[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]




 
                   HEALTH CARE INFORMATION TECHNOLOGY

=======================================================================

                                HEARING

                               before the

                         SUBCOMMITTEE ON HEALTH

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 27, 2005

                               __________

                           Serial No. 109-28

                               __________

         Printed for the use of the Committee on Ways and Means



                    U.S. GOVERNMENT PRINTING OFFICE
26-387                      WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                      COMMITTEE ON WAYS AND MEANS

                   BILL THOMAS, California, Chairman

E. CLAY SHAW, JR., Florida           CHARLES B. RANGEL, New York
NANCY L. JOHNSON, Connecticut        FORTNEY PETE STARK, California
WALLY HERGER, California             SANDER M. LEVIN, Michigan
JIM MCCRERY, Louisiana               BENJAMIN L. CARDIN, Maryland
DAVE CAMP, Michigan                  JIM MCDERMOTT, Washington
JIM RAMSTAD, Minnesota               JOHN LEWIS, Georgia
JIM NUSSLE, Iowa                     RICHARD E. NEAL, Massachusetts
SAM JOHNSON, Texas                   MICHAEL R. MCNULTY, New York
PHIL ENGLISH, Pennsylvania           WILLIAM J. JEFFERSON, Louisiana
J.D. HAYWORTH, Arizona               JOHN S. TANNER, Tennessee
JERRY WELLER., Illinois              XAVIER BECERRA, California
KENNY C. HULSHOF, Missouri           LLOYD DOGGETT, Texas
RON LEWIS, Kentucky                  EARL POMEROY, North Dakota
MARK FOLEY, Florida                  STEPHANIE TUBBS JONES, Ohio
KEVIN BRADY, Texas                   MIKE THOMPSON, California
THOMAS M. REYNOLDS, New York         JOHN B. LARSON, Connecticut
PAUL RYAN, Wisconsin                 RAHM EMANUEL, Illinois
ERIC CANTOR, Virginia
JOHN LINDER, Georgia
BOB BEAUPREZ, Colorado
MELISSA A. HART, Pennsylvania
CHRIS CHOCOLA, Indiana
DEVIN NUNES, California

                    Allison H. Giles, Chief of Staff

                  Janice Mays, Minority Chief Counsel

                                 ______

                         SUBCOMMITTEE ON HEALTH

                NANCY L. JOHNSON, Connecticut, Chairman

JIM MCCRERY, Louisiana               FORTNEY PETE STARK, California
SAM JOHNSON, Texas                   JOHN LEWIS, Georgia
DAVE CAMP, Michigan                  LLOYD DOGGETT, Texas
JIM RAMSTAD, Minnesota               MIKE THOMPSON, California
PHIL ENGLISH, Pennsylvania           RAHM EMANUEL, Illinois
J.D. HAYWORTH, Arizona
KENNY C. HULSHOF, Missouri

Pursuant to clause 2(e)(4) of Rule XI of the Rules of the House, public 
hearing records of the Committee on Ways and Means are also published 
in electronic form. The printed hearing record remains the official 
version. Because electronic submissions are used to prepare both 
printed and electronic versions of the hearing record, the process of 
converting between various electronic formats may introduce 
unintentional errors or omissions. Such occurrences are inherent in the 
current publication process and should diminish as the process is 
further refined.


                            C O N T E N T S

                               __________
                                                                   Page

Advisory of July 20, 2005 announcing the hearing.................     2

                               WITNESSES

U.S. Department of Health and Human Services, David Brailer, 
  M.D., Ph.D., National Coordinator for Health Information 
  Technology.....................................................     6

                                 ______

American Health Information Management Association, Linda Kloss..    34
American Medical Informatics Association, Don E. Detmer, M.D.....    28
Naples Community Hospital Healthcare System, Allen Weiss, M.D....    40
Health Policy Institute, Georgetown University, Joy L. Pritts....    46
Healthcare Leadership Council, Mary R. Grealy....................    53

                       SUBMISSIONS FOR THE RECORD

Bayot, James, McKesson Corporation, San Francisco, California, 
  statement......................................................    66
Gibbons, Patricia, Mayo Foundation, Rochester, Minnesota, 
  statement......................................................    70
Hogan, William and Vergil Slee, The Rods Laboratory (at the 
  University of Pittsburgh), Pittsburgh, Pennsylvania, statement.    74
Ignagni, Karen, America's Health Insurance Plans, Washington, DC, 
  letter.........................................................    78
Marshall, Rebecca, American Academy of Pediatrics, Elk Grove, 
  Illinois, statement............................................    79
Orient, Jane, Association of American Physicians & Surgeons, 
  Tucson, Arizona, statement.....................................    80
Thomashauer, Robin, Council for Affordable Quality Healthcare, 
  statement......................................................    82
Trachtman, Richard, American College of Physicians, statement....    84
Vaughan, William, Consumers Union, statement.....................    89
Yanes, Richard, Clinical Social Work Federation, Arlington, 
  Virginia, statement............................................    90


                   HEALTH CARE INFORMATION TECHNOLOGY

                              ----------                              


                        WEDNESDAY, JULY 27, 2005

             U.S. House of Representatives,
                       Committee on Ways and Means,
                                    Subcommittee on Health,
                                                    Washington, DC.

    The Subcommittee met, pursuant to notice, at 10:26 a.m., in 
room 1100 Longworth House Office Building, Hon. Nancy L. 
Johnson (Chairman of the Subcommittee) presiding.
    [The advisory announcing the hearing follows:]

ADVISORY

FROM THE 
COMMITTEE
 ON WAYS 
AND 
MEANS

                         SUBCOMMITTEE ON HEALTH

                                                CONTACT: (202) 225-3943
FOR IMMEDIATE RELEASE
July 27, 2005
No. HL-8

    Johnson Announces Hearing on Health Care Information Technology

    Congresswoman Nancy L. Johnson (R-CT), Chairman, Subcommittee on 
Health of the Committee on Ways and Means, today announced that the 
Subcommittee will hold a hearing on health information technology (IT). 
The hearing will take place on Wednesday, July 27, 2005, in the main 
Committee hearing room, 1100 Longworth House Office Building, beginning 
at 10:00 a.m.
      
    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. 
Witnesses will include representatives from the public and private 
sectors to discuss the use of IT in the health care sector and the 
targeted actions that government should take to increase the adoption 
of health IT. However, any individual or organization not scheduled for 
an oral appearance may submit a written statement for consideration by 
the Committee and for inclusion in the printed record of the hearing.
      

BACKGROUND:

      
    Greater use of IT in the health care field has the potential to 
reduce medical errors, improve patient care, and reduce costs; yet 
adoption of new technology has been slow. Over the past year, beginning 
with the Executive Order issued by President Bush that established the 
Office of the National Health Information Technology Coordinator, 
increased attention has been paid to the issue of the adoption of 
health care information technology and the need for such technology to 
be interoperable.
      
    Throughout this dialogue, questions have been raised as to the 
appropriate and ongoing role of government in facilitating the 
development of standards for the exchange of electronic health 
information, ensuring the interoperability of information systems, 
enabling private sector investments among providers, and harmonizing 
laws regarding the confidentiality of patient information. The ultimate 
goal is a nationwide health care information infrastructure that 
recognizes the role that modern technology can play in the health care 
system.
      
    Most recently, the Secretary of the U.S. Department of Health and 
Human Services (HHS) announced the formation of the American Health 
Information Community, chaired by Secretary Leavitt and comprised of 17 
members from the public and private sectors, to develop IT standards 
and achieve health IT interoperability. At the same time, the Secretary 
released four requests for proposals seeking private sector input in 
addressing issues regarding technology standards, certification, 
confidentiality and security of patient information, and development of 
a national architecture.
      
    The Subcommittee has held a series of hearings on health IT, 
covering private sector initiatives, government programs, and 
electronic prescribing. This hearing will focus on recent developments 
in this area and ways in which Congress can best act to ensure 
continued progress.
      
    In announcing the hearing, Chairman Johnson stated, ``Greater use 
of IT can dramatically improve the safety and quality of our health 
care system while also reducing costs. I am encouraged HHS is moving 
forward to adopt health IT, and Congress wants to work with the 
Administration to shape the final product. I believe that a public-
private approach appropriately recognizes the key roles that both the 
government and the private sector play in the critical area of health 
IT.''

FOCUS OF THE HEARING:

    The hearing will focus on the approach currently being taken by the 
Administration to speed the adoption of health IT and areas where 
congressional involvement can further these efforts.

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

    Please Note: Any person(s) and/or organization(s) wishing to submit 
for the hearing record must follow the appropriate link on the hearing 
page of the Committee website and complete the informational forms. 
From the Committee homepage, http://waysandmeans.house.gov, select 
``109th Congress'' from the menu entitled, ``Hearing Archives'' (http:/
/waysandmeans.house.gov/Hearings.asp?congress=17). Select the hearing 
for which you would like to submit, and click on the link entitled, 
``Click here to provide a submission for the record.'' Once you have 
followed the online instructions, completing all informational forms 
and clicking ``submit'' on the final page, an email will be sent to the 
address which you supply confirming your interest in providing a 
submission for the record. You MUST REPLY to the email and ATTACH your 
submission as a Word or WordPerfect document, in compliance with the 
formatting requirements listed below, by close of business Wednesday, 
August 10, 2005. Finally, please note that due to the change in House 
mail policy, the U.S. Capitol Police will refuse sealed-package 
deliveries to all House Office Buildings. For questions, or if you 
encounter technical problems, please call (202) 225-1721.

FORMATTING REQUIREMENTS:

    The Committee relies on electronic submissions for printing the 
official hearing record. As always, submissions will be included in the 
record according to the discretion of the Committee. The Committee will 
not alter the content of your submission, but we reserve the right to 
format it according to our guidelines. Any submission provided to the 
Committee by a witness, any supplementary materials submitted for the 
printed record, and any written comments in response to a request for 
written comments must conform to the guidelines listed below. Any 
submission or supplementary item not in compliance with these 
guidelines will not be printed, but will be maintained in the Committee 
files for review and use by the Committee.

    1. All submissions and supplementary materials must be provided in 
Word or WordPerfect format and MUST NOT exceed a total of 10 pages, 
including attachments. Witnesses and submitters are advised that the 
Committee relies on electronic submissions for printing the official 
hearing record.

    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.

    3. All submissions must include a list of all clients, persons, 
and/or organizations on whose behalf the witness appears. A 
supplemental sheet must accompany each submission listing the name, 
company, address, telephone and fax numbers of each witness.

    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://waysandmeans.house.gov.

    The Committee seeks to make its facilities accessible to persons 
with disabilities. If you are in need of special accommodations, please 
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four 
business days notice is requested). Questions with regard to special 
accommodation needs in general (including availability of Committee 
materials in alternative formats) may be directed to the Committee as 
noted above.

                                 
    Chairman JOHNSON. Good morning, everyone, and a special 
welcome to Dr. Brailer and the rest of the panelists. My 
personal apologies to Congressman Stark and Congressman 
Thompson for the delay in the start of this hearing. As some of 
you may know, the President was at the Republican Conference 
and sometimes he is very digressive and covers a lot of 
territory, and if you are in the middle of the room, you can't 
get up and walk out, so my apologies, but I didn't anticipate 
the problem. Today, I am pleased to chair this hearing on the 
use of information technology (IT) in the health care sector. 
In the last Congress, we held two hearings on this topic, and 
today, we have an opportunity to revisit this issue to learn 
what progress has been made over the last year. In addition, I 
hope to focus our discussion on what Congress can do to further 
the efforts of the administration and the private sector in 
increasing the adoption of health IT. Greater use of IT has the 
potential to dramatically improve the safety and quality of 
health care for Americans, while at the same time lowering 
costs through reductions in clinical errors and elimination of 
redundant procedures.
    Yet despite these benefits, widespread adoption of IT in 
the health field has been disappointingly slow. I have long 
supported efforts to increase the use of IT in the health 
sector. In the 108th Congress, I introduced H.R. 2915, the 
National Health Information Infrastructure Act. I am currently 
working on a follow-up piece of legislation that takes a 
simple, streamlined approach to addressing this issue by 
focusing exclusively on those areas in which Congress needs to 
intervene in order to promote greater adoption of health IT by 
all providers. I am encouraged by the steps that this 
administration has taken recently to engage in a public-private 
partnership to move the health IT agenda forward with the 
announcement of the American Health Information Community 
(AHIC), and the release of four requests for proposals to 
address the key areas in this field, that is the development of 
standards, certification of products, protection of patient 
information, and creation of a nationwide platform for 
electronic health information exchange.
    I believe that we will see real progress in the months 
ahead and I just want to commend Secretary Leavitt and Dr. 
Brailer for the breadth of their vision and the foresight of 
their work. These dramatic proposals are eliciting new thought 
from the nation at a level that portends progress in the future 
at a rate impossible without this kind of leadership. So, I 
welcome Dr. Brailer and all those who will testify and help us 
understand the progress that has been made to date in this area 
and additional ways in which Congress can advance the health IT 
agenda. Dr. Brailer has been with us before. He was named the 
National Health Information Technology Coordinator last year. 
Shortly after his appointment, Dr. Brailer produced a framework 
for strategic action to guide the Federal Government's effort 
in this area and he has been leading the administration's 
efforts to increase adoption of health IT in both the public 
and private sectors. I have attended a number of the 
conferences that he has scheduled, and honestly, the breadth of 
involvement of people from the private sector, not only 
technology people, but health delivery people and academics, 
has really been impressive and has made a difference in the 
speed at which we, as a nation, can move forward in this 
difficult but very important area.
    On our second panel, I am pleased to welcome a 
distinguished group who can help us sort through some of the 
more technical challenges we face in this field. Dr. Don Detmer 
is President and chief executive officer (chief executive 
officer) of the American Medical Informatics Association 
(AMIA), a current member of the Commission on Systemic 
Interoperability that was created under the Medicare 
Modernization Act, and a past Chairman of the National 
Committee on Vital Statistics. He will provide us with his 
insights as to the need for Federal leadership in the health IT 
arena and offer specific suggestions of the ways in which 
Congress can continue to move this issue forward. Linda Kloss 
is the Chief Executive Officer of the American Health 
Information Management Association. She will discuss particular 
challenges we face in coding for new medical technologies and 
the need to update our coding system to keep pace with the 
modern medical world. Dr. Allen Weiss, President of the Naples 
Community Hospital Healthcare System in Florida, will provide 
us with some real-world insight into the benefits that can be 
derived from implementing a health care IT system along with a 
better understanding of the challenges he has faced in making a 
paperless health care system a reality. Joy Pritts, Assistant 
Research Professor at the Health Policy Institute at Georgetown 
University will discuss issues relating to maintaining the 
confidentiality of patient information so important to all of 
us.
    Finally, Mary Grealy with the Health Care Leadership 
Council will discuss the challenges that health care providers 
and others face in navigating the myriad State and Federal 
regulations geared toward protecting patient information and 
how the existence of many layers of regulations may impede the 
adoption of health care IT. Incidentally, I would just say 
these two contrasting views, with the depth of knowledge and 
experience behind them, will be very helpful to the Committee. 
I look forward to hearing from all our witnesses and thank you 
for being with us today. Mr. Stark, I would like to invite you 
to make an opening statement.
    Mr. STARK. Thank you, Madam Chair. I am afraid that while 
the administration can get its act together on soliciting votes 
for the Central America Free Trade Agreement, I wish we could 
have the same kind of direction on bringing the medical 
delivery system into the, at least, 20th century before the 
21st century is over. We are going to hear this morning from 
our lead witness about more meetings and conferences than one 
could believe possible and relatively nothing about getting the 
job done. Now, on the other hand, another employee of the U.S. 
Department of Health and Human Services tells us that next 
week, they are going to get something done, and I am beginning 
to wonder whether the right and the left hand speak to each 
other. We are going to hear that we brought a bunch of chief 
executive officers together from companies with such greater 
experience in delivering health care as Wal-Mart, but this 
leadership panel, which had basically no representation for 
patients or beneficiaries on it, did say that the key 
imperative that the Federal Government should act as the 
leader, catalyst, and convener of our IT effort. Yet in the 
same testimony, we are going to hear that there is an idea that 
this new community of health care information will be turned 
over to the private sector in 5 years. It sounds to me like the 
administration can't decide what they want to do. They do 
suggest that--the President suggested in 2004 a deadline. 
Albeit 10 years, it is something that many of us think might 
have a good effect on getting people moving.
    Now, as I say, we are going to hear an awful lot of 
discussion about consultation and harmonization, which I used 
to think was a mathematical result of a wave study, but 
harmonization may have something to do with doctors and 
patients gathering information. Dr. McClellan, on the other 
hand, has told us that on August 1, the Centers for Medicare 
and Medicaid Services (CMS) staff is going to release the 
Veterans VISTA program and it will be a stand-alone and allow 
an in-office electronic health record (EHR) that contains 
computerized medical records, a medication formula with refill 
and drug interaction notification. It is a reminder system for 
preventative services, which I know the chair is interested in, 
and diagnostic tests, a potential to communicate electronically 
with other systems in the future. It is free. It is in the 
public domain. It is an open system. It is scalable and allows 
major software developers to devise add-on enhancements. It is 
basically the system that we could start with tomorrow and is 
acclaimed as being quite good. All it seems to me is it takes 
is the current administration, and I suspect they have the 
authority to do this without legislation, but I also suspect 
that we would be glad to pass it if they need it, why don't we 
get started? It is beyond me why we are having all these 
therapy sessions when we could get started and install the 
software. So, I will look forward to hearing not only about 
that. The lead witness earlier suggested to us that Health 
Insurance Portability and Accountability Act 1996 (HIPAA) (P.L. 
104-191) was an unmitigated disaster, so I would like to hear a 
little bit more about how he intends to protect the privacy of 
the American people, but we will leave that to his testimony. 
Thank you, Madam Chair.
    Chairman JOHNSON. Dr. Brailer, welcome.

