 
the knowledge workers who need to be introduced to health 
information technology right from the outset. If the clinicians 
are not on board, we will not achieve the national vision we 
seek, despite the involvement of others, so that's why we 
started the grass roots with the clinicians.
    Secondly, we provide an affordable solution that is also 
the best in its class.
    And, thirdly, we take care of all the external integration 
and communication needs, which is a critical piece, as Luis was 
pointing out, in our national health IT strategy.
    Finally, we believe we have a business model that is 
scalable and sustainable.
    Now, let me summarize my thoughts on what role health 
information plays in improving care. Health care is essentially 
a local, at best a regional, activity; hence, any approach to 
solving health information sharing, it should start at the 
local or regional level.
    There are three goals which are central if any of this is 
to happen. The first goal is improving quality of care. Now, I 
will limit my--the value proposition discussion from a 
clinician's perspective. And I'm sure there are various other 
perspectives on value and how a network could be beneficial. 
But, you know, like I said, we have to start at the grass roots 
level; and unless the clinicians are up to it, it doesn't 
matter who else is interested in it.
    The often quoted figure is that 96,000 avoidable deaths 
happen, in the U.S. Alone. By electronically recording, 
communicating, and archiving health information and then 
analyzing de-identified information--meaning the patients 
identify information that has been removed from it--we can both 
benefit the patients as well as the community and the 
population health needs and how we can improve quality of care.
    The second goal is addressing provider inefficiencies. 
Information technology has the power to reduce cost of doing 
business for all the providers involved. Today there is still a 
ton of paperwork, papers, faxes, phone calls, that keep passing 
between care providers. At HealthUnity, we have recognized this 
as another important area where our solutions should help 
improve those inefficiencies.
    The third goal is to improve patient experience. We--in our 
earlier--in other testimony, it came out that we all go through 
the frustrating experience where we go see a doctor and we have 
to--the first thing we do is we have to fill out the clipboard. 
Additionally, the patients who see multiple providers have to 
take it upon themselves the act of coordinating the health 
information, and, physically, in many cases, transporting data 
between the various care providers.
    Now, let me turn to the topic of incentives and barriers. 
The key barriers hampering technology adoption in the physician 
practices. Deployment of IT systems requires up-front capital 
and it also causes short-term disruption in practice 
efficiencies. So any solution should address squarely, number 
one, how to help physician practices raise the capital they 
need in order for deploying and operating such; and then, 
secondly, how do you promote the mass education of our general 
public and the IT people so that adopting these systems can be 
very inexpensive and the talent to do that is ubiquitous and 
it's widely available.
    Here are some practical suggestions on how incentives can 
be targeted at these two barriers. Number one, let any 
interested party finance physician practice adoption of 
technology, with no strings attached. So far, we have had a lot 
of discussion on why physicians do not have technology; but any 
solution or every policy solution keep coming back has strings 
attached to it, and hence the adoption is not being what it 
needs to be.
    Number two, we need to fund education and training so the 
best practices on how to implement these technologies become 
affordable and common knowledge: So we can walk to a community 
college and get the graduates that are coming out or have been 
through the program, and they have the knowledge how to help 
the physicians implement the IT solution in their practice.
    Now, let me turn to the topic of Federal Government 
departments and agencies and the role that they have played in 
health IT. HHS, the Health and Human Services Department, as 
well as the Office of the National Coordinator, have done a 
phenomenal job in raising the awareness in the industry and 
setting a national agenda in terms of the appropriate goals and 
strategies. This was done in record time. We commend them for 
serving the Nation well in doing so.
    In the area of execution we believe we can share some of 
our experience which might help all of us achieve national 
goals in a capital as well as time efficient manner.
    Our nation owes much of its economic success to its 
numerous entrepreneurs, inventors, and workers. Equally 
importantly, our nation owes its success to the right policies 
enshrined in our Constitution, in our laws, and in various 
administrative and legislative bodies. Government intervention 
in the free market should be one of last resort. We are all for 
government incentives and removal of barriers, but we are not 
for government picking winners and losers in the health 
information technology market. We are not that particular about 
government massively spending and indirectly funding health IT 
projects, either from Washington, D.C., or the state capitals.
    We understand the urgency within our government and public 
officials to get things done quickly. We also think there has 
not been sufficient progress in creating the right policy 
environment and right incentives environment and then letting 
the private sector innovate. I think that is where we have had 
deficiencies and we can definitely use a lot of help from 
Washington, D.C. We would also like to see more of the Health 
and Human Services Department as well as the Office of National 
Coordinator's resources targeted towards addressing these 
policy and incentive issues.
    Addressing the topic of standards in the health care 
environment, the scenario that is most important at the 
national level may be quite different than what is most 
important at the regional level. And we've only seen that based 
on some of the recommendations and incentives that are coming 
from Washington, D.C. Our focus needs to be at the regional 
level, the regional scenarios, the barriers, the incentives, 
and the policy and legislative needs, at the grass roots level.
    We thank you for the opportunity, and I look forward to 
answering some questions. Thanks.
    Mr. Reichert. Thank you.
    [The prepared statement of Mr. Urali follows:]

                    Prepared Statement of Prem Urali

    Good afternoon, Chairman, Members of the Subcommittee, ladies and 
gentlemen.
    My name is Prem Urali. I am the Founder and CEO of HealthUnity 
Corporation, a 17-month-old health information technology company based 
in Bellevue, Washington.
    First, let me start by thanking you for giving me the opportunity 
to present our Company's views in front of this subcommittee.
    HealthUnity was founded with the singular vision of providing a 
solution for getting the right clinical information to the right person 
at the right time. We have two real-world deployments underway: one in 
Bellevue, WA, and the other in Baltimore, MD, where we have had early 
successes in enabling regional health information exchanges to 
flourish.
    HealthUnity's approach and early successes can be summarized in the 
following key points:

        1.  Our approach is targeted at the grass-roots--we start with 
        clinicians. They are the knowledge workers who need to be 
        introduced to the health technology world right at the outset. 
        If the clinicians are not on board we will not achieve the 
        national vision we seek, despite the involvement of others.

        2.  Secondly, we provide an affordable solution that is also 
        the best in its class.

        3.  Thirdly, we take care of all of the external integration 
        and communication needs--a critical piece that has been missing 
        till now. Clinicians want to communicate electronically with 
        other clinicians, labs, radiology centers, hospitals and 
        patients. Facilitating this communication is what we do best.

        4.  Finally, we have a business model that is scalable and 
        sustainable, and which produces the best solution for the 
        clinical communication and collaboration problem.

    Let me now summarize my thoughts on the role health information 
plays in improving care.
    Health care is essentially a local, or at best regional, activity. 
The patients and their providers (hospitals, labs, physician practices, 
etc.) are all located within a given locale or region. Hence any 
approach must start at the regional level. There are three goals that 
are central to regional care providers that also align perfectly with 
the national vision. I am limiting my analysis to goals that are 
relevant from a provider's view-point because that is where I believe 
all discussions around information technology adoption in health care 
should begin.

The first goal is improving quality of care:

    The often quoted figure is that 96,000 avoidable deaths occur in 
the U.S. each year. By electronically recording, communicating, and 
archiving health information and analyzing de-identified health 
information, we can help reduce the incidence of errors and improve 
quality of care. This can be achieved by providing patient-specific, as 
well as population-wide, interventions.

The second goal is addressing efficiencies:

    Information technology has the power to reduce the cost of doing 
business for all the providers involved. Today, there is still a ton of 
papers, faxes and phone calls passing between care providers. At 
HealthUnity we address inefficiencies by automating major workflows, 
such as patient demographics exchange between health care entities, 
automation of the referral process, clinical information sharing, 
distribution of lab and radiology results, and several other frequently 
recurring processes. These savings lower the operating costs for care 
providers and help them run their businesses better. In addition, by 
making historical data seamlessly available to care providers, we 
reduce the practice of defensive medicine. If prior data is available 
and easily accessible, providers are less likely to reorder tests and 
procedures. This reduces the level of waste in the system. Providers 
need not be concerned about overall revenues falling. We need to keep 
in mind that there is no dearth of growth in demand for health services 
with our aging population. By reducing wastage and reducing the unit 
cost per visit or procedure, providers can treat and meet the needs of 
more of our citizens at a lower unit cost to the system.

The third goal is to improve the patient experience:

    Today, as patients, we often have frustrating experiences when we 
visit our doctors and the dreaded clipboard is handed over for us to 
fill out. Often patients who see multiple providers may have to fill 
out the same form multiple times over the course of a single day. 
Additionally, patients who see multiple providers appreciate what it 
takes to transport medical data between their various care providers, 
and consequently they themselves act as coordinators of their own care. 
Technology can help the system do what it is supposed to do and make 
the care delivery process considerably more patient friendly. 
Clinicians would love to see this happen at an affordable cost to them.
    I hope I was able to illustrate the core benefits of a connected 
health care environment. Now, let me turn to the topic of incentives 
and barriers.
    The key barriers hampering technology adoption are in physician 
practices. The other health care providers are typically larger and can 
easily afford new investments or have already made investments in 
health information technology. Deployment of an electronic medical 
record system, or EMR, requires up-front capital and causes a short-
term drop in practice productivity. Furthermore, an EMR, coupled with a 
practice management system, or PMS, does not completely address the 
three goals I spoke of earlier. The third missing piece is the 
bidirectional external communication solution. Any real solution should 
squarely address: 1) How to help physician practices raise capital for 
deployment and operation of an IT solution that addresses EMR, PMS and 
the bidirectional communication need. And 2) How to promote the 
education of the market on the best practices for adopting those 
solutions in a way that minimizes disruption in practice productivity.
    In summary the barriers are 1) Capital for deployment and 
operations and 2) Practice disruption during implementation. Here are 
some practical suggestions on how incentives can be targeted at these 
two barriers: 1) Let any interested party finance physician practice 
adoption of technology, with no strings attached or with only a minimal 
requirement that the physician practice match the interested party's 
funds with their own funds, or match the funds in kind. 2) Provide 
incentives for standardization and commoditization by implementing the 
solution such that there are hundreds of people who have the expertise 
to implement these technologies for a low price.
    Let me now turn to the topic of the Federal Government departments 
and agencies, such as the Department of Health and Human Services and 
NIST, and the role they currently play and could play in the future. 
HHS and the Office of the National Coordinator have done a phenomenal 
job in raising the awareness in the industry and setting a national 
agenda in terms of appropriate goals and strategies. This was done in 
record time and we commend them for serving the Nation well. In the 
area of execution, we believe we can share some of our experience, 
which might help all of us achieve the national goals in a more capital 
and time efficient manner.
    Our nation owes much of its economic success to its numerous 
entrepreneurs, inventors, and workers. Equally importantly our nation 
owes its success to the right policies enshrined in our constitution, 
our laws and the various administrative and legislative bodies. When a 
major challenge such as the adoption of Health IT stares at us, we go 
back to the formula that has worked for over 200 years, and that is 
that the Government does what it is best at--setting the right legal 
and policy environment, and the private sector does what it is best 
at--innovating and creating the best health information infrastructure 
in the world, one that is constantly innovating and keeping us at the 
fore front. Government intervention in the free market should be the 
last resort. We are all for Government incentives and removal of 
barriers. But we are not for Government picking winners and losers in 
the free market by massively spending the public's money on direct 
Health IT projects managed from our national and state capitals. We 
understand the urgency within our government and public officials to 
get things done quickly. We also think there has not been sufficient 
progress in creating the right policy environment and the right 
incentives environment and then letting the private sector innovate. We 
would like to see more of HHS' and the Office of the National 
Coordinator for HIT's resources targeted towards solving the policy 
deficiencies and the incentives for private sector development.
    Addressing the topic of standards, NIST has a role to play as 
standards emerge. Standards make sense when a value proposition can be 
clearly articulated and there is strong consensus around that value 
proposition. Let me give you the example of my ATM card. When I travel 
to Europe, I can withdraw cash from most ATM machines there. However, I 
cannot call up my bank statement from Europe. The value proposition 
here is very clear. When traveling out of your home country, you want 
to be able to get cash. However, you don't particularly care if you are 
able to get your last month's bank statement. Translating this analogy 
to the health care environment, the scenario that is most important at 
a national level may be quite different than what is most important at 
the regional or local level. Our first goal is to set in motion a 
policy and incentive framework that will identify the scenarios that 
are important at the regional level. When a clear picture emerges at 
the regional level, we can then identify a subset of the regional 
scenarios that would be important at the national level. At this stage 
our focus needs to be on the regional scenarios. When a clear value 
proposition emerges for a given regional scenario then we can move 
forward to standardize it at the national level. NIST can play a key 
role in this process.
    Our observation is that the national standards are being worked on 
without first letting the local and regional standards sufficient time 
to emerge. Again, I clearly understand the urgency of our government 
and public officials to achieve tangible progress. We want to help by 
providing our candid feedback so that the national debate includes the 
voice of a firm which is making progress on the ground at the regional 
level.
    We thank you for the opportunity again. I look forward to taking 
some questions.

                        Biography for Prem Urali

    Prior to founding HealthUnityTM Corporation, Prem was a Group 
Manager in the BizTalk Server division of Microsoft, responsible for 
the BizTalk Accelerator line of server products including the HL7 and 
HIPAA Accelerators (integration engine). Prem incubated these 
initiatives from concept to $10 million in incremental revenue in three 
years. Prior to Microsoft, he founded a B2B software company Commercia 
Corp, which was acquired by Microsoft in 2000. Prior to that Prem held 
the position of CTO of Petopia, now a division of Petco Animal Supplies 
(NASDAQ: PETC). Under his leadership, Petopia was ranked by InfoWorld 
in its e-Business 100 list in 1999. Previously, Prem worked for four 
years in the consulting services division of Microsoft, where he was 
one of the youngest persons to be elevated to the position of Principal 
Consultant in 1998. In this capacity, Prem lead the program that 
launched the very first electronic commerce presence for Gap, Baby Gap 
and Gap Kids. Prem, has founded companies in India and U.S. in the 
software consulting and product areas.
    He earned a Master of Science degree from Iowa State University in 
Computer Engineering. He also earned an MBA from the Wharton School of 
the University of Pennsylvania. Prem has three patents pending in the 
area of message-oriented middleware systems.

About HealthUnity Corporation

    HealthUnity was founded with the singular mission of providing the 
right clinical information to the right person at the right time. 
HealthUnity is the ``RHIO in a box'' company. HealthUnity's affordable 
solution can be used to build regional health information networks that 
support organic growth from as little as two entities to hundreds of 
entities. Our tag line is ``Trust is Earned'' which reflects our 
commitment to protecting security and privacy of patient data.

                               Discussion

    Mr. Reichert. Would the other witnesses come up and try to 
find a seat? I know it's a little crowded.
    You know, these hearings, when I--this is my first term, by 
the way, in Congress. I was a law enforcement officer in the 
sheriff's office in Seattle, and I was a sheriff in Seattle for 
eight years. And I find these things to be very formal and 
people are a little bit nervous.
    Are you nervous out there? Are you nervous up here?
    See, we can relax a little bit now. You've got your 
testimony out of the way, and Mr. Wu and I will ask a few 
questions.
    I, personally, am not an IT expert and I'm not a health 
expert, but what I've noticed is some similarities in the field 
that I came from, my 33-year career in law enforcement. When 
you talk about inter-operability--and I think, you know, you 
were mentioning that, first, hospitals and doctors' offices 
need to build sort of a system within their own operation 
before they can kind of reach out and be inter-operable. Law 
enforcement has the same problem. I think back to--oh, by the 
way, I'm supposed to say, before I start to talk, that I'm 
recognizing myself for five minutes. That's part of the rule. 
So I've now recognized myself, and I've used up some of my 
time. Since there are only two of us, we'll be liberal with our 
time today.
    Mr. Wu. Absolutely.
    Mr. Reichert. I would just like to draw a couple of 
comparisons to law enforcement, because we're all going through 
this struggle of just this massive increase in technology and 
the number of vendors mentioned, 800 vendors. We all are 
dealing with the fastest moves.
    But in 1982, I was 31 years old, I started to work on the 
Green River murder investigation, which brought me to Portland, 
back to the Oregon area again. Do you know that in 1982, when I 
started to work that case, there were no computers? And what we 
used--and I've talked to young children about this in grade 
school and junior high, and even high school students, they 
will raise their hand and say, when I say, ``This is on Rolodex 
file,'' they'll say, ``What is a Rolodex?'' And that's so far--
and then DNA and automated fingerprint identification systems, 
all those things.
    So what's exciting, though, is the Northwest is really 
leading the way in a lot of these areas, and in the health IT 
area, the Northwest once again is leading the way. What you've 
heard from the expert witnesses today is that we are far ahead.
    I've had the opportunity to travel to New Orleans and 
Houston, and after Katrina and Rita, and interact with the 
people there. They are making progress too, don't get me wrong, 
but--you know, we're a little bit biased here in the 
Northwest--we are doing a great job, but there's so much more 
we can do. And I'm just happy to see that all of these bright 
people are on this problem, because it is one that needs to be 
solved.
    The other thing that I find very interesting in these 
discussions within the Federal Government and state government 
are all these acronyms. Let's see, I just jotted a few down. So 
we're just going to have a little bit of fun.
    HHS. NIST, N-I-S-T. ONC. IEEE. HITS. PCC. IH. IT. EHR. OPI. 
RTI.
    Does everyone know what all those mean? You do? That is 
scary.
    Well, you know, it's good that you all know what they mean.
    Mr. Wu. What we have is an inter-operability issue.
    Mr. Reichert. Exactly right.
    Mr. Wu. It's a new language.