 STATEMENT OF DAVID BRAILER, M.D., PH.D., NATIONAL COORDINATOR 
 FOR HEALTH INFORMATION TECHNOLOGY, U.S. DEPARTMENT OF HEALTH 
                       AND HUMAN SERVICES

    Dr. BRAILER. Thank you, Chairwoman Johnson and Ranking 
Member and fellow Californian Stark and other members of the 
Committee. I have submitted my written testimony, and with your 
consent, I will give only brief remarks and then answer your 
questions. Our efforts to advance health IT are now fully 
underway. There are numerous initiatives that are going on 
today across the nation in the administration, which I will 
talk about principally now, but also in numerous States, 
including many of the States you represent, local and regional 
grassroots projects, and certainly in other agencies and in the 
private sector. We certainly welcome the interest in health IT 
from this Subcommittee and elsewhere in Congress. We are 
focusing on setting a foundation for health IT that is long-
term, not just to solve an immediate problem today, but to 
create the foundations for a very long-term sustained 
transformation of health care. We want this to be market-based, 
to be non-regulatory, and with a primary focus on improving our 
health care system's safety and quality, cost effectiveness, 
and consumer involvement as well as threat preparedness.
    Briefly, there are three foundations of what we are doing. 
First is clinically, and I am sure you know this quite well. We 
want to make sure that clinicians have access to information 
that can prevent errors and deaths, that they can make 
evidence-based treatment decisions and be able to reduce 
redundant tests and unnecessary treatments. We want to bring 
together different clinicians so they can work as a team to 
deliver care and to care for the whole patient. We want to get 
information to consumers so that they can manage their health, 
make treatment decisions, and choose providers based on good 
evidence. There are business foundations of our effort, as 
well. These arrive from strong support in the private sector 
for the use of health IT to enable further competitiveness of 
American industry, to continue to improve the health status of 
the employees who work in our commercial industries, to bring 
productivity and employment improvements to health care, as IT 
has brought to other industry sectors, and as an added benefit, 
to develop high-tech jobs in the health care industry across 
the United States. The Federal Government has been called upon 
to be a leader, a catalyst, and a convener and to use 
collaborative methods to pull stakeholders together and move 
this forward and to use our purchasing power to drive results.
    We also have a technical foundation that has been set that 
is built around strong support for interoperability as a 
foundational element in the health care system. The key 
findings from the RFI that we sent to industry over the past 6 
months have had more than 500 respondents from across sectors, 
had calls for public-private collaboration, information that is 
patient-centric, strong and advanced safeguards for privacy, a 
centralized, regionally governed initiative, and a nationwide 
communication standard and an architecture. We see two 
fundamental challenges and, therefore, have two core strategies 
in our initiative. First is to drive interoperability and 
second is to drive EHR adoption and the adoption of other 
related health information technologies. Interoperability is 
essentially about getting information where it is needed when 
it is needed. Most clinical value is tied up in the ability to 
share health information among different providers, yet today, 
we have very little sharing and health information is often 
regarded as a proprietary asset of the organization. We can't 
empower consumers without getting their information together in 
one place in a usable manner, and this is really the functional 
test of are we an interoperable health care system. For years, 
we have sought integratedness and information is now the key 
strategy that is being focused on.
    The other component is getting EHRs into the hands of 
providers. There is a large gap between the adoption of large 
and small providers regarding their use of these tools. Large 
organized health care systems and physician groups have the 
know-how and resources to put in health IT, to implement it, to 
use it, to change their practices around it, and they are the 
ones that are driving most of the reported adoption. Smaller 
providers, small physician offices, small hospitals, safety net 
clinics, have substantial economic know-how, business operation 
and market barriers to health IT. These are not a result of the 
software, these are the result of the huge change in their 
organizations that they stand for. Because of perverse 
incentives in reimbursement, most health IT adoption is being 
driven strategically today. We have taken on an 
interoperability forward strategy. That means that we have 
focused principally on how to make sure that as IT adoption 
occurs, it can share information. I will briefly summarize the 
key strategies we are doing today.
    First is standards harmonization, which has the goal of 
making sure that the United States has one single usable and 
unified set of information standards. Many other countries 
already have these and we have lagged behind and we want to 
make sure that we can protect our hospitals and clinicians from 
having to deal with overlaps, ambiguities, and gaps in 
standards. Second is compliance certification. We want to make 
sure that EHRs and other health IT do meet minimal standards 
for clinical content, for security, and for information sharing 
so we can make sure that patient information can be gathered 
from different sources, we can protect and secure information 
in these tools, and we can prompt physicians with needed 
preventative care and orders and other alerts that are part of 
routine care and treatment. We want to develop an architecture 
for sharing of information that would be Internet-based and 
built around the concept of high security that is used in other 
applications. We want to make sure that we have a capacity in 
industry to share health information so that doctors do not 
have to do this without help. Finally, we are focusing on 
addressing variations in privacy and security practices across 
states and across covered entities. Our goal is to ensure that 
not only State-to-State variation can be reduced, but more 
importantly, that covered entity-to-covered entity variation 
can be reduced, as well, so that we don't have to choose 
between flexibility of security and privacy and 
interoperability. Chairman Johnson, I appreciate your 
leadership. I appreciate the interest of the Subcommittee and I 
certainly look forward to answering your questions.
    [The prepared statement of Dr. Brailer follows:]

   Statement of David Brailer, M.D., Ph.D., National Coordinator for 
  Health Information Technology, U.S. Department of Health and Human 
                               Services.

    Chairwoman Johnson and Members of the Subcommittee, I am Dr. David 
Brailer, the National Coordinator for Health Information Technology. 
The Office of the National Coordinator for Health Information 
Technology is a component of the Department of Health and Human 
Services (HHS). Thank you for inviting me to testify today on health 
information technology activities underway in the Department.
Setting the Context
    On April 27, 2004, the President signed Executive Order 13335 (EO) 
announcing his commitment to the development and nationwide 
implementation of an interoperable health information technology 
infrastructure to improve efficiency, reduce medical errors, raise the 
quality of care, and provide better information for patients, 
physicians, and other health care providers. In particular, the 
President called for widespread adoption of electronic health records 
(EHRs) within 10 years so that health information will follow patients 
throughout their care in a seamless and secure manner. Toward that 
vision, the EO directed the Secretary of the Department Health and 
Human Services (HHS) to establish within the Office of the Secretary 
the position of National Coordinator for Health Information Technology 
(National Coordinator), with responsibilities for coordinating Federal 
health information technology (health IT) programs with those of 
relevant executive branch agencies, as well as coordinating with the 
private sector on their health IT efforts. On May 6, 2004, Secretary 
Tommy G. Thompson appointed me to serve in this position.
    On July 21, 2004, during the Department's Health IT Summit, we 
published the ``Framework for Strategic Action: The Decade of Health 
Information Technology: Delivering Consumer-centric and Information-
rich Health Care,'' (The Framework). The Framework outlined an approach 
toward nationwide implementation of interoperable EHRs and in it we 
identified four major goals. These goals are: 1) inform clinical 
practice by accelerating the use of EHRs, 2) interconnect clinicians so 
that they can exchange health information using advanced and secure 
electronic communication, 3) personalize care with consumer-based 
health records and better information for consumers, and 4) improve 
public health through advanced bio-surveillance methods and streamlined 
collection of data for quality measurement and research. The Framework 
has allowed many industry segments, sectors, interest groups, and 
individuals to review how health IT could transform their activity or 
experience, consider how to take advantage of this change, and to 
participate in ongoing dialogue about forthcoming efforts. My office 
has obtained significant additional input concerning how these four 
goals can best be met.

      We have consulted with, and actively partnered with, 
numerous federal agencies in the U.S. Government including the 
Departments of Veterans Affairs, Defense, Commerce, and Homeland 
Security.
      We have met with many organizations and individuals 
representing stakeholders of the healthcare system to obtain their 
individual views.
      We have reached out to states and regions through site 
visits and town hall meetings to understand the health IT challenges 
experienced at the local level as well as best practices for the use 
of, and collaboration regarding, health IT.
      We have regularly testified before, and been informed by, 
the National Committee on Vital and Health Statistics (NCVHS) on issues 
critical to the nation's health IT goals.
      We have monitored, and coordinated with, the efforts of 
the Commission for Systemic Interoperability. (The Medicare 
Modernization Act called for the Secretary to establish the Commission 
to develop a comprehensive strategy for the adoption and implementation 
of health care information technology standards that includes a 
timeline and prioritization for such adoption and implementation.) and
      We have met with delegations involved with health IT from 
other countries, including Canada, Netherlands, Japan, Australia, Great 
Britain, and France to learn from their individual country experiences.

    The Framework for Strategic Action and the Federal Health 
Architecture (FHA) are irrevocably linked in the effort to address 
critical health care needs. The FHA is now under the leadership of the 
ONC and will provide the structure or ``architecture' for collaboration 
and interoperability among federal health efforts as specified in the 
Framework for Strategic Action. Moreover, the Consolidated Health 
Informatics activities are now moving forward under the FHA.
    Building on the EO, The Framework, and this input, we have 
developed the clinical, business, and technical foundations for the HHS 
health IT strategy. Let me turn to some of those now.
The Clinical Foundation: Evidence of the Benefits of Health IT
    We believe that health IT can save lives, improve care, and 
increase efficiency and potentially reduce costs in our health system. 
Five years ago, the Institute of Medicine (IOM) estimated that as many 
as 44,000 to 98,000 deaths occur each year as the result of medical 
errors. Health IT, through applications such as computerized physician 
order entry can help reduce medical errors and improve quality. For 
example, studies have shown that adverse drug events have been reduced 
by as much as 70 to 80% by targeted programs, with a significant 
portion of the improvement stemming from the use of health IT.
    Every primary care physician knows what a recent study in the 
Journal of the American Medical Association (JAMA) showed: that 
clinical information is frequently missing at the point of care, and 
that this missing information can be harmful to patients. That study 
also showed that clinical information was less likely to be missing in 
practices that had full electronic records systems. Patients know this 
too and are taking matters into their own hands. A recent survey by the 
Agency for Health Care Research and Quality (AHRQ) with the Kaiser 
Family Foundation and the Harvard School of Public Health found that 
nearly 1 in 3 people say that they or a family member have created 
their own set of medical records to ensure that their health care 
providers have all of their medical information.
    Some researchers estimate that savings from the implementation of 
health IT and corresponding changes in care processes could range 
anywhere from 7.5 percent of health care costs (Johnston et al., 2003; 
Pan et al, 2004) to 30 percent (Wennberg et al., 2002; Wennberg et al., 
2004; Fisher et al., 2003; Fisher et al., 2003). These estimates are 
based in part on the reduction of obvious errors. For example, a 
medical error is estimated to cost, in 2003 dollars, about $3,700 
(Bates et al, 1997). However, these savings are not guaranteed through 
the simple acquisition of health IT. If poorly designed or implemented, 
health IT will not bring these benefits, and in some cases may even 
result in new medical errors and potential costs. Further, these are 
estimates which we have not yet seen realized in the health care system 
generally.
    Therefore, achieving efficiency and potential cost savings requires 
a much more substantial transformation of care delivery that goes 
beyond simple error reduction. Health IT must be combined with real 
process change in order to see meaningful improvements in our delivery 
system and systems must be standards compliant and interoperable so 
that patient information can be communicated to all possible points of 
care. It requires the industry to follow the best diagnostic and 
treatment practices everywhere in the nation. For example, cholesterol 
screenings can lead to early treatment, which in turn can reduce the 
risk for heart disease. Where that has been done, there have been 
substantial savings on cardiac expenditures.
    So, this is the clinical foundation for our work, which 
demonstrates that health IT can save lives, improve care, and improve 
efficiency in our health system; now let me turn to the business 
foundation.

The Business Foundation: The Health IT Leadership Panel Report
    Recognizing that the healthcare sector lags behind most other 
industries in its use of IT, an HHS contractor convened a Health IT 
Leadership Panel for the purposes of understanding how IT has 
transformed other industries and how, based upon experiences of members 
of the panel, it can transform the health care industry.
    The Leadership Panel was comprised of nine CEOs from leading 
companies that purchase large quantities of healthcare services for 
their employees and dependents and that do not operate in the 
healthcare business. The Leadership Panel included CEOs from FedEx 
Corporation, General Motors, International Paper, Johnson Controls, 
Target Corporation, Pepsico, Procter & Gamble, Wells Fargo, and Wal-
Mart Stores. The business leaders were called upon to evaluate the need 
for investment in health information technology and the major roles for 
both the government and the private sector in achieving widespread 
adoption and implementation. Based upon their own experiences using IT 
to reengineer their individual business--and by extension, their 
industries--the Leadership Panel concluded that investment in 
interoperable health IT is urgent and vital to the broader U.S. economy 
due to rising health care demands and business interests.
    As identified by the Lewin Group, the Leadership Panel concluded:

      Potential benefits of health IT far outweigh manageable 
costs.
      Health IT needs a clear, broadly motivating vision and 
practical adoption strategy.
      The federal government should provide leadership, and 
industry will engage and follow.
      Lessons of adoption and success of IT in other industries 
should inform and enhance adoption of health IT.
      Among its multiple stakeholders, the consumer--including 
individual beneficiaries, patients, family members, and the public at 
large--is key to adoption of health IT and realizing its benefits.
      Stakeholder incentives must be aligned to foster health 
IT adoption.

    The Leadership Panel identified as a key imperative that the 
Federal government should act as leader, catalyst, and convener of the 
nation's health information technology effort. The Leadership Panel 
also emphasized that federal leverage as purchaser and provider would 
be needed--and welcomed by the private sector. Private sector 
purchasers and health care organizations can and should collaborate 
alongside the federal government to drive adoption of health IT. In 
addition, the Leadership Panel members recognized that widespread 
health IT adoption may not succeed without buy-in from the public as 
health care consumer. Panelists suggested that the national health IT 
vision must be communicated clearly and directly to enlist consumer 
support for the widespread adoption of health IT.
    These findings and recommendations from the Leadership Panel were 
published in a report released in May 2005 and laid the business 
foundation for the HHS health IT strategy. Now, let me turn to the 
technical foundation.
    The Technical Foundation: Public Input Solicited on Nationwide 
Network
    HHS published a Request for Information (RFI) in November 2004 that 
solicited public input about whether and how a Nationwide Health 
Information Network (NHIN) could be developed. This RFI asked key 
questions to guide our understanding around the organization and 
business framework, legal and regulatory issues, management and 
operational considerations, standards and policies for 
interoperability, and other considerations.
    We received over 500 responses to the RFI, which were reviewed by a 
government-wide RFI Review Task Force. This Task Force was comprised of 
over 100 Federal employees from 17 agencies, including the Departments 
of Homeland Security, Defense, Veterans Affairs, Treasury, Commerce, 
Health and Human Services, as well as multiple agencies within the 
departments. The resulting public summary document has begun to inform 
policy discussions inside and outside the government.
    We know that the RFI stimulated substantial and unprecedented 
discussions within and across organizations about how interoperability 
can really work, and we have continued to build on this. These 
responses have yielded one of the richest and most descriptive 
collections of thoughts on interoperability and health information 
exchange that has likely ever been assembled in the U.S. As such, it 
has set the foundation for actionable steps designed to meet the 
President's goal.
    While the RFI report is an illustrative summary of the RFI 
responses and does not attempt to evaluate or discuss the relative 
merits of any one individual response over another, it does provide 
some key findings. Among the many opinions expressed by those 
supporting the development of a NHIN, the following concepts emerged:

      A NHIN should be a decentralized architecture built using 
the Internet, linked by uniform communications and a software framework 
of open standards and policies.
      A NHIN should reflect the interests of all stakeholders 
and be a joint public/private effort.
      A governance entity composed of public and private 
stakeholders should oversee the determination of standards and 
policies.
      A NHIN should provide sufficient safeguards to protect 
the privacy of personal health information.
      Incentives may be needed to accelerate the deployment and 
adoption of a NHIN.
      Existing technologies, federal leadership, prototype 
localized or regional exchange efforts, and certification of EHRs will 
be the critical enablers of a NHIN.
      Key challenges to developing and adopting a NHIN were 
listed as: the need for additional and better refined standards; 
addressing privacy concerns; paying for the development and operation 
of, and access to the NHIN; accurately verifying patients' identity; 
and addressing discordant inter--and intra-state laws regarding health 
information exchange.
Key Actions
    Building on these steps, two critical challenges to realizing the 
President's vision for health IT are being addressed: a) 
interoperability and the secure portability of health information, and 
b) electronic health record (EHR) adoption. Interoperability and 
portability of health information using information technology are 
essential to achieve the industry transformation goals sought by the 
President.
    To address these challenges, HHS is focusing on several key 
actions: harmonizing health information standards; certifying health IT 
products to assure consistency with standards; addressing variations in 
privacy and security policies that might pose challenges to 
interoperability; and, developing an architecture for nationwide 
sharing of electronic health information. HHS has allocated $85 million 
to achieve these and other goals in FY 2005 and has requested $125 
million in FY 2006. These efforts are inter-related, and they will be 
coordinated through the formation of a new collaborative known as the 
American Health Information Community.
American Health Information Community (the Community)
    On July 14, 2005, Secretary Michael Leavitt formally announced the 
formation of a national collaboration, the American Health Information 
Community (the Community), a public-private body formed pursuant to the 
Federal Advisory Committee Act. The Community is being formed for the 
purposes of helping transition the nation to electronic health records 
in a smooth, market-led way. The Community will provide input and 
recommendations to the Secretary on use of common standards and how 
interoperability among EHRs can be achieved while assuring that the 
privacy and security of those records are protected. And, it will be 
designed as an open, transparent and inclusive collaboration.
    HHS is currently soliciting nominations for people to serve on the 
Community and Secretary Leavitt will appoint up to 17 commission 
members, including himself as chairperson. It will consist of nine 
members from the public sector and eight members from the private 
sector. Public Sector members will be drawn from Department of Health 
and Human Services (including the Office of the Secretary, the Centers 
for Medicare and Medicaid Services, and the Public Health Service), 
Department of Veterans Affairs, Department of Defense, Department of 
Commerce, Department of the Treasury, Office of Personnel Management, 
and a State government representative. The private sector membership 
will be drawn from purchasers, third-party payers, hospitals, 
physicians, nurses, ancillary services (e.g., lab or pharmacy), 
consumer and privacy interests, and health information technology. 
Nominations for membership are being accepted through August 5, 2005. 
The Community is expected to be convened early this fall.
    The Community will start by building on the vast amount of 
standardization already achieved inside and outside the healthcare 
industry. Specifically, the Community will:

      Make recommendations on how to maintain appropriate and 
effective privacy and security protections.
      Identify and make recommendations for prioritizing health 
information technology achievements that will provide immediate 
benefits to consumers of health care (e.g., drug safety, lab results, 
bio-terrorism surveillance, etc.).
      Make recommendations regarding the ongoing harmonization 
of industry-wide health IT standards and a separate product 
certification and inspection process.
      Make recommendations for a nationwide architecture that 
uses the Internet to share health information in a secure and timely 
manner.
      Make recommendations on how the Community can be 
succeeded by a private-sector health information community initiative 
within five years. (The sunset of the Community, after no more than 
five years, will be written into the charter.)

    The Community will be chartered for two years, with the option to 
renew and duration of no more than five years. The Department intends 
for the Community to be succeeded within five years by a private-sector 
health information community initiative that, among other things, would 
set additional needed standards, certify new health information 
technology, and provide long-term governance for health care 
transformation.
    In addition to the formation of the Community, the Office of the 
National Coordinator issued four requests for proposals (RFPs). The 
outputs of the contracts stemming from these RFPs will, in part, serve 
as inputs for the Community's consideration. We expect to award 
contracts based on these RFPs in September and October 2005. 
Specifically, the RFPs will focus on four major areas:

Standards harmonization
    We have issued a Request For Proposal (RFP) to develop, prototype 
and evaluate a process to harmonize industry-wide standards 
development, and also unify and streamline maintenance of and 
refinements to existing standards over time. Today, the standards-
setting process is fragmented and lacks coordination, resulting in 
overlapping standards and gaps in standards that need to be filled. We 
envision a process where standards are identified and developed around 
real scenarios--i.e., around use cases or breakthroughs. A ``use case'' 
is a technology term to describe how actors interact in specific value-
added scenarios--for example, rapidly assembling complete patient 
information in an emergency room; we also call them ``breakthroughs''.

Compliance certification
    We have issued an RFP to develop, prototype and evaluate a process 
to specify criteria for the functional requirements for health IT 
products--beginning with ambulatory EHRs, then inpatient EHRs, and then 
the infrastructure components through which EHRs interoperate (e.g., 
NHIN architecture). This RFP will also evaluate a process for 
inspection based on conformance with these criteria.

NHIN Architecture
    We have issued an RFP to develop models and prototypes for a NHIN 
for widespread health information exchange that can be used to test 
specialized network functions, security protections and monitoring, and 
demonstrate feasibility of scalable models across market settings. The 
NHIN architecture will be coordinated with the work of the Federal 
Health Architecture and other interrelated RFPs. The goal is to develop 
real solutions for nationwide health information exchange and 
ultimately develop a market--particularly the supply side--for health 
information exchange, which does not exist today. This RFP will fund 6 
architectures and operational prototypes that will maximize the use of 
existing resources such as the Internet, and will be tested 
simultaneously in three markets with a diversity of providers in each 
market. HHS intends to make these prototype architectures available in 
the public domain to prevent control of ideas and design. Through the 
RFP process, we encourage the development of a complete open source 
solution.

Security and privacy
    We issued an RFP to assess variations in state laws and 
organization-level business policies around privacy and security 
practices, including variations in implementations of HIPAA privacy and 
security requirements that may pose challenges to automated health 
information exchange and interoperability. This RFP, administered by 
AHRQ, will seek to define workable mechanisms and policies to address 
these variations, while maintaining the levels of security and privacy 
that consumers expect.

Fraud and Abuse Study
    In addition, HHS has a 6-month project underway to determine how 
automated coding software and a nationwide interoperable health 
information technology infrastructure can address healthcare fraud 
issues. The project is being conducted through a contract with the 
Foundation of Research and Education (FORE) of the American Health 
Information Management Association (AHIMA).
    While only a small percentage of the estimated 4 billion healthcare 
claims submitted each year are fraudulent, the total dollars in 
fraudulent or improper claims is substantial. The National Health Care 
Anti-Fraud Association (NHCAA) estimates that healthcare fraud accounts 
for 3 percent of U.S. health expenditures each year, or an estimated 
$56.7 billion. They cite other estimates, which may include improper 
but not fraudulent claims, as high as 10 percent of U.S. health 
expenditures or $170 billion annually.
    At present, the contractor is working to perform two main tasks. 
One task is a descriptive study of the issues and the steps in the 
development and use of automated coding software that enhance 
healthcare anti-fraud activities. The second task is identifying best 
practices to enhance the capabilities of a nationwide interoperable 
health information technology infrastructure to assist in prevention, 
detection and prosecution, as appropriate, in cases of healthcare fraud 
or improper claims and billing. An expert cross-industry committee 
composed of senior level executives from both the private and public 
sectors is guiding this second task.
    The project's final report is scheduled for completion in September 
2005.

Conclusion
    Thank you for the opportunity to present this summary of the 
activities of the Office of the National Coordinator for Health 
Information Technology. A year ago, the President created this position 
by Executive Order. In that time, we have established the clinical, 
business and technical foundations for the HHS health IT strategy. Now, 
we have begun to execute key actions that will give us real, tangible 
progress toward that goal.
    HHS, under Secretary Leavitt's leadership, is giving the highest 
priority to fulfilling the President's commitment to promote widespread 
adoption of interoperable electronic health records--and, it is a 
privilege to be a part of this transformation.
    This concludes my prepared statement. I would be delighted to 
answer any questions that you or the Members of the Subcommittee may 
have.

                                 