                      Government Role in Health IT

    Mr. Reichert. But what I've--What my question, now, I lead 
up to is: I recognize that some of the problems that were 
listed were turf wars, partnerships, and standards, incentives; 
those are some things that have been talked about.
    What I'd like to know, first of all, what are the three 
most important things that the Federal Government can do to 
help? Now, I've heard a lot of suggestions; but if we can just 
maybe--anyone in the panel, the three most important things 
that we can do. I know there's a lot.
    Dr. Pettit. I think, as a start, this was a great 
experience trying to figure out in writing this testimony, 
really, and I think everyone is nodding their head. What can 
the government do to help us.
    Mr. Reichert. Yeah.
    Dr. Pettit. And I see bringing attention to the matter has 
done a tremendous amount in the past year, I believe. Funding 
is another thing. Supporting legislation is another. And one 
more--what was it? Nancy, help me. Programs.
    Yeah. Those are the--Those are the four things I see. Oh, 
and providing incentives through the government's role as a 
payer.
    Mr. Reichert. Yeah.
    Mr. Machuca. If I could, I'm just going to give you one. I 
really believe that embracing an organic approach not only has 
the benefits that we stated, but I think there's a paralyzing 
effect when clinicians and professionals in health care think 
that somebody else is figuring out, somebody else is going to 
pay for it, and in ten years we're just going to plug our PC 
into the wall and all the health information is going to come 
out. Not only is that a fallacy, but it's a paralyzing and 
chilling effect. And people moving in an incremental way to get 
the great benefit they can go with immediately, and so I would 
focus very much on incremental, high yielding steps as opposed 
to the big vision in the sky ten years from now.
    Dr. Chin. I would--You know, I would agree with that. And 
one of the big things in health care IT is ``don't let perfect 
be the enemy of the good.'' You know, we've got to start 
somewhere; and rather than trying to develop the perfect system 
and the perfect standards, we've got to start somewhere.
    The number one thing for the Federal Government is really 
incentives to incent people to put their information into an 
electronic form and to be able to share that information. One 
of the examples of that is Kaiser Permanente, here in the 
northwest region, actually contracts out services, hospital 
services, to four or five hospital organizations. And we do get 
that information back, we do get that information back 
electronically. And the incentive for those organizations to 
provide that information is that, unless they provide that 
information, we do not use their services. And so that's 
certainly a big incentive for them to provide that information.
    The issue is not a technological one; the issue is one of 
incentives and making it attractive and reward organizations 
for engaging in this behavior of sharing information.
    Ms. Cecchettini. I agree on the--I agree on the incentives 
for early adoption, but also sharing the best practices of 
early doctors, because it is about the work flow and how we do 
change practice within health care.
    Mr. Kenagy. I just want to add, though, the point earlier 
about highlighting the issue is important. I think the Federal 
Government plays a huge role in educating itself, educating the 
industry, and educating consumers about how complex this is. 
And I think that's critically important. I agree with the 
incentives.
    I think the focus on inter-operability between institutions 
is a huge--you know, we have keen interest within OHSU to 
automate our records, to improve care, to improve quality, to 
improve efficiencies; but as was said by many of the people 
here today, there are few incentives to sharing the 
information.
    I think Dr. Chin mentioned it great. There's a lot of 
incentive around being effective in one area, but around 
health. So I think that focusing the incentives around sharing 
information, being able to export it to the patient themselves, 
who are ultimately the greatest beneficiaries of this, and 
between institutions, is a good focus area.
    Mr. Reichert. Dr. Jeffrey.
    Dr. Jeffrey. Well, as the Federal Government representative 
here tasking ourselves, I'd like to echo some of the things 
I've heard, which I completely agree with.
    One is the leadership role that the Federal Government can 
have in terms of exactly what you just said, increasing the 
awareness and the importance of issue at all levels.
    Second, it was mentioned the need to provide incentives for 
technology adoption in policy, especially sort of market-based 
policy incentives. And one of the things that the Department of 
Health and Human Services--I'll try to avoid the acronyms--
under. Dr. Brailer's leadership, they just put out the contract 
recently to George Washington University, Massachusetts General 
Hospital, and I think it's the Harvard Institute for Health 
Policy, to specifically examine government policies and how 
they may be used to more effectively help the adoption of some 
of these technologies. So, hopefully, that would be one 
mechanism to try to get more of this kind of input.
    And then the third area is on the same obstructions to 
inter-operability, I agree, across institutions is a critical 
piece. And that's a place where the Federal Government is not 
mandating but working with the private sector and plays sort of 
a little bit of the referee and a little bit of the convenor 
(unintelligible) to try to get to the right answers.
    Mr. Reichert. Great. You noticed I asked for three and I 
think I counted about eight, so that's good.
    The Chair recognizes the ranking member, Mr. Wu.
    Mr. Wu. Thank you very much, Mr. Chairman.
    You know, I tend to be a ``glass is half full'' kind of 
person; but after the challenges that we've heard today, I 
think the glass is kind of a quarter full. But I think that we 
have some success stories here, or at least some good starts, 
with Kaiser based here in the Pacific Northwest, with our local 
V.A. Hospital, and with the efforts at OHSU. And I'd like to 
get into some of the specific reasons for that, and it'll 
probably take several rounds of discussion to get into that.
    But we really have a critical mass of providers, payers, 
innovators, suppliers, quality organizations, here in the 
Northwest--in the Portland metro area in Oregon, in the Puget 
Sound area in Washington state; and it's not just because the 
businesses exist here and the health care providers exist here, 
but because, I think, there's a spirit of innovation.
    And before we let other folks get too far out ahead, as Mr. 
Reichert referred to the loss of memory of Rolodexes, which 
were so important to us in our prime, you know, in my 
intellectual property practice, we represented all different 
sorts of folks, including financial institutions. And I 
remember helping financial institutions transition from their 
in-house IT service to outsourcing their out--this is before 
``outsourcing'' was a bad word; this was outsourcing to a nice 
company in the Puget Sound--and this transition was typically 
done over a weekend. That is, you shut the bank down on Friday 
afternoon and you click over from your in-house service to this 
new service provider. And the theory was that you did all of 
that work over the weekend and you open up on Monday and nobody 
notices the difference. And just in my legal career, I've got 
to tell you that one of these transitions, well, you know, the 
client shut the service down on Friday afternoon and on Monday 
morning the tellers were using shoe boxes and paper records. So 
there have been a lot of challenges to a lot of different 
industries, just in our very short professional life, and so I 
think that there's real room for optimism.
    And focusing on the positive first, with Dr. Chin.
    Kaiser is an integrated operation. You've gone to a 
paperless system. There have been tremendous problems in giving 
incentives to health care providers. My understanding is that 
at Kaiser it's a bit tough. It's basically, if you want to work 
here, you're going to use this paperless system.
    But, Dr. Chin, as the designer of the system, you must have 
made many decisions to try to make your system more provider 
friendly. Could you talk about some of those things in addition 
to the stick of ``if you want to work here,'' what are some of 
the carrots that you offer.

                         Training on IT Systems

    Dr. Chin. There is a learning--certainly a learning curve 
for clinicians to learn how to use systems. And I would say, 
initially, number one, is the amount of training that we 
provide them. So we've provided them with 20 hours of training 
in order to get them to be used to the system, and then we 
actually reduced their schedules, initially, when they started 
using the systems, to enable them to really learn how to use 
the system effectively.
    After you do that, once you get 90 percent of the 
clinicians on board and using the system pretty effectively, 
then it's relatively easy to get the other 10 percent on board 
and to make--and to mandate the use of the system; otherwise, 
they don't work for Kaiser Permanente.
    And one of the interesting things is that we did send a 
survey out after we implemented the system, and we said, ``If 
we gave you the opportunity to go back to a paper record 
system, would you take that opportunity?'' And over 90 percent 
of the clinicians said no, they would not, because they could 
see the advantages of the information system.
    So I would say, Congressman Wu, that, initially, you do 
sort of need a stick and you need to coach people and you need 
to train them and you need to make it part of their job; but 
once they convert over to the electronic systems, the 
clinicians see the advantages of doing that, and they naturally 
continue to use it rather than fall back into paper. So that's 
the approach that we've taken.
    And then, also, if you develop these systems intuitively 
and well enough, it can actually make their lives easier, 
because, number one, they have access to all the information to 
all of their patients, not only in their practices but from 
other people's practices. And physicians recognize the benefit 
of doing that. And then, secondly, if you make the system 
intuitive enough, you can actually build in things, automated 
things, that actually make it easier for them to practice 
medicine and easier for them to practice good medicine. And 
physicians will appreciate that as well. And so those are the 
different approaches we've taken.
    Mr. Wu. Your training was about 20 hours per clinician. Mr. 
Kenagy mentioned 14 hours at OHSU. So we're beginning to get a 
bracket, if these hours of training did work, and you also 
reduced clinical hours.
    And, Mr. Kenagy, did you want to add something to this.
    Mr. Kenagy. Yeah. Just one thing, before, sort of, I think 
one key element to our success, I think, was involving 
clinicians at every phase of the selection process. I think you 
need a tool--to be successful, you need a tool that will work 
for physicians and nurses. They need to be involved in 
selecting what that is. You need to buy and implement a product 
that is good. And I would argue that our industry is only now 
emerging with three or four or five vendors that can actually 
meet the needs. And then have clinicians involved every step of 
the way.
    So to answer your question about, you know, what has been 
successful--and I think the Pacific Northwest is remarkably 
successful in adopting EHRs. We sort of say, ``We're very 
wired, and it's not just the coffee.'' I think that--but 
having--and I'm a non-clinician, and so having the clinicians 
engaged throughout that process has been absolutely critical to 
our success.
    Mr. Wu. Well, both of you talked about training the health 
care providers and training folks up on the system. I wanted to 
ask a follow-up about training in general, training both for 
the clinicians and the providers, but also of--I think someone 
referred to a shortage in personnel in health care IT--because 
you need to be proficient not just in IT but in health care; 
and if you're proficient in health care, you need to be 
proficient not only in health care but in IT.
    Do you see a role here--there was a parallel situation, I 
believe, in data security, several years ago, and the Federal 
Government provided some sprinkling of funding to train IT 
professionals in security protocols and to develop an 
additional personnel in that. Is there a federal role here to 
work on that crossover between health care and IT.
    Mr. Kenagy. I would say absolutely, first on just what 
we're facing in trying to find good professionals.
    I think it's a good sign that the Pacific Northwest economy 
is recovering, that when we have positions--I mean, two years 
ago or three years ago when I had a vacancy, it was easy for us 
to have 100 or 150 people looking for that vacancy sort of just 
saying, ``Well, I never really wanted to work in health care 
because it's such a backwater of technology, but it's a job.'' 
Now we're having the problem that people--we don't have that, 
we don't have that lecture anymore. I think people, good 
people, have jobs now.
    At OHSU we do have a program where we are training health 
care IT professionals for the future. It's part of the pipeline 
development that, as the operational side of OHSU, I want to 
work with the academic side of OHSU to continue that. I think 
that is a problem. I think understanding the nuances of health 
care IT.
    What can the Federal Government do? I think, as you 
mentioned, incentives. It's expensive to train computer 
professionals. I think recruiting them, retaining them, and 
understanding that health care is an unbelievable career for a 
health care--for an IT professional. I think that we just need 
to have more programs.
    The American Medical Informatics Association has a program 
called ``Ten by Ten'' to train 10,000 clinicians by 2010. 
Again, OHSU is a part of that effort. I think that's great. We 
need a significant number of people in our industry, both to 
support it--the ongoing support and the like.
    Dr. Chin. You know, as part of my written comments, not my 
spoken comments, one of the things that I mentioned is the 
reason for our success was really the partnership of 
physicians, IT professionals, and project managers working 
closely together. Certainly, if you have somebody who's got 
medical knowledge and the IT knowledge, that will go a long way 
to ensure the success of a project. And I think that's very 
important.
    One of the problems with health care IT is, it is a very 
specific body of knowledge and it's not really acknowledged as 
such. Unlike medical care, where you have neurosurgeons that 
are board-certified, internists that are board-certified in 
internal medicine, within health care IT, it's difficult to 
know who's qualified and who's not qualified. And just like you 
wouldn't have neuro--an internist do neurosurgery, you 
shouldn't get somebody who's knowledgeable only in IT in a 
certain area, necessarily, involved and feel that they're going 
to be completely competent in health care IT; because there are 
a lot of issue in health care IT that are very specific to that 
field, that are not specific to other IT fields.
    Mr. Urali. Again, kind of representing sort of the small 
clinician practices. I'd like to kind of narrate a recent story 
we heard from one of our customers.
    We had a big storm about a month back, in the Seattle area. 
The DSL connection--basically, the Internet connection--failed 
for this physician, and she couldn't get the connection back up 
and running for almost four days. And she had to get the 
consultant to come in and spend almost like $150 an hour to get 
something as basic as an Internet connection back up again. 
That just goes to show how expensive it is to even get 
something basic as an Internet connection going.
    One of the benchmarks should be that, you know, I can open 
my community college, you know, class schedule and see a ton of 
courses there that I can go take for a hundred dollars that, 
you know, I can gain the expertise over a two or three week 
period, maybe it's three evenings for a four-week period or 
like or something like that.
    You know, health IT is not that difficult, you know, 
honestly. I mean, I come from a technology background--used to 
work for Microsoft for eight and a half years, did not have 
that much of a health care IT background up until about four or 
five years back. And, you know, we built two products within 
Microsoft within a literally short time to pick something up. 
It is possible to get that knowledge out there in a pretty 
common manner, and I do certainly believe that. And the more 
people we have trained that way, I think it's going to bring 
down the cost of that option. We cannot have $150 consultants 
coming in just to fix my Internet connection. Physicians cannot 
just afford that sort of expensive services. They've got to be 
able to have their own office staff trained, or maybe they 
should be able to hire people who they can pay $20 or $30 an 
hour and have them full time on staff and maybe help them run 
most of the technology infrastructure.

                      Role of Patient in Health IT

    Mr. Reichert. Okay. Now we're back to recognizing the 
Chair. Thank you, Mr. Wu. And I have a couple of questions.
    I've noticed, Dr. Pettit, in your testimony, you referred 
to--and this might be kind of a commonsense statement, but an 
answer would be a commonsense answer. What do you mean by ``put 
the patient at the center''? I know what it means to me, but 
what does that really mean, when we try to bring that into the 
whole health IT world?
    Dr. Pettit. I'm glad you--I'm glad you asked that.
    Mr. Reichert. We need somebody with some IT experience.
    Dr. Pettit. I really am very, very glad you asked that 
question, because it's something that's been--a definition 
that's been sort of elusive, and I think you will find 
different answers from different people.
    Some say, ``Well, we offer a portal to our information, and 
that's patient-centered.'' But I think the way that I'm 
defining ``patient centered'' is illustrated by this: A friend 
of mine just today said, you know, ``Where is my medical 
record?'' Where is my medical record? And then he realized, he 
goes, ``Well, I don't have it.'' So he said, ``Is it at this 
clinic and that clinic and that clinic.''
    And I said, ``Yes. It's in fragments in different places.'' 
And so that's really sort of institution-centric, meaning the 
record exists there, and if you want it, you need to retrieve 
it, as opposed to having the patient be able to see it, in its 
entirety, either, you know, virtually or directly.
    I mean, even as I start to explain this, it does get kind 
of confusing in a hurry, because there are technical ways to 
bring the information together even though it might exist in 
different places, and then there are other ways where you can 
put it all in a single database and then it's essentially right 
there.
    Did I answer your question?
    Mr. Reichert. So is this part of your--because you followed 
up in your testimony with a comment about shared data 
ownership, so is that kind of what you're talking about when 
you talked about ``patient centered'' when you share the--that 
the patient has ownership of the shared data? Am I following 
you right?
    Dr. Pettit. Yes. Yes.
    Mr. Reichert. Okay.
    Dr. Pettit. What we don't want to do is just make what 
we're already doing just a little bit quicker, you know, 
because to get a record from one place to another, you know, we 
can mail it or we can fax it or we can e-mail it. But we need 
to rearrange things so that you don't have to go out and get it 
every time you need it, so that it's in a single nonredundant 
structure, you see.
    Because when you seek health care, you have, generally, a 
history and physical. And in the emergency department, when 
you're admitted to the hospital, in the outpatient setting, 
there's a ton of redundancy in that. I mean, how many times are 
you asked, ``Have you had any surgeries? Are you allergic to 
any medications?'' You hear the same thing over and over. That 
should be documented one time, and one time only, in her life. 
If you had an appendectomy in 1972, document that once; and 
then it will save health care people unbelievable amounts of 
time in reasking all those questions.

                             Privacy Issues

    Mr. Reichert. Of course the follow-up question to that 
would be, and, again, to the entire panel: When you document 
that once and the record goes out to all these other entities, 
then there certainly is this concern about the whole HIPAA and 
privacy issue.
    Do you feel that the technology that's out there today is a 
technology that does protect the privacy of patients?
    Dr. Pettit. I would say not adequately at this point. And 
there are other issues that the--the record is still so 
undifferentiated, if you--if I dictate a note on a patient, it 
might include issues about their depression and their prostate 
and their hypertension. It's just all in one thing and you 
can't really separate it out. But, you know, the ultimate goal 
in this patient-centered way is that the patient can control 
it, item by item. I mean, we're a long ways from this, believe 
me. But, you know, a person should really be able to say, 
``Don't share the results of that test with this person.'' 
Because your orthopedist may not need to see some embarrassing 
things you had, you know, across town.