    Chairman JOHNSON. Thanks very much, Dr. Brailer. Dr. 
Brailer, you state in your testimony that the Federal 
Government should act as a leader, catalyst, and convener of 
the nation's health IT effort. Why is the Federal Government 
role so critical in this effort when other industries have 
managed to incorporate technology without significant Federal 
intervention, and how do you see the Federal role evolving in 
the coming decade? At the same time, would you also address, in 
terms of the Federal Government's role, when you say you want 
to develop one usable set of standards, at some point, will the 
Federal Government say, this is the standard and this is the 
standard everyone has to meet?
    Dr. BRAILER. Yes. Thank you. We have seen many industries 
have long-term conversions to new ways of doing business by 
using IT and much of the sustained productivity improvements in 
our economy come from the dividends we are reaping from that. 
Health care has lagged behind, and I think there are a couple 
of reasons that also call for why the Federal Government is 
involved in this. First, we are a very large purchaser of 
health care services, as you all know, and without the Federal 
Government acting, too little purchasing power in the private 
sector can be focused on the changes that are needed to be 
done. Second, we do have a number of regulations and practices, 
including the way we reimburse for care today, that provide 
disincentives to the kinds of technology that we want to put in 
place and the kinds of quality that we want to see produced. 
This has been widely discussed. So, the Federal Government 
acting as a catalyst and a leader means that we are going to 
move forward and address our policies and our purchasing 
practices in concert with the industry so that there is a 
unified movement toward the kinds of progress that we want to 
see, both in IT and in quality.
    In terms of how our role will evolve over time, we are 
clearly taking the initiating role leading this forward and our 
principal focus, as I said, is on interoperability, which means 
to ensure that as we put IT tools in place in our doctors and 
hospitals and other settings that they can share information, 
that we can collect information for bioterrorism threats, that 
we can make sure that consumers can get access to their 
information. Over time, we want to shift our attention toward 
driving adoption of systems. This effort for interoperability, 
I think of as a 2-year platform to be able to make sure that 
the next system that is purchased is easier to purchase by a 
physician, is cheaper for them to purchase, and is able to be 
used more effectively in terms of staying up to date. So, our 
whole role will shift as we drive that other component of long-
term change. In terms of how the standards will play out over 
time, we do envision them having significant Federal support. 
Starting today, we are going to work through a process to let 
the current voluntary standards efforts move forward, but we 
have created a new group called the AHIC that you mentioned 
which will receive the testimony of these standards developers 
and, after vetting them, will make recommendations to the 
government about what those final standards should be. We will 
then turn them over to the National Institute for Standards and 
Technology (NIST) that will go through a process that will make 
those standards mandatory for Federal agencies.
    This is a very, very expensive change, tens of billions of 
dollars of change just in Federal systems alone to comply with 
standards, let alone the private sector. So, naturally, it will 
be a long-term, incremental change. As that happens, that will 
then become a necessity of doing business with those agencies 
is to comply with those standards, as well. So, we are going to 
drive voluntary adoption with a follow-up in terms of how 
agencies adopt those, as well.
    Chairman JOHNSON. Thank you. That is very interesting. I am 
going to turn to Mr. Stark, and then at the end, if there 
haven't been question about your new RFPs, I would like to come 
back to that. Mr. Stark?
    Mr. STARK. Doctor, you have mentioned several times using 
government purchasing power to drive results, kind of a free 
market approach, right?
    Dr. BRAILER. I think.
    Mr. STARK. Why does the administration then object to using 
its purchasing power to lower pharmaceutical costs for the 
taxpayers?
    Dr. BRAILER. Congressman, I appreciate the question, but I 
really am here to talk about health IT and I can't speak to 
that. I would be happy to take that question back----
    Mr. STARK. Well, let me ask you, then, as a physician, or 
as a proponent of the free--you tell us you know something 
about the free market. I would like to find out what you know. 
Why wouldn't it make sense to you, as an expert in the free 
market, that using the purchasing power of $400 to $600 billion 
would be more efficient in saving money than cutting it up into 
a couple of $20 billion purchasing powers?
    Dr. BRAILER. Congressman, I respect the question, but I am 
here today as a representative of the administration and not as 
a private expert, so----
    Mr. STARK. It is the administration that isn't using its 
purchasing power to save pharmaceuticals, and if we don't save 
any money in pharmaceuticals, we aren't going to have any money 
left to pay the doctors. It is all in one box, Doctor.
    Chairman JOHNSON. Will the gentleman yield?
    Mr. STARK. Yes.
    Chairman JOHNSON. The structure of the Medicare 
Modernization Act involved people competing to provide 
pharmaceuticals----
    Mr. STARK. That is what he is talking about.
    Chairman JOHNSON. Competition--that is right, and that is 
the structure of the bill that was structured, the Democrat 
bill, also, until the final motion to recommit. Both bills were 
structured to have competing PBMs on the theory that 
competition drove prices down, and then there is a special way 
of trying to drive prices down in part B drugs. So----
    Mr. STARK. I am with you.
    Chairman JOHNSON. That isn't a topic of this hearing, so--
--
    Mr. STARK. It is a topic, Madam Chair----
    Chairman JOHNSON. Maybe you would like to go on to your----
    Mr. STARK. Madam Chair, when it is convenient, when you are 
not getting paid big campaign contributions by the 
pharmaceutical industry, it is convenient not to let the 
government drive prices down. I suspect that that would be 
the----
    Chairman JOHNSON. I guess what I am getting at is there is 
a dispute between how you drive them down, whether you drive 
them through competition or through government negotiation, and 
that is a big dispute, but that is not the topic we are here--
--
    Mr. STARK. If the Doctor doesn't think it is good and you 
don't think it is good for driving pharmaceutical prices down, 
how--now, it may be that you haven't gotten any campaign 
contributions yet from the IT industry and then you might 
decide that it, too, is a good idea not to let us use the 
purchasing power to drive their prices down. The fact is that 
the drug bill was written by the pharmaceutical industry and 
has it in it a prohibition----
    Chairman JOHNSON. Mr. Stark, I truly find that demeaning--
--
    Mr. STARK. You are interrupting----
    Chairman JOHNSON. If you would please----
    Mr. STARK. Regular order. If you would like to ask me to 
yield, I might, but it is my time and I would like to finish 
and suggest that the reason that this good witness wants to 
talk about using purchasing power is because it hasn't occurred 
to them yet that the IT industry will be in making big 
contributions. I think that this idea of voluntary standards, 
we are now somewhere around 17th in the world in health care 
and the Doctor mentioned that we have standards in other 
countries and none of them are voluntary in those countries 
that have better medical care than we do. So, it appears, 
Doctor, that your idea of having a market-based system as a 
stop to the industry that supports politicians so generously, 
and not having any regulations is a matter of faith with you, 
is that correct?
    Dr. BRAILER. Well, I certainly do have faith in the private 
market, sir.
    Mr. STARK. That is obvious.
    Dr. BRAILER. I believe that in this case, the private 
market is both being inhibited by government policies around 
how we reimburse for care----
    Mr. STARK. Okay.
    Dr. BRAILER. On the other hand, this is one instance where 
I believe----
    Mr. STARK. Would you suggest we do that with the Food and 
Drug Administration (FDA), then, Doctor? How about having a 
market-based non-regulatory pharmaceutical approval system?
    Dr. BRAILER. I certainly couldn't comment on that. But I 
would like to tell you that I believe that----
    Mr. STARK. Doctor, what do you know about? You went to 
medical school, didn't you?
    Dr. BRAILER. I did.
    Mr. STARK. Did you get a Ph.D. someplace?
    Dr. BRAILER. I did.
    Mr. STARK. In what?
    Dr. BRAILER. In economics.
    Mr. STARK. You can't comment on what the FDA does in 
terms--are you familiar with the FDA?
    Dr. BRAILER. Sure, and I would be happy to report to 
Secretary Leavitt and to the White House your interest in the 
topic and have them come back and speak with you. It is not the 
topic that I have come for----
    Mr. STARK. I am sorry. Thank you, Madam Chair.
    Dr. BRAILER. Could I speak to the Congressman's question, 
please, Chairwoman?
    Chairman JOHNSON. Pardon?
    Dr. BRAILER. Could I speak to his question?
    Mr. STARK. My time has expired.
    Chairman JOHNSON. His time has expired. Let me go now to 
Mr. McCrery.
    Mr. MCCRERY. Thank you, Madam Chair. Dr. Brailer, welcome.
    Dr. BRAILER. Thank you.
    Mr. MCCRERY. It is nice to have you with us, particularly 
one of your education and expertise. I don't want to belabor 
Mr. Stark's line of questioning, but I think it is worth 
pointing out, and perhaps you as an economist understand what 
the Congressional Budget Office (CBO) understood and wrote in 
response to a specific question about the value of having the 
government directly negotiate prices with pharmaceutical 
companies. The CBO and their economists concluded that there 
would be no significant savings to the program if the 
government were to be allowed to directly negotiate prices as 
compared with the formula that we did include and pass in the 
legislation which calls for very aggressive negotiations among 
plans and providers. So, as an economist, do you understand 
that the CBO concluded that the market will work just about as 
well as the heavy hand of the government dictating prices, 
basically, because of their purchasing power?
    Dr. BRAILER. Yes, sir, I am aware of that.
    Mr. MCCRERY. Okay. Mr. Stark in his opening remarks did 
bring up, I think, a useful point that we ought to discuss and 
explore. In his opening remarks, he suggested that we utilize 
the existing framework that the VA uses for its IT and get that 
spread out as the template for the private sector. That may be 
a good idea that Mr. Stark has suggested, and I think, 
actually, CMS announced last week, or maybe--yes, I think last 
week----
    Dr. BRAILER. Right.
    Mr. MCCRERY. That they intended to do something like that. 
When Dr. McClellan was here last week, I asked him, and I am 
going to ask you, in light of your RFPs, which seem to call for 
private sector involvement in developing standards of 
interoperability, are we going too fast with putting out a 
system that is used by the VA and it may not be the best system 
for our entire health care system? How do you plan, how do you 
envision dovetailing what may be a worthwhile effort in getting 
that system out there, as Mr. Stark has suggested, but also 
developing through the private sector what may be an even 
better system?
    Dr. BRAILER. Sure. Well, I appreciate your interest and 
Congressman Stark's interest in VISTA. We have been working 
very closely with CMS and with the Department of Veterans' 
Affairs since I came to the government to make sure that VISTA 
can be available to the market and the release that is coming 
next week is really an important milestone for us. We intend to 
make sure that that product that is made available is one of 
many choices that physicians have, and I think it will find 
particular resonance in physicians that work in safety net 
clinics and underserved clinics and clinics in other areas 
where they have significant technology barriers. Also, I think 
it does play a role in promoting competition, particularly in 
small physician offices. We have seen that the price 
performance of EHRs becomes very difficult for physicians to 
get access to in small practices, and that probably is where 
the VISTA system will have its best resonance.
    We are going through a process now of having a 
certification process for EHRs, meaning they will be subjected 
to inspections, and we expect for the VISTA office product to 
be going through that same process to ensure that it can comply 
with the standards that are out as well as, hopefully, be a 
leader in that process for the rest of the market. So, I am 
very optimistic about what it brings, but it is one of a large 
portfolio of other choices that we think physicians will make 
as they pick products and software that meet their own clinical 
specialty needs, their own practice setting needs, and their 
own kind of patient care needs.
    Mr. MCCRERY. So, you don't see necessarily getting the 
VISTA system out there, the software out there, as necessarily 
deciding by that that that is going to be the platform 
forevermore.
    Dr. BRAILER. Absolutely not. I think at this point, the 
market is not supply limited. It is demand limited. The 
principal factor isn't that there aren't good products 
available. The principal factor is physicians have no incentive 
to put them in and they have significant technical business and 
human factors, barriers, to doing that, and I think the VISTA 
system suffers from the same challenge that any other EHR 
product does. How does the physician actually implement it and 
get it up and running? How do they change the way they make 
decisions and communicate? That human change, that 
transformation is really what all of these software products 
are about and none of them have a magic capacity to skip past 
those. So, I think it is a good solution. It will be really a 
good solution for particular product or particular practice 
settings. I don't think it is transformative in terms of how we 
regard health IT adoption.
    Mr. MCCRERY. Thank you very much.
    Dr. BRAILER. Thank you.
    Chairman JOHNSON. Mr. Thompson?
    Mr. THOMPSON. Thank you, Madam Chair. Doctor, thanks for 
being here today. To pick up on the last point that you made, 
you had mentioned that incentives to be a good way to bring 
about these changes. Do you see at any time where we would 
maybe leave the carrot and go to the stick and rely on 
penalties, or maybe a combination, to bring this about?
    Dr. BRAILER. I think that is a very good question. I 
believe that before we will come to that debate, the market 
itself will come to the conclusion that physicians must use 
EHRs in their practice, and not just any EHR, but ones that can 
actually deliver safer, better quality care. We have seen 
reports recently in the literature that some products, some 
systems, particularly older ones, don't have the kinds of 
prompts and reminders and could actually increase the rate of 
errors.
    Mr. THOMPSON. What happens to providers who are ahead of 
the curve? I have one in my district in particular that has 
been doing IT for quite some time now and I am concerned, as I 
am sure they are, that if, as we start moving in this 
direction, they may end up being penalized or be caught in the 
position where they have invested in one type of equipment and 
have to switch and do something else. Have you given that any 
consideration?
    Dr. BRAILER. Oh, a great deal of thought. This is a market 
that is 30 years old. The first EHRs were put into place by the 
most innovative health care systems in the mid-1970s and we 
have now seen most of the drivers of this have been really 
large innovators----
    Mr. THOMPSON. Is there some way to protect these folks 
from----
    Dr. BRAILER. Well, I think, first of all----
    Mr. THOMPSON. They are kind of being punished for doing 
what you want them to do.
    Dr. BRAILER. Well, I think there is clearly a risk that 
they could be in the position of having systems that are not 
compatible with the future standard, and the Federal Government 
is line with the systems we have in place for care. I think 
that is one of the reasons that we want to see this be an 
incremental change that happens over time to make sure that 
there is not a significant risk that one day, they are----
    Mr. THOMPSON. Well, I would hope that we could continue to 
talk about this----
    Dr. BRAILER. Very much. It is a very important topic. It is 
a principle in our concern.
    Mr. THOMPSON. In your testimony, you mentioned that this 
could bring about some pretty substantial savings. I think you 
said about 8 percent to about 30 percent of health care costs?
    Dr. BRAILER. Yes. There are estimates that frame the range 
of savings between ten and----
    Mr. THOMPSON. What kind of dollars are you talking about?
    Dr. BRAILER. I am sorry?
    Mr. THOMPSON. What kind of dollars are you talking about?
    Dr. BRAILER. I think the general ranges that have been 
estimated for those are $150 billion up to $350 billion 
dollars.
    Mr. THOMPSON. The CBO agrees with that?
    Dr. BRAILER. I don't think CBO has actually issued their 
own estimates, and we have even cited--these estimates are 
cited from others in the scientific/academic literature----
    Mr. THOMPSON. Who is the benefactor of the savings, the 
provider or the payer?
    Dr. BRAILER. Well, I think the patient is the ultimate 
benefactor because it is their lives that are saved. It is 
ultimately money that comes out of wage offsets that goes into 
health care----
    Mr. THOMPSON. There will be some kind of provisions to 
ensure that that savings is, in fact, passed on?
    Dr. BRAILER. Well, I think that is a principal question. 
Most of the research says that the short-term accrual of the 
benefits go to payers, those at financial risk, and so that is 
a question that has really dogged the industry to some degree 
at this point.
    Mr. THOMPSON. Then you also mention in your testimony about 
the work that you have done looking at how other countries have 
dealt with this issue. I think you specifically mentioned 
Canada, the Netherlands, Japan, Australia, Great Britain, and 
France. It strikes me that there is a considerable difference 
between their systems of health care and ours, specifically 
they are either national health care system or single-pay. 
Given the difference, were you able to learn from your 
observations there?
    Dr. BRAILER. Yes, I think very much. First, it helps us 
recognize that this is a global phenomenon and it is not simply 
something that is happening in this country. While it is 
certainly difficult for us to learn about the kinds of 
incentives, the mechanisms for financing, the care and 
accountabilities, because they are so peculiar to each country, 
the architecture, the design of security, the way the systems 
are developed and integrated, we have learned a great deal 
from, and we are watching other countries who are ahead of us. 
So, certainly, a lot about technology, and I think we will 
learn also a lot about how to deal with large-scale data 
assessment research, monitoring of care status from these 
countries, as well, because they are further ahead than we are 
today.
    Mr. THOMPSON. Thank you. I will yield back, Madam Chair.
    Chairman JOHNSON. Thank you. Mr. Ramstad?
    Mr. RAMSTAD. Thank you, Madam Chair. Thank you, Dr. 
Brailer. Like you, Dr. Brailer, I believe that health IT can 
save lives and improve health care, increase efficiency, and 
actually reduce costs in our health care system, and I want to 
focus on that in my line of questioning. I think all of us 
agree that it is totally unacceptable, totally outrageous that 
as many as 98,000 Americans, according to your testimony, Dr. 
Brailer, die each year because of medical errors. Almost 
100,000 people in this country die because of medical errors 
each year. Unlike my good friend from California, the ranking 
member, and he is a good friend, and believe it or not, he is a 
good guy, your testimony is very illuminating, I believe, and 
your recommendations for reform are impressive. I read your 
testimony, also believe it or not. I did read your testimony 
and you state therein that health care fraud accounts for 3 
percent of health care expenditures, total expenditures each 
year, which equates to $56 billion, almost $57 billion in 
fraudulent claims alone. When you include improper claims, 
again, according to your testimony, with fraudulent claims, 
improper claims plus fraudulent claims, that is 10 percent of 
the money we are spending in this country each year on health 
expenditures, or $170 billion in fraud and improper claims. So, 
three is no question that we have got to reduce those costs, 
and my question, my main question is this, Dr. Brailer. In your 
judgment, how significantly can we reduce the costs of 
fraudulent claims and improper claims by using automatic, or 
automated, rather, automated coding software and a national 
Health IT Infrastructure?
    Dr. BRAILER. It is a great question and it is interesting 
to note that different views have been expressed. There is 
certainly a minority view that says that, in fact, EHRs will 
increase the rate of fraud. The overwhelming view tends to be 
that EHRs will allow us to save and reduce fraud. In fact, we 
have a product going on today and one of the witnesses from 
HIMA, Ms. Kloss, will be happy to tell you about their role in 
that. But we are trying to estimate exactly what those savings 
are. The key shift that we are trying to drive is to go from 
fraud prosecution, which is way out after the fact, a very high 
opportunity cost for the government and the providers, to move 
toward real-time fraud prevention, so the provider there knows 
whenever they are making a decision on an EHR what the 
expectations are for documentation, what the expectations are 
by law so they can determine there and sign that they have 
complied with that. We think that is going to be a fundamental 
shift toward new cyber fraud prevention capabilities over the 
next few years.
    Mr. RAMSTAD. Did I understand you correctly the first part 
of your response? There is empirical data to suggest it will 
cost instead of save money?
    Dr. BRAILER. I am just indicating that there are those who 
believe. There is concern in the law enforcement industry that 
these electronic tools could increase the rate of fraud, but it 
is a minority view. So, we are taking that project on to 
estimate what the real economics of fraud are as a result of IT 
adoption, but at the same time, developing these new state-of-
the-art cyber fraud prevention techniques.
    Mr. RAMSTAD. As I understand it, Dr. Brailer, my question 
will be answered by the results of that study, is that correct?
    Dr. BRAILER. That is correct.
    Mr. RAMSTAD. That is ongoing?
    Dr. BRAILER. That is going on today.
    Mr. RAMSTAD. When will that be completed?
    Dr. BRAILER. The first phase of that will be done by early 
spring of 2006 and we will work on a follow-on for various 
other demonstrations.
    Mr. RAMSTAD. Well, I don't think the American taxpayers or 
the American health consumers can wait much longer, so if you 
can do anything to expedite that----
    Dr. BRAILER. I agree. That is one of the reasons we made it 
one of our top priorities in the first year, was to define 
that.
    Mr. RAMSTAD. Again, that is encouraging and I thank you. 
Let me ask, finally, with the few seconds I have, what, in your 
judgment, are the biggest barriers to implementing IT in health 
care? What are the biggest barriers? We know there are multiple 
barriers, but what is the largest obstacle we face?
    Dr. BRAILER. The largest two obstacles are perverse 
incentives. There is not a business case for the typical 