                       Unique Patient Identifier

    Dr. Chin. And the technology certainly exists to secure it 
and make it private, so the technology isn't an issue.
    The technology is there. But the first step--building on 
what Dr. Pettit said, the first step is really being able to 
identify a person as the same person in another institution. 
And even that basic functionality does not exist. So I don't 
know whether the John Smith that I admitted at Providence is 
the same John Smith that was admitted at OHSU the day before. 
And that would really be the first step, is to say, ``Okay.
    I'm seeing somebody in my institution. What other 
institutions does this person have information about? And if I 
pull that information, is it the same person or is it a 
different person.''
    Some people have called this the unique patient identifier. 
And I would say it doesn't really have to be a unique patient 
identifier; you just need a mechanism to be able to clearly 
identify a person as the same person across institutions. Now, 
whether it's a unique patient identifier or some other 
functionality, it doesn't make any difference as long as you 
have that functionality to be able to identify that person. And 
that's the basic thing that we do not have.
    Mr. Reichert. A follow-up, then, with one other question. 
If I've heard correctly, Doctor, you've said that a unique 
patient identifier is a first step in this process.
    Mr. Machuca, you talked about, in your statement, making 
incremental high yield steps. So would this be one of those 
incremental high yield steps?
    Or anyone else on the panel, is there an incremental step 
that you see as a high yield, other than this patient 
identifier? I would see that as one. What would be some others?
    Mr. Machuca. Well, along those lines, I think we tend to 
look at this through the prism of acute care, which is a 400-
year-old model, and maybe we should start looking at this 
through the prism of chronic disease management and chronic 
care, which is an entirely different growth path in terms of 
consumption of resources and health care.
    And through that model, identification and data--the 
incentives for the publication of data, whether they're coming 
from the patient or another provider, are based on the value 
associated with that activity, as opposed to some financial or 
regulatory incentive I have to post or publish my data to some 
unified place. In other words, if you look at this through the 
point of view of--through the prism of acute care, you now have 
to solve also the problem of you created a burden, yet another 
burden, on an already overburdened health care system and a 
clinician, to not only take the data down for their own benefit 
but to publish it to--I don't know how many entities, but let's 
just assume there's one that collects all of that. And so you 
at least have to solve that incentive.
    And I'm much more at looking into this problem from the--if 
you look at it just as an example from the prism of chronic 
disease management, where the data that you're going to enter 
into the system of managing that has a very immediate and 
relevant step on how you get to compliance, whether it be in 
your blood pressure or whether it be in cholesterol or whatever 
it be in, whatever the parameters are.
    I think the other issues, the notion that I have to have 
all the data at my fingertips, all the time, for any possible 
reason, is a notion that, in my experience so far, I have found 
as many clinicians rejecting as too much information is worse 
than not enough information. And so I would be very careful of 
trying to wrap everything around a unified patient identifier. 
I think the efforts that are being taken to that are adequate 
and should move forward, but I would much more focus on the 
value associated--what is the data that needs to be there and 
what's the value associated with that data.
    Mr. Reichert. Sounds like that was Dr. Pettit's point a 
little bit earlier.
    Are there other steps that--incremental steps that are high 
yield steps? Anyone?
    Dr. Pettit. I will just say one thing about patient 
identification. I think that is definitely one of the first 
steps. There are a couple of ways to accomplish it and it 
doesn't have to be done through the use of a unique personal 
identifier, in the fact that I know that's been politically a 
very difficult discussion for a long time.
    Mr. Reichert. Yes.
    Dr. Pettit. I think there was unique patient identifiers 
options done like in 1997 and it was shut down practically in 
the afternoon after it was presented. But there are technical 
ways to accomplish the same thing.
    There's a lot of discussion about record locator services 
and matching algorithms and all that sort of thing. So the good 
news is that even in the past year, going to HIMSS, seeing real 
progress in the technology to do these sort of things, and 
things that were more of a theory a year ago are now becoming 
at least sort of real in the exhibition booth. But it's a step. 
I think someone here described it as a concept car: You can see 
them but you can't drive them yet.
    Mr. Reichert. Yeah.
    Dr. Pettit. But they're on their way.
    Mr. Reichert. Good. Thank you.
    Dr. Chin. You know, the next incremental step would be to 
simply take information, medical information, on a patient and 
label each piece of information as to the date the information 
was generated and the type of information. So if it was a 
medication, label it as a medication; if it was a radiology 
test, label it as a radiology test. And that way, when you 
download information from one institution to another, and you 
say, ``Well, I want to take a look at all the radiology tests 
somebody had,'' you could then filter that information and look 
at all the radiology tests in reverse chronological order. That 
would be relatively easy to do in terms of developing a 
standard for that and yet produce enormous benefits. So I would 
say, next to being able to identify the patient as the same 
patient across institutions, that would be the next step, is to 
label each piece of information as to date and the type of 
information.
    Mr. Reichert. Mr. Kenagy had a comment.
    Mr. Kenagy. Just a couple things. One, I think, I can't 
exchange anything electronically if I don't have it 
electronically in the first place. And I think the earlier 
point that only 10 percent of hospitals and 5 percent of 
physicians' offices have anything electronic in the first place 
is a much more significant barrier to exchange.
    When we--This panel represents very different views.
    We do not share the same idea that either a very large 
national database of all patient information is either a good 
or a wise objective or technologically feasible. I don't know 
if I think--actually, I do know that I don't think an 
electronic--a unique patient identifier would be the first 
step. I do think we need incremental ways to get information 
out of our systems. That is a significant--even if it were just 
a PDF, the ability to extract what is either in paper or 
electronically, at first, would be important. Right now, it's 
an extremely manual process. Some technology would help that.
    Mr. Wu. Would the Chairman yield to me for a moment.
    Mr. Reichert. Yes, Mr. Wu.
    Mr. Wu. I wanted to go back to the subject of a patient 
identifier.
    Are we overthinking this a little bit? I mean, you know, if 
you get the patient in the loop, you know, there may be 50 
David Wus in the United States but I can look through that--I 
mean, if you say, you know, ``Is this you?'' If you have a 
conscious patient, you know, ``Well, I never had a hospital 
visit in Des Moines.'' I mean, a lot of this can be simplified, 
can't it? I mean, am I missing something here?
    Dr. Pettit. Well, when you look at Denmark, they've had a 
universal patient identifier since 1963.
    Mr. Wu. Yeah, but they're Danish.
    Dr. Pettit. I know. That's the issue. You know, that's--
yeah, and we're not. Yeah.
    Mr. Kenagy. Your earlier point--your earlier point, Jody, 
about putting the patient at the center, I think, is the key of 
what you're talking about. And I think in Oregon where we are 
very individualistic, and the like, if we look at the patient--
Intel is very interested in the digital--the personal digital 
health record. If there was a way that I could identify that 
this is, ``I am John Kenagy, I give you access to this 
information,'' and I collate it, I'm the arbiter, whether 
that's the same, I think, is potentially a better way to 
approach it than thinking of a large national repository.
    Mr. Urali. If I can question that a little bit further from 
my viewpoint.
    There could be 50 David Wu's, but once you start looking at 
the date of birth and the gender and maybe some other types of 
information such as your current address, you can actually 
narrow it down to potentially even just one person. And there 
are certain other identifying information that are already 
available like, for instance, the state in which your driver's 
license was issued and the driver's license number is pretty 
unique. And then, again, maybe social security number is 
another additional piece of information that can help hone in 
on that.
    One of the things we have done is we have, you know, looked 
at those types of information and we've also tried to make it 
much more automated. In other words, if there are five 
institutions that want to start automatically sharing 
information based on those criteria that I mentioned, where we 
can uniquely identify David Wu's data residing in three of 
those 15 institutions and automatically share the data.
    So that's the sort of technology that's already available. 
And then so, you know, now we are looking at how, you know, 
what are the adoption barriers and just going through the 
process of implementing it in the Seattle area.
    Mr. Reichert. Mr. Wu.