physician, office, or hospital in doing this. The benefits 
accrue elsewhere and it is a substantial cost. Second, we don't 
have the standards or the infrastructure for systems to become 
compliant with the kinds of information sharing that we want to 
do. That stops most people from buying these systems and it 
makes their implementation very risky and very difficult, and 
that is where we are focusing most of our effort today. Thank 
you.
    Mr. RAMSTAD. Thank you very much, Dr. Brailer, for your 
testimony. I yield back.
    Chairman JOHNSON. Thank you. Mr. Emanuel?
    Mr. EMANUEL. Doctor, thank you for your testimony. One of 
the things--you know, in the United States, some of the report 
indicate that we spend about 34 cents out of every health care 
dollar in kind of moving paper back and forth--insurance, 
hospitals, doctors, patients, and so forth. Other major 
industrialized nations range on the high end of 24, on the low 
end, 18 cents of every health care dollar. The one promising 
area would be this area. I think one of the things that we 
should set as a goal over the next 10 years to get us into that 
middle range where Canada, England, France, Germany, and Japan 
have made advances, this is the one place that you can get low-
lying fruit and find the real savings in health care and apply 
it in other areas, for uninsured, other types of coverage that 
you want to do or cost containment areas. My concern, though, 
with allowing the private sector to set the rules is--and I 
said this when we met as a Committee on a bipartisan fashion, 
although I generally believe that this is a great area to 
proceed--is, A, if you look at what happened in the wireless 
space and with the telephone without any direction from the 
government, we have so many different competing platforms and 
models out there that, in fact, our telephone space, wireless 
space, compared to where Europe is and individual countries, is 
not as strong from an infrastructure.
    My fear is that if we allow the private sector to take a 
lead without setting some of the boundaries and programmatic 
goals for it, even though some would advocate that is the heavy 
hand of government, I am willing to give them the right to 
develop, but setting the ground rules, a lot of that synergy 
and a lot of that cost savings that you want to see would 
actually get lost and we would not see the full potential. And, 
in fact, in many ways, whether you want to talk about it as my 
colleague from Minnesota did as preventing fraud, or you want 
to see it purely from a cost saving standing, we would 
literally be leaving money on the table because it would not be 
developed in the most coherent, organized fashion. I don't 
think the government has to be the one that develops it, but it 
surely can set some of the ground rules to ensure that we are 
not leaving money on the table. I do think that there is a--we 
did this once. We did it in the wireless space and it is not 
the most efficient. Although we all like to applaud the private 
sector as a total model, I will say one thing in defense of the 
ranking member. The private sector does negotiate for wholesale 
prices. That is what Sam's Club is about. When you buy bulk, 
you save. I don't care what CBO says. So, in this case, my 
worry is that we are going to leave money on the table and not 
do it in the most efficient way. It can be developed by the 
private sector. The rules, the goals, and the boundary, that is 
what the government does, because there is so much here at 
national risk, which is a huge amount of money we overspend in 
this country on health care for what we could get for our 
dollar.
    Dr. BRAILER. Well, I appreciate the concern and I think you 
have really put your frame around this paradox that exists, 
which is we want to, on the one hand, have uniform and 
widespread adoption of standards, and on the other hand, we 
want them to be progressive and stay current and modern over 
time. The reason that we have not taken a regulatory view of 
this is because we can achieve one, but at the cost of the 
flexibility over time. The approach we are taking is to develop 
these by contract with the private sector under the supervision 
of our office and then turn those over to a Federal advisory 
Committee called the AHIC, which would then turn them into a 
Federal process. The hope is, and this is where I think it is 
worth a discussion, is would the buying power of the Federal 
Government allow us to preserve the flexibility or the 
innovation over time yet have the force of mandate? We think it 
will, given our huge clout in the health care market, and we 
have agreed that we are going to use the mandatory internal 
process to make sure that these standards do become required 
for agencies.
    Mr. EMANUEL. If you----
    Dr. BRAILER. So, hopefully, we can have both. I am sorry.
    Mr. EMANUEL. No, no, that is okay. There is more of a 
discussion. In my view, though, if you have competing platforms 
being developed, what will happen is we will find savings, 
because clearly, when you are paying 34 cents when other 
countries are paying 25 cents, you are going to find savings.
    Dr. BRAILER. Right.
    Mr. EMANUEL. The question is, will you accomplish all that 
you can, and I am not saying the government has to develop it. 
We know this space and given technology moves way too fast for 
the government's capacity to be the developer. But without 
setting what our objectives are and what the platform should 
look like, in fact, we are going to be leaving a lot of money 
on the table and have actually wasted time and money----
    Dr. BRAILER. Right.
    Mr. EMANUEL. Rather than really realizing all the potential 
that exists here in the medical IT space.
    Dr. BRAILER. Right. This is why the work of our 
certification commission will be very important, because we are 
requiring them to specify potentially hundreds of parameters 
and what health IT must look like, operate like, store 
information like, and what standards it uses, and we will then 
link Federal purchasing, conditions of participation, other 
things in the future to complying with that.
    Mr. EMANUEL. Madam Chair, may I ask one more question, just 
as an example?
    Chairman JOHNSON. We will have a second round of questions, 
because there are others that----
    Mr. EMANUEL. I don't know, given my memory today, whether I 
will remember it. That is okay.
    Chairman JOHNSON. Mr. Hulshof?
    Mr. HULSHOF. Thank you, Madam Chairman. Good morning, Dr. 
Brailer. The word ``harmonization'' was used earlier this 
morning in this hearing, and I guess harmonization can have a 
variety of different contexts. It could be musical performance. 
It could be mathematics and wavelengths, as was cited. 
Obviously, it is very important for this subject of IT. 
Unfortunately, the word ``harmonization'' doesn't always 
describe the political discourse around IT. I am encouraged, as 
most are, I think, about--and Mr. Emanuel even touched on just 
the extraordinary opportunities through medical devices, 
through electronic records, I mean, we are just riding on the 
tip of the iceberg, I think, of some extraordinary positive 
changes in health care. Having said that, let me make a plug. 
You mentioned your home State of California. Let me extend 
kudos to another gentleman from California on this Committee, 
Mr. Thompson. Mr. Thompson and I have introduced a bill related 
to tele-health, and while I know that is not the particular 
subject of today's hearing, let me put in a commercial message 
on behalf of Mike and myself because we really see that if we 
are serious about patient care, the quality of a patient's care 
should not be determined by one's geographic location.
    An example at the University of Missouri Medical School has 
43 sites scattered throughout the State and what our bill 
attempts to do, H.R. 2807, is to incorporate other disciplines, 
and we are trying to deal with some of the same things as far 
as cross-boundary regulations and what have you. So, I just put 
that on your radar screen as we talk about this larger issue, 
as we really hone it down to the underserved areas, especially 
not just in the rural areas, which is often used in that 
context, but even in urban settings, as well, where tele-health 
could really, I think, be on the cutting edge. You mentioned 
with Mr. Emanuel a little bit about transitioning, not only the 
government being a payer and provider, but how you envision 
transitioning to the private sector and somewhat of the ongoing 
role of the Federal Government in this entity. Let me even back 
up a step, because as you know, the Medicare Modernization Act, 
we did take an important first step, in my view, toward this 
interoperable health information system through our Commission 
on Systemic Interoperability, and we are going to hopefully get 
that report, I think, in October. How will that work if that 
commission then transitions into the work of the AHIC? Can you 
give us some thoughts on that?
    Dr. BRAILER. Sure. We expressly are preparing for the 
reports from the Commission on Systemic Interoperability to be 
handed to the AHIC so they can review them from a perspective 
of implementation. How do they accomplish the recommendations 
that the CSI made? Further, Secretary Leavitt has asked the 
Commission to develop a consumer vision. What does this really 
mean to America's consumers if we had health IT to ensure that 
the AHIC is guided by that vision? So, there is a very 
important handshake between the two and we are actively 
involved with both as they sunset or start up.
    Mr. HULSHOF. I appreciate that. Madam Chair, I yield back 
my time.
    Chairman JOHNSON. Thank you, Mr. Hulshof. Mr. Camp?
    Mr. CAMP. Thank you, Madam Chairman. I am interested, as 
well, in this interplay between the AHIC, this community, and 
the Commission in the Medicare Modernization Act. I appreciate 
your service and certainly your credentials and training. In 
your testimony, you mentioned that the government would act as 
a leader and a catalyst and convener of ideas and information 
regarding the Nation's health IT, and then also that the 
private sector is key as the public will be the purchasers of 
this. I think it has been important to know that when we have 
seen government grapple with technology, particularly in the 
fuel-efficient car area, command and control choice of electric 
cars has ended up not being the direction that the technology 
went, primarily because consumers didn't purchase them. So, I 
think it is very important to have this private sector role, 
but again, having sort of begun this process in the Medicare 
Modernization Act, I would like to hear your thoughts on 
proceeding forward and sort of the time line that you see this 
taking in the months ahead.
    Dr. BRAILER. Sure. I appreciate that very much. We intend 
to have the AHIC seated in September. This group will meet 
several times per year, and the first thing they are going to 
do is prioritize certain breakthroughs where we think health IT 
can have a short-term impact. One of the ones that we will 
certainly do is e-prescribing. Because of the Medicare 
Modernization Act (MMA) (P.L. 108-173), it is already underway. 
Second, I am sure that we will deal with adverse drug event 
reporting. This is a necessary component of information 
collection to make Americans safer as a result of drugs that 
are on the market. Others will be prioritized by the AHIC 
Commissioners so we know where to focus our energy, on real 
things that people can see soon. We will then form work groups 
that are supported by our contractors to develop 
recommendations, and one of the real constraints in this 
process is even if today we wanted to mandate or require 
something, we don't know what to do. We don't have the 
standards agreed to or the certification criteria. So, we are 
going to work through that and make determinations of what 
should be done. Then the AHIC will then focus on how do we get 
it done, how to use purchasing power, how to align our 
interests with Federal agencies and private sector 
organizations. So, the prioritization will occur by early 2006. 
The breakthroughs will be managed on a yearly basis and we 
expect to see them happen over the course of a two-year period. 
Two-thousand-seven is where we have set the outside date for 
the first five breakthroughs to be seen visibly by the American 
public, and the rest will follow from there. We really focus on 
this two-year time horizon to have very urgent things done.
    Mr. CAMP. Thank you. Thank you, Madam Chairman.
    Chairman JOHNSON. Thank you very much. Mr. Stark, is Mr. 
Doggett----
    Mr. STARK. No, he is not returning.
    Chairman JOHNSON. He is not returning? Mr. McCrery had a 
follow-on question.
    Mr. MCCRERY. Thank you, Madam Chair. Dr. Brailer, you have 
said a couple of times today that there are just too many 
impediments to doctors, for example, purchasing this kind of 
technology for their offices. I just want to share with you an 
experience I had recently in my hometown of Shreveport, 
Louisiana. I had the opportunity to go visit a small group 
practice in Shreveport of family physicians, I think there are 
11 physicians in the group, and they have, in fact, on their 
own purchased IT and it is in use currently throughout their 
office, throughout their practice. The doctors have laptops 
that they can take with them when they are off. They have found 
it to be extremely useful in terms of providing safer, higher 
quality care to their patients, and that is why they invested 
in the technology. It makes them much more efficient. It makes 
them much more productive during the day. And because of the 
many elements of the technology that provide them information 
instantaneously, they feel much better when they prescribe a 
medication, for example, for one of their patients, because it 
immediately comes up on the screen, the other medications that 
that patient is taking, any dangers inherent in the different 
medications being prescribed. It is all right there. So, how do 
you reconcile that experience of mine with a relatively small 
group practice in Shreveport, Louisiana, having made that 
investment on their own--they are paying for it out of their 
pocket--with your conclusion that there are too many 
impediments, not the least of which is cost, to the general 
health care community?
    Dr. BRAILER. Well, I think there are two observations that 
that example brings through. First is the overwhelming power of 
why this is inevitable, why physicians using EHRs that can do 
the things to not only make their patients safer, but to 
liberate their own professional lives is inevitable. I remember 
that interns in practice today, interns that started residency, 
were born the same year the IBM personal computer came out. We 
should see more of that. That is one of the reasons that in 
answer to the question about how do we make sure that this is 
ultimately done, I think professional standards and the 
discipline of physicians will make this done because of the 
power of that. Now, on the flip side, those experiences are not 
that old. Most of the recent adoption that we see really is 
quite recent, in a couple or 3 years. So, it is really just now 
that the industry is digesting that and saying, wow, this 
really works. This is something that can really be a huge 
benefit, and that is one of the reasons that we see substantial 
increases. I would come back to this caveat. Eleven physicians 
is a large practice in the spectrum of physicians. It seems 
small as we view it, but that is well above the 50th percentile 
of size of practice. The real critical challenge are physicians 
between one and five physicians in practice that make up about 
38 percent of our care delivery, and those are the ones that 
don't have the resources. They look at an 11-physician group as 
a big group with lots of resources and a lot of help. So, 
everything is relative in this sense. I think the 100-physician 
groups will do fine. The 50-physician groups will do fine. The 
10 to 50, some will do it, as you have observed, and some may 
not, and it is going to require some help. But below that, it 
is a real challenge, and that is where we have focused most of 
our effort, is how to bring along small physician practices 
that are ultra-small, up to ten physicians, and there, it is 
quite hard even though they could themselves see that same 
vision.
    Mr. MCCRERY. Thank you. I just want you to consider that as 
you go forward in recommending or potentially recommending 
incentives that the government should pay for as we go forward 
in this. By the way, the one complaint that this physician 
group expressed was that their system was not able to 
communicate with the hospitals they dealt with and so forth, so 
it was somewhat limited in its application.
    Dr. BRAILER. Right. That is the other challenge that we 
talked about, and that really is the opener of clinical value 
to doctors.
    Mr. MCCRERY. Thank you.
    Chairman JOHNSON. Mr. Stark has a follow-on question.
    Mr. STARK. Dr. Brailer, earlier, you mentioned to me that 
you thought HIPAA was an unmitigated disaster, but I have to 
find out if that is the administration position or not. The 
administration has repeatedly said that HIPAA is a floor. Most 
notably two or 3 years ago, you chose not to adopt strong 
standards for protecting HIV/AIDS information and also 
eliminated the requirement for patient consent to use or 
disclose identifiable information. The administration used this 
argument again, that HIPAA was a floor, to reassure consumers 
that States would be able to address these personal and 
sensitive issues by providing a higher standard. Others today, 
other witnesses today will testify that the HIPAA standards are 
more than adequate to address the concerns of consumers and 
that HIPAA should be a ceiling, or put another way, the only 
protection we have for the privacy of our records. So, my 
question to you is, what is it? Is HIPAA a floor or is it a 
ceiling?
    Dr. BRAILER. I think that is a critical question and I 
appreciate it. First, I want to comment that HIPAA really, as 
you know, is two pieces. It is the privacy and security 
components, but it is also the transactional standards 
component. The discussion about standards, I think is one that 
we have watched very closely, that the standards that are now 
ensconced in HIPAA for those transactions are quite old. They 
were old when they began the debate and they are locked. It is 
very difficult to change those and even to fix errors in those 
standards, let alone to bring them up to date with current, 
modern thinking, modern as of 1980s thinking. So, this is one 
of the lessons that we have watched, about how do we allow for 
organic evolution of standards as determined by professional 
and scientific bodies, yet have the rule of law, and this is a 
challenge that I think we all grapple with. Now, turning to the 
privacy questions, I think there is a part of HIPAA that we 
have focused on a great deal which is not actually the State 
variation, the State, if you would, rules that could go beyond 
HIPAA, suggesting that it is a floor, but it is that HIPAA 
allowed enterprise-level, doctor-level, hospital-level 
flexibility with respect to privacy and security rules. That 
means that that flexibility, which meant that Kaiser in your 
district, for example, would want to have a higher level of 
privacy and security because it is a cyber target and it is 
much larger of a risk than a one- or two-physician practice who 
couldn't afford that, perhaps. That was the determination.
    What we see is that that variability, that flexibility is a 
direct barrier to interoperability because each organization 
sets their own security and privacy regime, and even if we had 
standards, even if we had architecture and systems that could 
connect, if you use a biometric for your password and I just 
use just a regular old password, I couldn't get your data if 
you told me that I could, and that is a piece that we are 
focusing on with one of our projects, which is to illuminate 
recommendations, policy guidance about how do we close that 
enterprise-level variation and at the same time advance the 
security and privacy protections. I will just give one other 
comment on HIPAA to the spirit of your question. I think HIPAA 
addressed a different paradigm than the one that we are heading 
toward and I think there is a very interesting debate about 
HIPAA. I think, though, there is a separate debate that is 
beginning around portability of information. The HIPAA was 
designed in a world that was manually controlled and paper-
based for clinical information, and as we move toward data that 
is electronic and flows around health care, disclosure controls 
are just one part of that dialog and there are many other 
pieces. We are trying to map out, what are the right questions 
to ask about the privacy regime that we would use in a highly 
portable, highly electronic, automated world of health 
information exchange? I don't have the answers. I am trying to 
get the questions assembled, because we want to make sure that 
health IT is not one example of where science and innovation 
goes far ahead of social discourse, and that is where we are 
focused today and that is one of my principal, principal 
priorities as I come to work every day. Thank you.
    Mr. STARK. Is your understanding that the administration's 
position is that HIPAA is a floor or a ceiling?
    Dr. BRAILER. Well, I think, definitionally, HIPAA is a 
floor because of the state of variability and the enterprise 
variability. The HIPAA sets a minimum that is set. In terms of 
where it should be, that is a separate question and I----
    Mr. STARK. Is it your opinion that it should remain that, 
allowing this enterprise flexibility and State flexibility?
    Dr. BRAILER. I----
    Mr. STARK. I think that is what you just testified. You----
    Dr. BRAILER. Yes.
    Mr. STARK. As to the enterprise flexibility----
    Dr. BRAILER. I will speak to your question, because it is 
one that I am very worried about. The challenge here is how do 
we adapt security and privacy regimes that could fit in a 
3,000-physician organization and one in a two-physician 
organization. I am not talking about what we should do, but I 
am talking, practically, what could be done with the resources 
and people and systems they have. I think flexibility, 
therefore, has inherently got to be part of this, because we 
can't impose multi-million-dollar costs on a small practice in 
the name of a security regime that results largely from an 
entity being at higher risk than a small practice. On the flip 
side, I think we can create interoperability in the kinds of 
security protections by creating some new kinds of modern 
protections, like trust brokers or a chain of trust managers 
who can actually navigate these transactions between different 
security regimes, at the same time, protecting them. It has 
been used in other industries. Banking, credit cards, and so 
forth, use this routinely. We are just exploring it in health 
care today, and I mean ``we'' meaning the industry. In the 
administration, we are watching it. In the private sector, 
there is some experimentation. Some policy groups, like 
Connecting for Health and others that I know you have heard 
from here, have looked at this. It is the question of the day 
about how far we can go into really modern technology 
innovations to protect innovation in health care and what that 
means in terms of the huge variability of types of 
organizations and practice settings.
    Mr. STARK. Thank you.
    Chairman JOHNSON. Thank you, Dr. Brailer. That is a very 
important question and will receive a lot of attention 
throughout the rest of the panel and I appreciate your thoughts 
on it. Thank you for being with us.
    Dr. BRAILER. Thank you both very much.
    Chairman JOHNSON. Thank you. The next panel will come 
forward. As is customary, we will hear each of the five 
panelists. You have 5 minutes, but your entire statement will 
be submitted for the record, and then we will proceed with 
questions. Good afternoon. Dr. Detmer, would you proceed?