                      Questions From the Audience

    Mr. Wu. I just wanted to follow up on the earlier 
discussion about adoption of technology and the personnel that 
it takes. I want to recognize Dr. Bill Hirsch there who's 
training a lot of folks. And as we talk about adaptation and 
flexibility, I have to note that instead of having our table 
adapt to our people, we've had our people adapt to the table 
that we have available.
    And the other thing that's happened here--and, Mr. 
Chairman, I don't know if there's anything that we can do at 
this point, although we do have multiple microphones and I'd be 
willing to, you know, flip one of ours out into the audience. 
We have a lot of experts in the audience; and instead of 
adapting this the Northwest, we've done the classic Washington 
thing where there's a panel of members of the House of 
Representatives asking an expert panel to testify, rather than 
having a more interactive process. And most of you all know 
more than Mr. Reichert or I do about this field. You're also 
learning something by looking at our learning curve right here. 
And while that might be an interesting experience for you, if 
there is some way that we can quickly work out a way of sharing 
microphones, I think that it would be very valuable to get all 
of you all participating in this.
    And while we're spreading that out, I just wanted to 
comment that in two other adoption arenas, banks and schools, 
they both had this experience initially of having a box on a 
desk. Initially, when banks computerized, they shoved a box in 
front of employees, and they probably didn't spend enough on 
training, and they didn't integrate it into their core 
operations.
    When schools first, quote, unquote, computerized, again, a 
box on the desk. And the curriculum was not integrated around 
the computer--or, actually, the computer system wasn't 
integrated into the curriculum. And over time, banks have 
changed, schools are changing, and I think that what many of 
you all have addressed is the challenge of having the health 
care system and this technology integrate with each other. And 
that is a great challenge of every transition.
    Are there folks who--I think the microphone is back there; 
we'll bring it up here momentarily.
    Unidentified Speaker. Chairman Reichert, Congressman Wu, 
and panelists----
    The Court Reporter. Excuse me. Excuse me, sir. Would you 
mind coming down here and stating your name?
    Mr. Reichert. We want to make sure you're on TV.
    Unidentified Speaker. I don't go for that.
    Chairman Reichert, Congressman Wu, and panelists, I thank 
you for your presentation----
    The Court Reporter. Would you please state your name?
    Mr. Bouchard. My name is Mike Bouchard, a former IT wonk, 
as it were, and also a patient consumer of health services.
    I think the gentleman here who mentioned about the recent 
loss of data--it's an old media that was actually lost, with 
poor security applied. Trust is an issue for patients. I didn't 
see anyone here advocating patient rights. I think that is very 
important. The patient is actually the grass roots person being 
involved here, other than the health care providers.
    Secondly, OnStar. You push a button, someone contacts you, 
they have all your data, it's kind of a centralized database. 
With Katrina, we had loss of a lot of information. There's no 
hardened infrastructure if something happens, like the person 
who lost their DSL contact, how to back it up. We have wireless 
technologies. We have jump drives. We have many new cards with 
data chips embedded in them. Biometrics is a big thing.
    You mentioned the 50 David Wu's. Now, with biometrics, 
encryption, and other such stuff, other than addresses and 
social security numbers--which I lost recently, with 
Providence, thank you--it is not always secure. Data security 
is probably going to be the biggest thing that will also get 
the patient involved.
    Now you have baby boomers--I'm a late stage, not an early 
stage, baby boomer--generations X, Y, Z, and Aa, Bb, you know, 
they'll be coming down the road. You have to have ease of 
operation scalability, vertical as well as lateral use. That's 
going to be very important. Because my seven year old son is 
going to be able to out-Blackberry me and yet I can outdo how 
to turn on a computer and double-click, right-click with 
computers better than my grandparents were. So that has to be 
scalable also, ease of use.
    And, lastly, one of the barriers I'm finding is, there is 
lack of budgeting. I have contacted many health care 
operations. I do e-waste and computer destruction. One of the 
things that we focus on is how to get rid of the data in a 
manner that does not pollute our environment or in whole drive 
form being sent to foreign countries, dumped in their 
landfills, or accidentally falling into the ocean. If one hard 
drive has 365,000 records--and I think it was a tape or a drive 
or something of that nature--any enemy can garner that 
information through data mining and computer forensics. Big 
business right now. So I would not want OHSU's information to 
be garnered and then used against me.
    And, also, with the NSA issues--you have other acronyms, 
CIA, FBI, et cetera, et cetera--how is that information going 
to be protected from privacy issues, as well? You guys have 
opened up a panoply of--a veritable cornucopia of subjects 
that, as an entrepreneur, I'm seeing many opportunities that 
they use as--that also has to be opened. How can the small 
business entrepreneur get involved in this, become a part of 
the process, as well as capitalize on it to actually generate 
new incomes, make new jobs, and actually reap some of the 
rewards. Thank you.
    Mr. Reichert. Thank you. And back to the kind of the 
Washington, D.C., format--the Chairman thanks the gentleman for 
his statement.
    Anyone want to ask a question, we would ask that maybe you 
limit yourself to a question, two minutes, so that we can have 
a number of people ask questions.
    Yes.
    Ms. Schoene. Sir, go ahead and come down. I'll meet you 
right down here. And, again, please state your name for the 
record.
    Mr. Leahy. My name is Mike Leahy. I'm with a group called 
the Oregon Community Health Information Network. And we do have 
a common community health record that we're building, so I was 
hopeful that maybe some of our friends, like my board member, 
Dr. Chin, or my buddy, Luis Machuca, or Jody, or John, could 
comment on this, because I think there are some specific things 
we could be doing.
    And then just the general statement, in Oregon we have 
about 3.6 million people, and while I appreciate all the 
private initiative type stuff, the reality is we have about a 
million people that are either Medicaid or uninsured. And so, 
eventually, we have to talk about kinds of patients and what--
who's covered and who isn't.
    And then regarding the reluctance of the governmental 
leadership, I would only say that there's another 800,000 
people who are either Medicare or who get their, quote, 
commercial insurance paid for by local, State, and Federal 
governments. That's about half of the folks in this state 
you're currently talking about, already depend in some way with 
leadership or the lack of leadership in terms of coherent 
federal, State, and local policies.
    So I guess my question to, maybe, your experts is if you 
could comment about efforts like what we're trying to do with 
common community health record, where we already have 15 Oregon 
organizations. Most of them are small organizations in rural 
clinics in this area. And if you could maybe comment about some 
of the ways that the representatives could help us build the 
common community health record. Thank you.
    Mr. Reichert. Thank you.
    Dr. Chin. Certainly, organizations like OCHIN provide a 
great opportunity, because OCHIN provides services for the 
medically indigent, for the medically underserved. And the 
interesting thing about OCHIN is that institutions that treat 
members that are medically indigent actually lose money on 
those patients, and so there's an incentive--there's a built-in 
incentive for them to actually share that information.
    If they see a patient that comes in, for whom they are not 
going to be able to bill and get any revenue, the incentive for 
them is to review all the other information and review all the 
other medical records that the patient has, so that if the 
patient needs a radiology test and they've had one at another 
institution, they don't have to repeat that test and therefore 
lose money. And so that's one of the big promises, I think, in 
terms of incentives, is in organizations like OCHIN that serve 
the medically indigent.
    The way the Federal Government could promote that is really 
to support organizations like OCHIN, that are providing 
services to the medically underserved. And it's a win-win 
situation, because, in the end, it will cost the government 
less money to do so.
    Dr. Pettit. Just a brief follow-on comment. But as a 
clinician, I can say pretty unequivocally that the patients 
that OCHIN serves, the people that are on and off insurance, 
that suffer the most from discontinuity and those handoff 
misses/errors occur routinely; because when people don't have 
insurance, they often don't seek medical care. They don't get 
primary care. They might get care, intermittently, through an 
emergency department; and we all know that's not a good way to 
care for patients.
    Mr. Machuca. If I could expand, I think, on the earlier 
point. I think it's problematic to think of patients as a 
single persona in only one context. And I think that's where we 
get our head wrapped around the asphalt on this issue.
    I may be a member of Dr. Chin's practice, I'm also an 
employee. My employer may want to have a community of its 
employees who have diabetes participate in a diabetes 
compliance improvement. So in that context, I'm a different 
person than the person I may be at Kaiser. I'm going to present 
myself as a patient to multiple places.
    And to follow up Mr. Leahy's question, who's doing an 
admirable job with a set of that community: Those folks are 
going to be moving in and out of that community, and at times 
they're going to be employees of somebody else who may have a 
program to help them move along. And so our emphasis and the 
incremental approach of the collaboration in making sure the 
information gets to establish at least some level of secure 
electronic continuity--maybe not in a record, but the ability 
to know, at a context level, who are all those people that--who 
is the network of this patient and who's involved in the care 
of this person, and you have access to those people and those 
resources. I think it's a much more real-life approach than 
sort of say, ``Take everything else out of your desktop and 
just leave Google. And just put your name in, and out comes 
everything else.'' And so I think we need all the tools in our 
desktop, not just Google.
    Mr. Reichert. Thank you.

                     Top-down or Bottom-up Approach

    Mr. Wu. Mr. Chairman, if I may, I wanted to shift to one 
topic that I think we may be at a fork in the road, and it's 
pretty important that we get some discussion on this topic so 
that we guide the Federal Government down what I hope many of 
us believe to be a proper choice at that fork in the road.
    Many of you mentioned the temptation to develop an 
overarching or perfect IT solution, and we might have 
difficulty implementing that because it assumes too much 
technology or too much training or too much overhead. And I 
just wanted to throw open to you all the discussion of, is this 
the direction that you see HHS headed in? Are they looking at a 
perhaps overarching solution that will someday look like 
Esperanto in the rear-view mirror? Or is the effort, you know, 
sensitive to the bottom-up approach which Mr. Machuca is 
advocating, an incrementalism and adaptive approach? And I 
would like the panel to address that, and I would also invite 
Dr. Jeffrey to address what NIST has been doing since signing 
the memorandum of understanding with ONC in September of 2005.
    Mr. Machuca. Thank you. To be candid, there are mixed 
signals coming from HHS. If you analyze them on a trend basis, 
Dr. Brailer and the office seem to be much more embracing of 
the incremental approach of late. But if you also look at the 
work of the four contracts that were awarded for the large 
national infrastructure, if you look deeper into that, as to 
the output that is expected and the consultants that have been 
engaged, it is troubling in that effect, because it looks like 
more of the same will get the big consultant-driven needs, so 
we can spec out something that costs a lot more and has an 
unlimited thirst of funding before it can be seen.
    And so, to be quick to your question, is that there are 
mixed encouraging signals in this direction.
    Dr. Chin. You know, I would definitely support an 
incremental approach, because our experience is that an 
overarching approach that solves every problem is, for the most 
part, not successful. And if you map out the key things that 
are needed, and I think members of this panel had discussed 
this, one of the key things is to make that information 
accessible electronically. If you don't have it accessible 
electronically, it's very difficult to move it.
    The second thing is that you have to identify a particular 
person in one organization as the same person in another 
organization. And however you do that would be fine; it doesn't 
necessarily have to be a single patient identifier. You could 
use other pieces of information.
    And then the third thing that would be useful, that would 
be relatively low tech and easy to do, is to label each piece 
of information with the date in which it was generated and the 
type of information it was. Once you have those three 
standards, then you can pull information together and integrate 
it into a single medical record, and that's all you really 
need. All the other stuff is good to have, but there's a cost 
associated with implementing those standards. So those are the 
three things that I would emphasize.
    Mr. Kenagy. Maybe a different perspective on this. At the 
ground, grass-roots level, I don't have time to pay attention 
to what HHS does.
    When you asked--one of the questions that was asked in this 
testimony is: Has NIST or HHS contacted us at OHSU to get 
engaged? And the answer is no. And the first thing I was going 
to say was, ``Well, it doesn't really matter, because it will 
be so long before it has any impact on me, positively or 
negatively.'' But I think that it's a great--it was a very 
thought provoking question. I think all of us reflected on all 
the questions that you asked for the testimony. But I'm not--
there are many people who are directly engaged.
    I'm not a commercial, off-the-shelf deployer of technology, 
so I look to my vendor to have the standards or whatever. And 
the inter-operability that they're working on, I don't know if 
it's going to have a positive impact or not.
    I don't know if it's well directed or not. I just know that 
day in and day out, we have serious concerns.
    I do want to make one positive comment about the point that 
Mike Leahy made. One of the things that they have addressed 
sort of in trying to get all these systems together is not 
doing that through inter-operability but actually one single 
database. And we are working on integrating that large database 
with ours, but a lot of the efforts around inter-operability, I 
don't know if they're correctly addressed. I think there would 
be a lot more input from providers to see if HHS is moving in 
the right direction.
    Dr. Pettit. Do you have time for one more comment.
    Mr. Reichert. Yes. Go ahead.
    Dr. Pettit. I think I've been criticized as being an 
idealist at times, but when you think about how you spend your 
energy and what you're working towards, you want to make sure 
you're working towards something that is really going to change 
the way we do things. And to avoid all this redundancy, I still 
believe you have to work towards a unified--and that doesn't 
mean a single, but a unified collection of information about a 
single person, that is accessible and controllable by them.
    I think an analogy in this case might help. Because our 
world is changing and we--let's say, for example, you go to a 
class reunion and you take pictures with your digital camera. 
And now you've got a picture of each of your 150 classmates and 
you have given them your e-mail address. And you go back home 
and you get e-mails from all of your friends, saying, ``Hey, 
could you send me that picture that you took?'' Instead, how 
about if I have--we have sort of a shared workspace. You've 
probably dealt with some of those shares--Ofoto, Shutterfly, 
Snapfish--all of these different services, where you can post 
your photos and then you're out of the loop and they can get 
what they want when they want, and you don't have to respond 
all the time.
    So I think shared workspace is kind of analogous to a 
shared chart. I mean, right now in this hospital, we use a 
shared chart. If you're--every inpatient here has a single 
chart, and if you want to know what the pulmonologist thinks or 
the cardiologist thinks or the home health person thinks, you 
read the chart, because it's--you have this singular sort of 
point of contact. And so we don't have that in the outpatient 
setting.
    I think that there's absolutely a place for the work that 
both of these gentleman do. I mean, there's always going to be 
a need for encryption and sending information in a safe, 
unidentifiable way. And some of the--some of the models that 
are being promoted, the (unintelligible) models, include that 
sort of point-to-point contact--I think the Markel model, for 
example.
    Anyway, I could--I'm sort of going off. But I just want to 
say I think there's room for all of us in this workspace. I 
mean, there's so much to be done and there's room for all of 
our work.
    Mr. Reichert. Thank you. Dr. Jeffrey was going to respond 
to this question, and Mr. Wu has another follow-up question or 
two, and then we'll conclude.
    Dr. Jeffrey. A quick answer to the first part of the 
question, which is, basically, ``is better the enemy of good 
enough,'' on that.
    One of the purposes of Secretary Leavitt's setting up the 
American Health Information Community, which was actually to 
get the representatives from the community, including not--it's 
not just government, but private sector at all phases of the 
health care industry, in there to help set the priorities, to 
help identify some of these issues. And so I think that's a 
very important mechanism by which people in this room and 
others can interface and make sure that we're getting a good 
enough solution and not waiting for perfection. So I applaud 
Health and Human Services for that.
    In terms of what is NIST doing specifically, since the 
September '05, so now just about six months into the memorandum 
of the agreement. We're working on several specific issues that 
have been identified as potential impediments. And one of them 
has been mentioned already, that physicians can't 
electronically share information, and it's both internally and 
externally across that. And so that's where all of the usual 
things that NIST does--the standards, the conformance, 
harmonization between different standard setting 
organizations--so that you don't have to worry about which one 
your vendor picked, so that all the vendors will work together. 
Those are important areas that we're working on, and that's 
something that's sort of our bread and butter.
    The second is something that we haven't yet mentioned yet 
today, which is the issue on medical terminologies. There are 
inconsistencies and ambiguities in the way that some of the 
medical terminologies are recorded, and that's actually a very 
hard problem in getting that consistency. So it's, essentially, 
not just a thesaurus and a dictionary equivalent, but it's 
functionally getting the equivalent.
    And you don't want all of the--again, in terms of training, 
you don't want every clinician to have to be forced to a very 
specific set of terms. And so one of the things that we're 
working on is a program to automatically identify ambiguities, 
cross-correlations, and the like, that would eventually be able 
to band into that. And, obviously, we talked a lot about 
securing privacy. And we're supporting Dr. Brailer in a lot of 
the programs that he's put together and the contractors that 
he's put forward to ensure that a lot of the security and 
privacy features are being incorporated in the validation of 
those.
    Mr. Reichert. Mr. Wu.