STATEMENT OF DON E. DETMER, M.D., PRESIDENT AND CHIEF EXECUTIVE 
       OFFICER, AMERICAN MEDICAL INFORMATICS ASSOCIATION

    Dr. DETMER. Good morning, Chairman Johnson, Ranking Member 
Stark, members of the Subcommittee. I am Dr. Don Detmer, 
President and Chief Executive Officer of the AMIA, whose 3,200 
members include physicians, nurses, computer and information 
scientists and managers, biomedical engineers, academic 
researchers, and educators. Over the years, AMIA has provided 
many of the thought leaders who have pioneered the innovative 
use of information technologies in health care. As you 
mentioned in the introduction, I am a member of the Commission 
on Systemic Interoperability and a former Chair of the NCVHS. 
It is good to be back in front of the Health Subcommittee. My 
written testimony covers five major points, and I will 
summarize three of them now. First, the Office of the National 
Coordinator for Health Information. Dr. Brailer and his office 
have done an excellent job with very limited resources. 
Examples are the strategic framework and the recent RFPs, 
including State privacy and business approaches, but others 
come to mind, as well. His office needs to be established in 
statute and also given adequate funding. I also believe that 
the NCVHS as a senior health information advisory Committee 
will be a very valuable resource and sounding board and partner 
for him and Secretary Leavitt as the AHIC moves forward.
    The HIPAA--we have survived the formulation and early 
implementation of HIPAA. An evaluation of this experience is 
prudent, but the evaluation should not take too long and we 
need to move forward following this review. From my 
perspective, the privacy rule has been a success in clarifying 
the individual rights of all patients in relation to their own 
health information on a national basis and in establishing the 
responsibilities and legal obligations of all providers with 
whom patients interact. Undoubtedly, it has put privacy in the 
face of all patients, including some who may be personally more 
concerned about the inefficiency that it means and want less 
hassle. Nonetheless, HIPAA has allowed NHII to move forward, 
and I think this is a very big plus. As an unfunded mandate, it 
hasn't yet simplified administration, but it has allowed us to 
move forward with the NHII in terms of handling secure person-
specific information and setting important standards. However, 
a few big issues remain. Much better funding for clinical 
standards development and maintenance is needed, with the NLM 
playing a big role in this. Without this investment, Federal 
health information standards will not be sufficiently vetted 
and developed and real problems for the entire system will 
result. I support this investment, since ultimately, I think we 
will only get a functional interoperable NHII with real Federal 
health information standards in key areas. I mean by that 
essentially establishing meaningful floor-to-ceiling standards 
that preempt idiosyncratic State and business approaches.
    States, in my view, cannot effectively regulate the 
Internet, and I don't feel they can realistically regulate the 
information highway for health information. Only Federal 
leadership can develop this. This is a clear message from 
international evidence to date and we would do well to seek 
global collaboration on many of these standards. The NLM can 
help with this, too, and so, too, can ARC and others. 
Financing--financing health IT software, hardware, training, 
and the backbone for the networking dimension is a complicated 
matter. The Federal Government must play its role in this, as 
well. So, too, must all the entities affected, and we need 
innovative financing to support IT in such a way that we will 
improve access, safety, quality, greater patient involvement, 
data security, and efficiency. At the networking level, Stark 
and other fraud and abuse prohibitions have made some key 
players, such as hospitals and physicians, so totally risk 
averse that the development and implementation of a functional 
NHII is being impeded. Those are the big points, but I might 
add that I had the experience of living four-and-a-half of the 
past 6 years in England at Cambridge where I consulted to the 
National Health Service on its own national program for health 
IT. If you are interested, I might be able to reflect for you 
on any international dimensions of this important global 
development. You will note that I didn't stay long enough in 
East England to develop a local accent, and it is awfully nice 
to be back home with all the activity going on now.
    The AMIA wishes to publicly thank you, Chairman Johnson, 
for your outstanding and continuing leadership. Your 
perseverance has really mattered in this crucial arena of 
health information and transformation and national security. 
Mentioning national security, I personally consider the NHII to 
be as central to national security as the Interstate Highway 
System was considered during the Eisenhower administration. I 
thank you again for the invitation to testify. I look forward 
to responding to any questions you may have.
    Chairman JOHNSON. Thank you very much, Dr. Detmer. Ms. 
Kloss?
    [The prepared statement of Dr. Detmer follows:]

    Statement of Don E. Detmer, M.D., President and Chief Executive 
           Officer, American Medical Informatics Association

    Good morning. Chairman Johnson, Ranking Member Stark, members of 
the Health subcommittee: thank you for the opportunity to appear before 
you today. My name is Don Detmer. I am President and CEO of the 
American Medical Informatics Association, whose 3200 members include 
physicians, nurses, computer and information scientists and managers, 
biomedical engineers, academic researchers and educators. Over the 
years AMIA has provided many of the thought leaders who have pioneered 
the innovative use of information technologies in healthcare. In 
addition to my role with AMIA, I am a Professor of Medical Education in 
the Department of Public Health Sciences at the University of Virginia.
    Having been selected by Speaker Hastert, I currently serve on the 
Commission on Systemic Interoperability, which was created by the 
Medicare Modernization Act and which will make recommendations 
concerning the adoption and implementation of health information 
technology standards in a report to Congress later this year. From 1996 
to 1998 I served as Chairman of the National Committee on Vital and 
Health Statistics, whose mission, broadly, is to advise the Department 
of Health and Human Services on shaping a national information strategy 
to improve the nation's health. My tenure at NCVHS coincided with the 
expansion of the Committee's charge enacted in the Health Insurance 
Portability and Accountability Act of 1996, which gave the Committee 
significant responsibilities in regard to administrative simplification 
and privacy. In my role as NCVHS Chairman, I had the pleasure of 
appearing before the Health subcommittee on occasion, and today I would 
like to thank and congratulate the subcommittee for your abiding 
interest in, and commitment to, the development of health information 
policies to improve the quality, safety and efficiency of healthcare, 
while at the same time protecting the security and confidentiality of 
personal health information.
    As you consider the introduction of new legislation relating to 
health information technology and the development of a national health 
information infrastructure or NHII, let me comment today on three 
important issues:

      first, there is a critical need for ongoing Federal 
leadership in encouraging and shaping an NHII that benefits all 
stakeholders, especially patients;
      second, we should review ``lessons learned'' from the 
rollout of HIPAA standards to date and identify issues to be considered 
as additional health information standards are developed and 
disseminated;
      and, third, we should begin to address current 
disincentives--both real and perceived--that slow the implementation of 
health information technologies in our healthcare system, the most 
information-intensive enterprise in our economy.

The Need for Federal Leadership
    While it is the undoubted world leader in high technology clinical 
care and biomedical research, the U.S. healthcare system is an 
incredibly fragmented mix of very large and very small players, 21st 
century medical science mixed with uneven access, delivery and 
outcomes, and cottage-industry business practices. Market forces alone 
have not driven integration of the interests and needs of disparate 
participants: hospitals--physicians and other providers--payers--
employers--researchers--and, most important, patients. And, it is 
unlikely that they will. As a result, too few individuals have access 
to electronic health record systems and there is little 
interconnectedness of the systems that exist. Further, despite some 
progress, initiatives to measure and pay for quality have proven 
difficult to implement.
    Over the last 14 months, the Office of the National Coordinator for 
Health Information Technology, which is headed by Dr. David Brailer, a 
Fellow of AMIA's College of Medical Informatics, has done an excellent 
job in communicating a vision to support widespread adoption of 
interoperable electronic health records within the next 10 years, 
particularly in consideration of the resources available to it. AMIA is 
particularly pleased that among the four requests for proposals (RFPs) 
issued recently by the Office (ONCHIT) are contracts for an Internet-
based national health information network and for the development of 
processes for the harmonization of the various health information 
standards that are emerging. In regard to interoperability standards 
and the development of processes to certify health information 
technologies that can actually `talk' to each other and will allow the 
seamless integration of information systems to facilitate quality care, 
AMIA is also very supportive of the public-private American Health 
Information Community (AHIC) announced by Secretary Leavitt just last 
month.
    We strongly believe that HHS should be given explicit 
responsibility for ensuring the ongoing maintenance and dissemination 
of health information standards, with authorization for licensing and/
or other types of support. To give you a successful example of Federal 
leadership, I would point to Secretary Tommy Thompson's drive to 
complete the licensure and distribution of SNOMED-CT, a very useful 
`dictionary' of medical terminology, by the National Library of 
Medicine in 2004. AMIA firmly believes that the Department should draw 
heavily on the resources and expertise of the NLM, and we hope that the 
AHIC will use the Library's expertise in the maintenance and 
dissemination of further content standards.
    I understand that the legislation to be introduced soon by Chairman 
Johnson establishes the Office of the National Coordinator for Health 
Information Technology in statute, and I believe this step is a crucial 
one in clarifying Federal leadership. As part of our support for the 
Office of the National Coordinator, AMIA urges the appropriators on 
both sides of the Hill to provide for adequate funding of ONCHIT.

Examining HIPAA Lessons Learned So Far
    As we move--and we will continue to move--to develop an 
interconnected, interoperable health information system that will 
facilitate quality, access and patient-centeredness on a national and 
international basis, it is prudent to identify lessons we have learned 
so far from the administrative simplification provisions of HIPAA. 
Though the road was often difficult, if not actually painful, we have 
made a great deal of progress in establishing the rights of individuals 
to expect that their health information will be used appropriately and 
their privacy and confidentiality protected, and in imposing meaningful 
and reasonable obligations on health care providers, plans and payers, 
and others to comply with consistent Federal standards for the use, 
disclosure and transmission of health information.
    Where once some people in the healthcare system may have treated 
individual health information too cavalierly on at least some 
occasions, from my perspective it is manifestly clear that since the 
Privacy Rule took effect in 2003, doctors, hospitals, pharmacies, 
health plans and others have made really extraordinary efforts to 
inform individuals of their rights and to establish policies and 
procedures that protect sensitive health information. Today every 
individual has a Federal right to access his or her medical record and 
to expect that the healthcare system will keep that record secure and 
confidential. And these norms are national--no longer are your rights, 
or the legal responsibilities of those healthcare providers you deal 
with, defined by the unique features of the State in which you live. 
Even if HIPAA may have `backed' the nation into reasonable privacy and 
confidentiality protections, the roll-out has proved, on the whole, 
quite successful.
    Notwithstanding what I think have been extremely good faith efforts 
to ensure that personal data is adequately protected, I do not discount 
that some people--for instance, those with concerns about the security 
of especially sensitive information, such as HIV status or relating to 
mental health treatment--have continued concerns about health privacy. 
To my knowledge there have not been reports of any large-scale 
violations of the framework set in place by the HIPAA Privacy Rule. 
That is, individually identifiable health information is used and 
disclosed only for ``treatment, payment and health care operations'' or 
as otherwise specifically authorized by the individual. Does the 
Privacy Rule protect against patently unethical or extraordinarily 
careless acts--like the leaking of a celebrity's medical record to a 
tabloid magazine or the disposal of old medical records in a dumpster 
or a straightforward instance of identity theft? Of course not--but we 
cannot expect even the most carefully crafted information standards to 
prevent all illegal behavior. In such instances, active pursuit and 
strong penalties are needed when intrusions and misuses are identified, 
as a lesson to dissuade other from similar illegal behavior.
    Some will argue that the States must have the capacity to enact 
`more stringent' standards for health information--as is true under the 
Privacy Rule--for all health information standards, including those 
that are absolutely necessary for the development of an interconnected, 
interoperable national health information system. In the name of better 
healthcare, I must respectfully disagree. About half of all Americans 
live near State lines and multiple State approaches will most likely 
preclude efficient and seamless transmission of crucial health 
information. For example, it is not unusual at all for an individual to 
work in the District, live in Maryland, and receive health care in 
Virginia, with payments made by an insurer in any or all of these 
locations. If we are to ensure real-time availability of accurate and 
complete clinical information at the point of care, we simply cannot 
have the standards for the use, disclosure and transmission of the 
patient's health information subject to idiosyncratic requirements of 
individual States. Certainly, States do not intervene in similar 
situations, such as in the regulation of ATM use. States may impose 
varying requirements, like placing limits on allowable service fees, 
but they do not intrude into the information standards that facilitate 
the transmission of financial data, for example by requiring me to use 
a 4-digit pin at an ATM in Maryland but a 9-element alphanumeric pin at 
my home ATM in Virginia. In other words, the information exchange 
standards have been developed and agreed to by the banking industry and 
are national and international in their application.
    I doubt that we can get to the common standards and 
interoperability that must underlie the widespread adoption of 
electronic health records without Federal preemption of conflicting 
State laws. But rather than simply assert that proposition, let me note 
that, in relation to the Privacy Rule, since 1999 AMIA has called for a 
study of the impact of the lack of Federal preemption and the impact of 
varying State statutes on the rights and protections afforded to 
individuals and upon the quality, cost and effectiveness of health 
care. Thus, I am very pleased that the bill to be introduced soon by 
Chairman Johnson calls upon the Secretary to undertake such a study in 
relation to standards that have been adopted subsequent to HIPAA. 
Should the study show that varying State laws and requirements have a 
negative impact on health care delivery, quality and access, and that 
HIPAA has established meaningful privacy and security protections, it 
makes sense to move forward without delay on Federal preemption for all 
adopted HIPAA standards.