                                 HIPAA

    Mr. Wu. Thank you very much, Dr. Jeffrey.
    I just wanted to assure our previous commentator that the 
issues of privacy and security are not at all ignored by those 
of us in Congress, or I doubt that they are ignored by anyone 
on this panel.
    I did want to follow up on that, because--besides the 
incident that we all know about here in the Portland Metro Area 
about loss of records, Consumer Reports this month also ran an 
article on some of the hazards of electronic health records. 
And Consumer Reports was actually quite critical of HIPAA for 
being inadequately protective of patient records, primarily 
because of the potential for sending health care information to 
health care affiliates.
    You all have talked about changing the Stark Law, doing a 
couple of other things. I'd be very interested in your views on 
the concerns about HIPAA, any potential loopholes.
    My understanding is that HIPAA is actually much less 
protective of American patients than, say, European law is, 
European privacy. At least that's been the assertion. I'd be 
interested in your comments about consumer and patient 
protection and privacy.
    Mr. Machuca. Well, I would start by--make sure everybody 
understands that paper is not the stalwart of security and 
everybody let's just stay on paper because it's secure, kidding 
themselves every time something goes in a fax machine.
    Mr. Wu. Well, the thing is that it's inconvenient to look 
in all those files.
    Mr. Machuca. Right.
    Mr. Wu. And the inconvenience is--it's like inefficiency in 
the Federal Government, it guarantees our liberties.
    Mr. Machuca. And that's true as long as the paper stays in 
the chart.
    Mr. Wu. That's right.
    Mr. Machuca. But the moment it gets in a fax machine, you 
have no idea what's at the other end.
    Mr. Wu. That's right.
    Mr. Machuca. And that--And let me say also for the record, 
and I don't have a precise number of this, but we have, in a 
little bit over three years, tens of thousands of clinicians 
sending secure electronic e-mail--which, actually, Providence 
doesn't get enough credit for this.
    They were the first provider to provide secure, encrypted 
e-mail, in the Greater Northwest, which is now followed by 
everybody, and I echo your point.
    But in millions and millions of e-mails--and we don't have 
a precise count--we have yet to have a single incidence of any 
kind of a problem along those lines. So we take this issue 
very, very seriously, but we reject the notion that people 
should be afraid and use privacy and security as the reason to 
not implement technology. That--I think it's going away, but it 
has been resonant in the early days. And so I think the 
technology is absolutely there to ensure, far beyond paper and 
far beyond anything we have, with very low cost means, absolute 
privacy and security, provided, of course, that there's the 
will in the organization to implement it.
    I'll say one more thing on this topic. Sometimes we trip 
over the pedestrian to look at the big thing with the shiny 
lights. I got the call from your staff about testifying, and we 
had our meeting. And immediately, within hours, I had two e-
mails from your staff, one with a full charter of the hearing 
and another one with an attached Power Point of the work 
between NIST, ONC, and the other organizations. I had that on 
my desktop. I took off, I started preparing. I left for San 
Diego. I came back on Thursday of last week. On my regular mail 
was the letter inviting me to the hearing, with the charter--no 
presentation on what NIST is doing.
    So had I gone to--had I lived in that system, where I 
reject the use of e-mail for business productive use, I would 
have prepared--I would start preparing for this hearing on 
Friday of this week, probably ruined my weekend, and it would 
have been an entirely different situation, than the context and 
the information being readily available.
    And when you asked--I think you asked a very, very profound 
question. I don't think we've really given you a sharp, crisp 
answer. If you wanted to hang on to one thing that could 
modernize the system tomorrow and make a quantum leap--not 
solve all the problems that we have, but do the quantum leap--
look at the physician use of e-mail in the routine part of 
their practice. And that, in and of itself, as every other 
industry would suggest, and as your own, I would bet, 
experience in your daily work flow would suggest, could move 
that step forward. That first little baby step would give you a 
tremendous amount of benefit. So I would leave that as my 
comment on that.
    Dr. Chin. I would just say that it's a very, very complex 
area. You know, Kaiser Permanente does take privacy very 
seriously and we do monitor access to the medical record, and 
we've had to let people go in some cases because of breaches of 
privacy. So we do take it very seriously.
    But it is a very complex question, and I think the only 
solution to this would be to give individuals control over 
their medical information and somehow say, ``Okay. You can see 
this, you can't see this; you can see this, you can't see 
this.'' And one of the reasons why there is this issue with 
privacy in the United States is precisely because of payment 
mechanisms: In order for payers to pay, they need to know what 
they're paying for; and because of that, there are issues where 
payers can see information that otherwise would be private in 
other organizations. And that's one of the key reasons why 
there is this issue with HIPAA and the lack of security around 
HIPAA.
    Dr. Pettit. You bring up a very good point about--and 
someone had mentioned to me last week at HIMSS about how people 
are compelled to share their information, whether they really 
want to or not; because if they don't, they don't get services. 
And it's like we all have done on the Internet, where you sign 
that EULA, the end-user's licensing agreement, that you don't 
want to sign because you can't read it, but you scroll through 
it and you hit ``agree,'' even though you have no idea what you 
just signed. And there are some analogies to that in health 
care. Because you come into the emergency department and you 
sign because you want service or--and if you want a health plan 
to cover you, you sign what you need to sign. But I really do 
believe that the American public has no idea how many people 
see their information; and I think when they do find out, that 
there's going to be some change.
    Mr. Reichert. Now they all know.
    Mr. Urali. I tend to take privacy and security very 
seriously. In fact, we came up with a tag line, ``Trust is 
Earned,'' to indicate that we take it very seriously, and 
through our actions we will show that we will honor the trust 
of the public in how we approach it.
    It fundamentally boils down to a central principle we have, 
which is the part of the network that we make it available is 
only accessible to the clinicians; and so right there, we are 
restricting access to information, even in the community 
setting. And then we give hundred percent opt-out capability 
for any patient that has not consented. So I can say I don't 
want to be part of the network, and hence none of my data will 
be electronically shared.
    The problem with having patients decide which piece of 
information that they want to share or which piece they don't 
want to share is that they can make very serious mistakes. None 
of us are experts at health care. We've talked to literally 
hundreds of doctors, and they say a certain psychiatric 
condition may be important even for treating the foot. And it's 
not something that I can personally understand, but we've had 
those types of conversations. So having nonsophisticated 
patients making decisions as to which medication information 
they will share, or which problem they will share, and who's 
the physician--that is going to build a very complicated 
system.
    I think we're all looking for simple systems that work. If 
you think about your banking system, the ATM card, you know, 
how simpler could it get? I just get a card, I can go into a 
machine, put it in, I put a four-digit PIN code and I can get 
my money out. That is a simple system. That system works. Of 
course we can't use the banking standards for health care data. 
We have to come up with a lot more security and privacy 
solutions; but at the same time, we can make it so difficult 
that the system doesn't actually work.
    Mr. Reichert. Go ahead.
    Mr. Urali. So in our model, the first step we took is 
restrict data access to only clinicians. We saw some survey 
that said more than 95 percent of patients trust their primary 
care provider and their doctors, you know, to do the right 
things in terms of protecting their privacy.
    Mr. Reichert. The Chair will recognize Mr. Wu for the final 
question.
    Mr. Wu. Mr. Chairman, I think that, given the tremendous 
forbearance and attention of both--well, all of our guests and 
panelists here, I'm going to forego this last question, because 
there are--there's never a last question; there's just so many 
more to ask.
    I'll just take a moment to thank--Mr. Reichert, you, and I 
always get the honor of being the talking face and being in 
front of the microphone; but there are many, many people who 
work very hard to make these things happen, and work behind the 
scenes.
    And first and foremost, I want to thank Marshall Jeffrey 
from our office, who has taken the lead in organizing this 
field hearing today.
    From the Science Committee staff, the majority side, Jamie 
Brown has really done heroic work. And supervising Jamie's work 
is Olwen Huxley. On the minority staff, Mike Quear. Thank you, 
all, for making the long trip from Washington, D.C. and our 
Science Committee.
    Staffers Stella Ma, who has also worked very, very hard on 
this, along with Dan Whelan and John Wykoff of our district 
staff. And I'd also like to recognize Kevin from the NIST 
congressional liaison office, who was so helpful with 
information about Dr. Jeffrey. Ralph Hall's Legislative 
Director who has joined us from Texas and Washington, D.C., and 
Chairman--Mr. Chairman, I believe that your district director 
is also here today.
    Mr. Reichert. My deputy district director, Sue Foy.
    Mr. Wu. And I want to thank you all for attending. And I 
thank the staff for their very, very hard work to bring this 
together. As we all know, for every person who's in front of 
the microphones, there are probably five or ten people who are 
behind the microphones or behind the camera, making the system 
work.
    And with that, Mr. Chairman, I yield back to you for a 
closing.
    Mr. Reichert. Thank you, Mr. Wu.
    Well, it's been a pleasure being here this afternoon. We 
have a little bit of a drive back now to Seattle, and I'm also 
on the Transportation Committee, and so we'll have a chance to 
have firsthand experience with the commute between Portland and 
Seattle, which I've experienced in the past. Today will be 
special.
    I just, too, want to echo the words shared by Mr. Wu.
    All of you in the audience, thank you so much for 
everything that you do. And the panelists, thank you for being 
here. I know it's not just appearing for two or two and a half 
hours, responding to questions and giving testimony, but there 
is preparation time. And, fortunately, you were fully informed 
with the e-mail service and better able to prepare.
    One of the things that I think that a forum like this 
provides, certainly for those of us who can't--some who can't 
travel back and forth to Washington, D.C., and attend a forum 
like this, you kind of get a flavor for what it's like back in 
D.C. and how business is sort of conducted. It can be a little 
bit awkward and formal, I'm discovering. But it also, I think, 
more importantly, provides an opportunity for all of us to 
visit, person to person, to have a discussion, to interact with 
each other on a personal level and to hear from people who are 
involved every day in trying to solve our health care IT 
problems.
    And so, you know, when you talk about e-mail and you talk 
about IT and you talk about the changing world that we're 
living in, you know, a year ago, I used to reach and I would 
have my badge. Now I have a--this is, yeah, I'm stuck with this 
Blackberry, but----
    Mr. Wu. It will respond to all functions.
    Mr. Reichert. Right. I think it has a ``beam me up'' button 
on it.
    Mr. Wu. Right.
    Mr. Reichert. The point I want to make here is that--and 
Dr. Pettit, you know, I appreciate your comments on the 
personal issue. Because doctors can look at a record, you can 
read the record--and I was wondering, and somebody did mention, 
I think--Doctor, I think you mentioned the inconsistency of 
recording data and information. And so as you read data and 
information, as you read e-mails and you don't know what you're 
signing and the data is inconsistent, there is this importance 
for us to interact as human beings; we can never let that go. 
And so I just want to leave us with that thought. We all have 
that access to e-mails and technology; but, please, never 
hesitate to pick up the telephone or walk down the hallway and 
knock on someone's door and have a little visit with someone.
    So there's a closing statement I need to read. Before we 
bring the hearing to a close, again I want to thank everyone 
for being here. This has been highly educational, and our 
witnesses have given this committee a lot to consider about the 
potential role of information technology in the health care 
industry.
    And if there is no objection, the record will remain open 
for additional statements from other Members and for answers to 
any follow-up questions the Committee may ask of the witnesses.
    Without objection, so ordered. The hearing is now 
adjourned. Thank you.
    [Whereupon, at 2:32 p.m., the Subcommittee was adjourned.]
                               Appendix:

                              ----------                              


                   Additional Material for the Record