Disincentives That Have Slowed Implementation of Information 
        Technologies
    From 1999 through 2003 I had the privilege to serve as the Gillings 
Professor of Health Management at Cambridge University and to consult 
to the National IT programme of the National Health Service. As you may 
know, the British government is investing billions of pounds to 
implement a fully functional, patient-friendly, electronic health 
record and system. While this task might appear to be easier in some 
aspects because of Britain's single-payer system, of particular note to 
me was the observation that, even before the government's new 
investment, well over 80 percent of England's primary care physicians 
were facilitating patient care electronically, from booking 
appointments and writing prescriptions to making referrals, recording 
clinical notes and tracking treatment compliance. By contrast, it is 
estimated that fewer than 20 percent of U.S. primary care physicians 
utilize electronic health records.
    Interestingly, England's primary care practices are `wired' not 
because of government investment, but because the British 
pharmaceutical industry years ago offered to supply the necessary 
hardware and software to primary care doctors in return for access to 
anonymized prescribing information. In the United States I think such 
an arrangement would be seen as unseemly at best, and illegal at worst. 
While the British are neither less ethical nor more permissive of the 
misuse of identifiable health information than are Americans, in this 
country hospitals, physicians and other providers are incredibly 
reluctant to pursue any innovative financing for health IT, including 
networks that can securely link together a region's providers, because 
of their concerns about the Stark self-referral prohibitions and other 
fraud and abuse standards.
    Whether these concerns are reasonable--and perhaps, Mr. Stark, you 
would say they are not--we have hospital lawyers who absolutely insist 
that it is simply not acceptable for any third party to furnish any 
information technologies--whether hardware, software, training or other 
services--to any provider at less than a full, fair market price. While 
some healthcare systems and providers are moving forward under the 
current standards, the general consensus in the healthcare community is 
that the Stark provisions, while quite important in many respects, are 
constraining progress toward the roll-out of an interoperable NHII.
    It is in the interest of all stakeholders, including patients, that 
functional electronic health records and an interoperable health 
information system be deployed as promptly as possible. But the 
entities that are perhaps key to that deployment, the small and rural 
physician practices that still provide a majority of health care 
services in this country, are those that are least able to afford the 
capital investment for the purchase and hassle of implementing state-
of-the art IT systems. Especially because many of the `savings' of 
health IT accrue to other system participants, including employers, 
health plans and patients, financial outlays necessary for the purchase 
of the very building blocks of an NHII should reasonably come from a 
wide variety of sources, including government outlays and pay-for-
performance programs. Actually, pay-for-performance programs represent 
a clear argument for payers to provide some of the financing for health 
IT--because in order to pay for performance you have to be able to 
track performance and quality in the delivery of care, and to do that 
efficiently you need sophisticated information capabilities embedded in 
the healthcare system. Reasonable safe harbors for dissemination of 
health information technologies and services intended to improve 
healthcare quality, efficiency and access would encourage deployment of 
essential health information systems, and I am very pleased to 
understand that provisions to that effect will be included in Chairman 
Johnson's bill.

Educating the Healthcare Workforce
    There is no question that momentum for bringing healthcare into the 
information century is building, and this is a very good thing. But 
hardware and software and standards and certifications will not be 
enough--we must ensure that we have enough doctors, nurses and 
information specialists to take real advantage of the opportunities for 
improved care and efficiency and access that health information 
technologies and an interconnected national health information 
infrastructure can provide. Recently, AMIA announced its 10 by 10 
program, which aims to realize a goal of training 10,000 health care 
professionals in applied health and medical informatics by the year 
2010; it is off to a great start with an initial partnership with the 
Oregon Health and Science University, and many other universities are 
seeking to participate. Our program uses classes, tutorials, web-based 
and in-person sessions to equip health care professionals to use health 
information and health information technologies to benefit patient care 
and to advance medical knowledge. In fact, we know from research that 
well-trained health providers combined with robust IT systems produce 
safer, higher quality care delivery.
    With the supply of physicians essentially constant and the nursing 
workforce aging along with the baby boomers, we will only be able to 
address the increasing demands for care of a growing and aging 
population by developing a better trained workforce, especially more 
nurses skilled in the use of information and information systems. 
Increased Federal support for education and training will be needed to 
address this workforce reality--and AMIA, along with the American 
Health Information Management Association (AHIMA), will develop 
specific recommendations for that support.

A Few Conclusions
    In terms of the development and implementation of integrated health 
information systems with sophisticated capabilities, we have seen a 
great deal of progress in the last few years. Within the Veteran's 
Administration, for instance, the case for improved safety and higher 
quality through the proper use of IT systems--including electronic 
records, decision-support programs, and process tracking and change 
analyses--has been largely made. We have seen the creation of the 
Office of the National Coordinator for Information Technology and a 
Commission to Certify Health Information Technology. The Commission on 
Systemic Interoperability mandated by the MMA has been convened, and 
Secretary Leavitt has announced a plan to create an American Health 
Information Community that will spearhead a range of public-private 
initiatives to develop information standards, certify new technologies, 
and provide long-term planning and governance for the electronic health 
environment. Someday we may look back at this moment and say, ``The 
rest is history''--but not just yet. Additional legislation and Federal 
support, and the development of accepted, enterprise-wide standards 
will be required if true interoperability and connectedness are to 
occur.
    From the start, Chairman Johnson has recognized the potential for 
improving the nation's healthcare system through the proper use of 
information technologies. Further, she has been willing to face the 
complicated and difficult issues involved. All of us in healthcare are 
grateful and most appreciative for her wisdom, energy and persistence 
over the years. As I understand the Chairman's current bill, it does 
not try to address all of the issues involved in creating an NHII to 
improve healthcare quality, access and patient-centeredness. But it 
does forthrightly address some key `sticking points' that are keeping 
the nation from moving forward as quickly as we should and among them 
are first, establishment of the Office of the National Coordinator in 
statute; second, addressing the impact on patient's rights and on 
healthcare quality and safety of varying and conflicting State and 
Federal information standards; and, third, reducing some current 
disincentives to the adoption of available health information 
technologies. AMIA looks forward to prompt consideration of the 
legislation and to supporting its implementation.
    It is my strong belief that the development of an interoperable, 
inter-connected national information system is not only a healthcare 
issue; it is really a matter of national security. Whether that point 
will be brought home by an outbreak of avian flu in a U.S. population 
center or an episode of bioterrorism or the occurrence of transmissible 
disease in our food supply chain, I do not know--but I do believe that 
any of those events could occur, and that we will be greatly hampered 
in our response if we cannot make information that is crucial for the 
public health and economic interests of our country available to the 
appropriate authorities in the most timely fashion possible. While a 
functional NHII will facilitate broad improvements in health care 
quality, access and affordability, it will also assist in protecting 
our security and I would urge your leadership in facilitating its 
development with all due speed.
    Thank you for the opportunity to appear before you today. I will be 
happy to answer any questions.

                                 

  STATEMENT OF LINDA KLOSS, CHIEF EXECUTIVE OFFICER, AMERICAN 
        HEALTH MANAGEMENT ASSOCIATION, CHICAGO, ILLINOIS

    Ms. KLOSS. Chairman Johnson, Mr. Stark, and members of the 
committee, my topic this morning is the quality of health data 
in the United States, and I have been asked to speak 
specifically to the status of the Code sets in place and other 
on the opportunities to support and enhance improved data for 
use of health IT. The American Health Information Management 
Association and its 50,000 professional members are deeply 
committed to and actively participating in the adoption of 
standards based and the interoperable health IT. We are on the 
frontlines in implementing EHRs and other technologies, but 
technology alone is not enough. We need a concerted effort to 
ensure the quality of the data is as good as it can be, and we 
must start by improving the classification system for coding 
medical diagnoses and procedures. The current system, called 
ICD-9-CM, was developed and implemented in the 1970s, and we 
believe it must be replaced by ICD-10-CM to classify diagnosis 
data, and ICD-10-PCS to classify data about medical procedures. 
Both of these ICD-10 replacement systems have been developed by 
Federal agencies, the Centers for Disease Control and the CMS, 
and both agencies have testified on several occasions regarding 
the need for better classification systems to improve 
information used in their programs.
    According to HIPAA, the Department of Health and Human 
Services must approve adoption of new code sets, and I would 
suggest that Congress can certainly aid in this process by 
supporting and requiring the Secretary to publish a proposed 
and then a final rule for adoption as soon as possible, and 
briefly, here is why. Each time we receive medical care, 
doctors, nurses, and other professionals collect important 
information about our health. They record our medical 
conditions and illnesses and types of treatment we received, 
any procedures performed, and then each piece of information 
gets assigned a code. This coded data is the foundation for 
billing, claims processing, payment and pricing. It is used for 
public health and quality reporting, bio-surveillance, 
research, pay-for-performance systems, provider credentialing, 
fraud detection, and many other important uses. In other words, 
it underlies all of the major programs that this committee 
oversees and is looking to advance. The problem is that the 
current ICD-9 classification system is obsolete and it is 
beyond repair. Nearly every other developed country in the 
world has already replaced it with a version of ICD-10.
    Consider how medical practice has changed over the past 30 
years--new diseases, new treatments for those diseases, new 
medical procedures, threats of bioterrorism. The coding system 
we are using today was developed in the early 1970s, before 
MRIs, before laser surgery, before any of us had heard of AIDS 
or any of the medications used to treat it today, and this is a 
real problem. The value of a good classification system is its 
ability to accurately represent procedures that are performed 
or the illness that is diagnosed, and that is precisely what is 
missing from our current system. In addition, we are finding 
that the current system for classifying procedures is actually 
running out of codes. There are about 70 remaining unassigned 
codes, and the implications of this for quality reporting, 
research, and the appropriate payment for advanced medical 
technology are pretty obvious. We also believe that adoption of 
ICD-10 and ICD-10-PCS is an essential component of the health 
IT strategy being advanced by Congress and the administration, 
not a diversion from it. There are opportunities through ICD-10 
to link to SNOMED-CT, which, as you know, has been licensed by 
the Federal Government. We can create robust mappings from 
SNOMED to ICD and leverage the opportunities of technology for 
automated coding going forward, offering a new paradigm for 
health data capture, aggregation, and reporting. In the future, 
it will be possible to use a variety of classification systems 
to meet specific information needs without laborious manual 
coding, and this is precisely what AHIMA and others are working 
toward.
    According to a 2003 Rand study, the benefits of 
implementing ICD-10 and PCS will outweigh the costs within a 
few years of implementation, and Rand noted that the cost of 
doing nothing may be greater than the cost of going forward 
with adoption. In summary, we urge Congress to move forward 
with ICD-10 in the United States and also to leverage through 
our health IT initiatives to redouble our efforts to ensure 
uniform coding practice and adherence to coding guidelines. I 
thank you so much, commend you for your leadership, and I will 
be very happy to answer questions on this important topic.
    [The prepared statement of Ms. Kloss follows:]

   Statement of Linda Kloss, MA, RHIA, CAE, Chief Executive Officer, 
 American Health Information Management Association, Chicago, Illinois

    Chairman Johnson, Mr. Stark, and members of the committee, thank 
you for this opportunity to address the quality of health data and 
actions that are needed to improve it as part of the overall U.S. 
health IT initiative.
    The American Health Information Management Association and its 
50,000 health information management professional members are deeply 
committed to and actively participating in the adoption of standards-
based and interoperable health IT. We are on the front lines in 
implementing electronic health records and other technologies as well 
as the implementation of local and national health information exchange 
and continue to be on the forefront of professional activities 
including privacy, confidentiality, security, data integrity, consumer 
and professional education.
    My comments this morning relate to the urgent need for the 
Department of Health and Human Services to immediately initiate the 
regulatory process for adoption and implementation of ICD-10-CM and 
ICD-10-PCS code sets (referred to as ICD-10), rules, and guidelines as 
a replacement for the 30-year-old ICD-9-CM. ICD-9-CM is not meeting 
current healthcare data needs and cannot support the transition to an 
interoperable health data exchange in the U.S.i HHS must 
issue a final rule for adoption of ICD-10 as soon as possible to 
reverse the trend of deteriorating health data and to allow the 
healthcare industry to prepare for a smooth transition to modern 
classification systems by 2008.
---------------------------------------------------------------------------
    \i\ ICD stands for the International Classification of Diseases. 9 
stands for the 9th revision and 10 for the 10th revision. CM stands for 
Clinical Modification (a U.S. version of ICD-9 or ICD-10) ICD-9 and 
ICD-10 were developed and copyrighted by the World Health Organization 
(WHO). The WHO no longer supports ICD-9. ICD-10-PCS is a procedural 
coding system designed by the Centers for Medicare and Medicaid to 
replace the current inpatient procedural coding system currently 
included as part of ICD-9-CM.
---------------------------------------------------------------------------
    Specifically we are calling for the following action by HHS and the 
healthcare industry, and urge your support for these actions:

      HHS must immediately initiate the regulatory processes to 
permit final implementation and use of upgrades to the deficient ICD-9-
CM classification system by October 1, 2008. This upgrade will affect 
all diagnoses coding currently Volumes 1 and 2 of ICD-9-CM, as well as 
inpatient procedural coding, currently Volume 3 of ICD-9-CM.
      Adoption of final rules as early a possible in 2006 will 
give the healthcare industry ample notice to commence systems 
conversion and other steps necessary to ensure a smooth and efficient 
implementation.
      A coordinated, collaborative implementation strategy 
should be developed by industry stakeholder representatives to ensure 
broad input and a consensus-driven transition process.
      System conversions and upgrades to implement ICD-10-CM 
and ICD-10-PCS should be accomplished by healthcare entities in 
conjunction with the UB-04 and CMS 1500 (diagnosis codes only) system 
changes.
      Robust, rules-based, maps among SNOMED-CT', 
ICD-10-CM and ICD-10-PCS, and ICD-9-CM should be developed promptly and 
distributed via the Unified Medical Language System 
(UMLS).ii
---------------------------------------------------------------------------
    \ii\ See AHIMA's Position Statement on Implementation of SNOMED-
CT'--www.ahima.org/dc/positions AHIMA has also authored a 
white paper Coordination of SNOMED-CT' and ICD-10: Getting 
the Most Out of Electronic Health Record Systems, which provides a 
complete description of the roles of terminologies and classifications 
in EHR systems and the importance of mapping to effectively use 
clinical information for multiple purposes.

    [I have placed a simple ``understanding ICD-10'' at the end of this 
testimony and this includes how ICD-10 would impact electronic health 
records.]
    ICD-9-CM should have been replaced nearly 10 years ago. Each year 
that passes results in further deterioration of the classification 
system and the data that it produces:

      The ICD-9-CM coding structure and capabilities are in 
crisis. There are very few unassigned codes remaining to accommodate 
new diagnoses and procedures.
      In addition to no further capacity for expansion, many of 
the codes now in use do not accurately describe the diagnosis or 
procedure concepts they are assigned to represent.
      While the U.S. has used ICD-10 coding to report mortality 
data since 1999, we are now virtually the only industrial nation that 
has not upgraded its morbidity classification system. This failure 
threatens our ability to track and respond to international threats to 
public health and bioterrorism. Rather than being a world leader in the 
collection of high-quality health data, the U.S. lags far behind.

    At a time when Congress and the Administration are making 
significant progress toward improving our health information 
infrastructure, the critically needed upgrade of ICD-9-CM has been 
delayed with little acknowledgement of the serious consequences and no 
clear plan for fixing the problem. Further delays in adoption of ICD-
10-CM and ICD-10-PCS increase the cost of an eventual implementation 
once ICD-9-CM completely breaks down. While the U.S. is working hard to 
adopt health information technology, it must also accommodate a robust 
21st-century classification system.
    According to the 2003 Rand study commissioned by the CDC, the 
benefits of implementing ICD-10-CM and PCS outweigh the costs within a 
few years of implementation. Rand further noted that the cost of doing 
nothing may be greater than actual implementation and further delay in 
adoption is likely to increase future implementation costs. This 
research did not examine the upgrade to ICD-10 as a component of the 
overall health IT improvements and thus it did not factor in the 
potential to change the paradigm of coding through accelerating the 
development of computer assisted coding tools. Thus, the potential 
benefits may be accelerated.
    Adoption of national electronic health records (EHRs) and 
interoperable information networks require improved classification 
systems for summarizing and reporting data. Government and industry 
leaders cite healthcare initiatives that rely on data but are in fact 
compromised by the continued use of ICD-9-CM. These include quality 
measurement, pay-for-performance, medical error reduction, public 
health reporting, actuarial premium setting, cost analysis, and service 
reimbursement.iii iv Classifications systems are key 
elements of the health information improvement strategy. Failure to 
upgrade ICD-9-CM diminishes the value of the U.S. investment in SNOMED-
CT'. The anticipated benefits of an EHR cannot be achieved 
if SNOMED-CT must be aggregated into an antiquated classification 
system like ICD-9-CM. Conversion to ICD-10-CM and ICD-10-PCS will not 
only produce better information and support development of computer-
assisted coding, they will serve as the necessary foundation for 
continued improvements and expansion of 21st-century classification 
systems, nationally and internationally
---------------------------------------------------------------------------
    \iii\ See AHIMA's Position Statement on Consistency of Healthcare 
Diagnostic and Procedure Coding--www.ahima.org/dc/positions
    \iv\ See Medicare Payment Advisory Commission March 2005 Report to 
Congress Chapter 4: Strategies to improve care: Pay for performance and 
information technology--www.medpac.gov
---------------------------------------------------------------------------
    Healthcare providers, payers, and vendors are waiting for a notice 
from HHS signifying the intent to implement ICD-10 in order to begin 
planning and preparing for an anticipated use date. Vendors also need 
this notice to ensure new products will be available to accommodate 
these more advanced classification systems. U.S. healthcare entities 
will soon be converting databases and applications systems to 
accommodate the upgrades to UB-92 and the CMS 1500 claims forms and 
data sets. It would be effective and efficient to make ICD-9-CM 
upgrades at the same time. Without some indication that implementation 
is on the horizon, healthcare providers, payers, and vendors will be 
reluctant to make these necessary changes concurrently.
    As I have noted, the ICD-9-CM coding standard is in serious crisis. 
Terminologies and classifications from the 1970's no longer fit with 
the 21st century healthcare system as numerous conditions and 
procedures are outdated and inconsistent with current medical knowledge 
and application. New advances in medicine and medical technology and 
the growing need for quality data cannot be accommodated. Data 
incomparability continues to increase globally and within the U.S. due 
to the use of these antiquated code sets. As of the spring 2005 ICD-9-
CM coordination and maintenance cycle, the U.S. now has less than 70 
remaining codes to represent health technology in the future. Two 
simple examples of the gross inadequacy of this classification system:

      ICD-9-CM offers two codes for asthma, extrinsic and 
intrinsic. Current medical knowledge no longer considers this a 
clinically relevant distinction. In ICD-10-CM asthma codes are 
differentiated by mild persistent, moderate persistent; and severe 
persistent, which are the terms used in evidence-based practice 
guidelines.
      In the area of procedures, ICD-9-CM simply lacks 
important specificity. There is a single non-specific code for ``other 
revision of vascular procedure'' encompassing a wide variety of 
surgeries on blood vessels. ICD-10-PCS in contrast will allow capture 
of the type of surgery, the specific artery or vein involved, and use 
of a device such as a graft or prosthesis. This kind of detail is 
essential for evaluating outcomes and efficacy and may decrease the 
supplemental information that is required to adjudicate a claim, in the 
form of a paper attachment or actual review of the medical record.

    Data coded under the ICD-9-CM system are the foundation for 
billing, claims processing, payment and pricing. It is used for public 
health and quality reporting, biosurveillance, research, pay for 
performance, provider credentialing and fraud detection. In other 
words, it underlies all the major programs that this Committee oversees 
and is looking to advance. However, ICD-9-CM does not meet any of the 
following criteria:

      Code set standards outlined by the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA);
      New services and technology that must be acknowledged in 
CMS payment systems according to the Benefits Improvement and 
Protection Act of 2000 (BIPA); or
      Characteristics of a procedural coding system outlined by 
the NCVHS in 1993.

    Significant costs are incurred by continued use of severely 
outdated and limited coding systems. For example, failure of our coding 
systems to keep pace with medical advances results in the use of vague 
or incorrect codes often taken from the claims form and thereby 
requiring excessive reliance on supporting paper documentation 
(attachments or copies of the health record).
    When the need to replace ICD-9-CM was identified in 1993, steps 
were taken by the National Committee on Vital and Health Statistics 
(NCVHS), the National Center for Health Statistics--CDC (NCHS) and the 
Centers for Medicare and Medicaid Services (CMS--then HCFA) to develop 
a migration plan to ICD-10 for morbidity and mortality coding. ICD-10 
use for mortality coding in the U.S. was initiated in 1999, however, 
while the rest of the industrial countries are now using their 
variations of ICD-10 for all reporting, the U.S. continues with the 
unsupported ICD-9-CM (the World Health Organization (WHO) now 
exclusively supports ICD-10) leading to data incomparability with the 
rest of its global community.
    Extensive work and dedication has gone into developing and 
evaluating these systems as replacements for ICD-9-CM. While there is 
significant support for this ICD-9-CM upgrade, there is also a segment 
of the healthcare industry, clinging to antiquated legacy systems, who 
continues to argue for further delay choosing to forgo the benefits of 
improved data and information available through 21st-century 
terminology and impeding progress toward achieving critical U.S. 
healthcare goals.
    In November 2003, the NCVHS recommended that HHS initiate the 
regulatory process for the adoption of ICD-10-CM and ICD-10-PCS as 
replacements for the 30-year-old ICD-9-CM. At that same time, 
Congress--in language included in the Medicare Prescription Drug, 
Improvement and Modernization Act (MMA)--urged the HHS Secretary to 
move forward with promulgation of rules for adopting and implementing 
ICD-10-CM and ICD-10-PCS. It is now 2005--a year and a half after these 
distinguished recommendations--and HHS has taken no action.
    We believe that adoption of ICD-10-CM and ICD-10-PCS is a component 
of the health IT strategy being advanced by Congress and the 
Administration, not a diversion from it. You are aware that the federal 
government has licensed SNOMED-CT' to make it available at 
no charge as a reference terminology in electronic health records. 
Mappings must be built from SNOMED-CT to ICD-10 so robust computer 
assisted coding applications will be available for 
adoption.v Today, the National Library of Medicine is 
preparing mappings to ICD-9-CM because there is not yet a final rule 
for ICD-10. I liken this to putting a model T engine in a Porsche.
---------------------------------------------------------------------------
    \v\ Background on SNOMED-CT and Mapping
---------------------------------------------------------------------------
    Electronic health records based on a reference terminology, such as 
SNOMED-CT, offer a new paradigm for health data capture, aggregation 
and reporting. In the future, it will be possible to use a variety of 
classification systems to meet specific information needs without 
laborious manual coding. This is what AHIMA and others are working 
toward. But it will take years for these technologies to be built and 
fully deployed in all provider and payer organizations throughout the 
U.S. A date certain for implementation of ICD-10 will drive application 
development and accelerate adoption of reference terminologies, 
mappings and artificial intelligence-aided coding engines. It will 
permit IT vendors, providers and payers to prepare for the change and 
develop software ``crosswalks'' between ICD-10 and ICD-9-CM to 
accommodate organizations that cannot overcome legacy system 
limitations before the effective date.
    In addition to adopting ICD-10, the U.S. must redouble its efforts 
to ensure uniform coding practice and adherence to coding guidelines. 
The 1996 HIPAA legislation called for uniformity of transactions and 
code sets, but states and payers, including CMS, persist in adopting 
local rules and guidelines that further undermine data integrity and 
add to administrative costs. If we are to have reliable interoperable 
data and cost effective fraud-deterring systems, we must promote 
uniformity no matter where the data originates and no matter who the 
payer is. This is a first, but important step in improving the quality 
of health data through standards.
    I commend your leadership in supporting health IT improvements and 
urge you to codify the important work of the Office of the National 
Coordinator in the Department of Health and Human Services. I also 
commend your action to safeguard the privacy and security of personal 
health information. Health information management is fundamentally a 
field that safeguards patient data--its integrity, its effective use, 
and its privacy and security.
    In closing, we urge Congress to expedite adoption of ICD-10-CM and 
ICD-10-PCS and standards that will improve the accuracy and consistency 
of health care data. I stand ready to answer questions and to provide 
any additional information that is not covered in my written testimony. 
Thank you.

Understanding ICD-10
    ICD-10-CM is a U.S. clinical modification of the World Health 
Organization's (WHO's) International Classification of Diseases, 10th 
edition (ICD-10) is maintained by the National Center for Health 
Statistics (NCHS). ICD-10 is now implemented or being implemented in 
all highly developed nations except the U.S. ICD-10-PCS was designed 
under contract by the Center for Medicare and Medicaid Services (CMS), 
specifically to replace the ICD-9-CM procedural coding system.
    The U.S. is the only developed country that has not adopted ICD-10 
for mortality and morbidity. A total of 99 countries are currently 
using ICD-10 for both mortality and morbidity. The U.S. has used ICD-10 
since 1999 for mortality reporting only. We need to implement ICD-10-CM 
in order to maintain comparability between mortality and morbidity 
data.

Improved Data
    ICD-10 provides better data needed to meet the demands of an 
increasingly global and electronic healthcare environment. The ways in 
which coded data are being used today go well beyond the purposes for 
which ICD-9-CM was designed for back in the 1970s. Significant advances 
in the understanding of disease and treatment have been made over the 
last 30 years.
    ICD-10 provides a significant opportunity to improve the capture of 
information about the increasingly complex delivery of healthcare. ICD-
10 will provide:

      Better data to support quality and patient safety 
improvement activities
      Better data for improved public health and bio-terrorism 
monitoring
      Better data for more accurate reimbursement rates.

ICD-10 and the EHR
    ICD-10-CM and ICD-10-PCS are better suited for use in electronic 
health record systems (EHR) than ICD-9-CM. The expanded availability of 
SNOMED-CT' made possible by recent government licensing 
agreement increases the urgency of replacing ICD-9-CM with ICD-10-CM/
PCS so the development of mapping tools to the ICD-10-CM and ICD-10PCS 
can be initiated. Valid maps are urgently needed to link from a highly 
specific terminology to a classification system so that information 
captured in the reference terminology can utilize the power of summary 
required for healthcare reporting and indexing offered by the 
classification systems. ICD-10 medical coding system facilitates more 
robust mapping from SNOMED-CT clinical reference terminology in the EHR 
due to its greater size and granularity.
    Continued use of the outdated version of ICD (ICD-9-CM) diminishes 
the value of the U.S. investment in SNOMED-CT'. The 
anticipated benefits of an EHR cannot be achieved if the reference 
terminology employed in the EHR, such as SNOMED-CT', is 
aggregated into a 30-year-old classification system such as ICD-9-CM 
for administrative use and indexing. Mapping from SNOMED-CT to ICD-10 
will improve the value of clinical data as it will:

      Facilitate retrieval of coded data at the desired level 
of detail depending on the purposes for which the data are being used
      Allow for administrative reporting functions such as 
reimbursement and statistical analysis not possible with SNOMED-CT 
alone.

    As part of their recommendations for patient medical record 
information terminology standards, NCVHS urged the federal government 
to promote the creation and maintenance of mappings between the 
recommended core set of terminologies, which includes SNOMED-
CT', and medical code set standards designated under the 
Health Insurance Portability and Accountability Act (HIPAA).
    Replacing ICD-9-CM with ICD-10-CM is necessary in order to maintain 
clinical data comparability with the rest of the world concerning the 
conditions prompting healthcare services. The longer the healthcare 
industry continues to use ICD-9, the more difficult it becomes to share 
disease and mortality data at the time when such global data sharing is 
critical for public health. For example:

      ICD-10-CM would have better documented the West Nile 
Virus and SARS complexes for earlier detection and better tracking
      ICD-10-CM also provides the ability to track bio-
terrorism events and other public health outbreaks.
SNOMED-CT:
      Is a comprehensive, precise clinical reference 
terminology that contains concepts linked to clinical knowledge to 
enable accurate recording of data without ambiguity;
      Is specifically designed for use in an EHR:
          It is incompatible with a paper-based health record 
        system.
          Integrated into software applications, it represents 
        clinically relevant information in a reliable, reproducible 
        manner;
      Supports clinical decision support systems, computerized 
physician order entry systems, and critical care monitoring;
      Facilitates communication among clinicians and improves 
the quality of data available for research and measurement of clinical 
outcomes;
      Ensures interoperability of patient information across 
software applications for disease management, treatments, etiologies, 
clinical findings, therapies, procedures, and outcomes;
      Provides a common language that enables a consistent way 
of capturing, indexing, storing, retrieving, and aggregating clinical 
data across clinical specialties and sites of care;
      Contains concepts linked to clinical knowledge to enable 
accurate recording of data without ambiguity;
      Works through implementation in software applications, 
representing clinically relevant information in a reliable, 
reproducible manner;
      Contains over 364,400 concepts with unique meanings and 
formal logic-based definitions; more than 984,000 English language 
descriptions or synonyms; and approximately 1.47 million semantic 
relationships.
Mapping
    The purpose of mapping is to provide a link between one terminology 
and another in order to: v

      Use data collected for one purpose for another purpose,
      Retain the value of data when migrating to newer database 
formats and schemas, and
      Avoid entering data multiple times and the associated 
risk of increased cost and errors.

    See the AHIMA white paper, Coordination of SNOMED-CT and ICD-10: 
Getting the Most Out of Electronic Health Record Systems, for a 
complete description of the roles of terminologies and classifications 
in EHR systems and the importance of mapping to effectively use 
clinical information for multiple purposes.

                                 

    Chairman JOHNSON. Thank you. Dr. Weiss?

  STATEMENT OF ALLEN WEISS, M.D., PRESIDENT, NAPLES COMMUNITY 
          HOSPITAL HEALTHCARE SYSTEM, NAPLES, FLORIDA

    Dr. WEISS. Chairwoman Johnson, Representative Stark, 
distinguished members of the committee, thank you for the 
opportunity to advocate for patients, communities, care givers, 
and payers, whom we all agree have benefited by the use of IT 
in health care. My comments are based primarily on my own 
experiences that I believe may be typical for many care givers 
and leaders in health care today. More than half of the care in 
the United States today, as we have already heard, is from solo 
and small group practices of ten or fewer physicians. Naples, 
Florida, mirrors these demographics. By brief way of 
background, I was in solo private practice of rheumatology, 
internal medicine, and geriatrics for 23 years in Naples, 
Florida, before becoming President of the Naples Community 
Hospital System in the year 2000. When I was asked to join the 
leadership team at Naples Community Hospital, we had many 
independent, stand-alone, best-of-breed computer systems within 
the building. The interfaces among these systems were always 
intricate to build, expensive to maintain, and difficult to 
use.
    Learning best practices from other industries, such as 
manufacturing and banking, showed the wisdom of integration of 
systems. Having a common data repository accessible in 
different ways depending on the various needs of patients, 
providers, and payers, is key to both safety and efficiency. 
The push for an internal, seamless integration started 
seriously at Naples Community Hospital about 5 years ago. A 
dramatic improvement in functionality resulted from 
integration. This internal integration needs to be duplicated 
outside the hospital in the community, where the majority of 
patient care is rendered today. Any action facilitating 
integration at the time of installation is much more effective 
than late integration or none at all. Once computer systems are 
purchased, installed, and functional, they are difficult to 
change. Birth is easier than resurrection. Clearly, IT in 
health care will be the ten exchange that Andrew Grove, former 
chairman of the board of Intel Corporation, referred to in the 
past. Medical errors have been shown to decrease up to 95 
percent at Vanderbilt Children's Hospital in a study published 
in the January 2004 issue of Pediatrics. Naples Community 
Hospital's experience shows over a 50 percent decrement in 
reported medication errors since medicine administration was 
automated using bar code technology and an electronic medical 
record. IT's remarkable effect on efficiency will be documented 
in a study to be published this September by Dr. Richard 
Homestead, Co-Director of Rand Enterprise Analysis.
    Naples Community Hospital's experience with the prevention 
of pressure ulcers similarly reflects cost savings by 
decreasing the length of the patient's hospital stay. Pressure 
ulcers typically form on an area of the body under pressure in 
frail elderly patients. While the 2005 national prevalence was 
7.3 percent, Naples Community Hospital's recent prevalence was 
1.7 percent. The use of IT to assess risk and initiate 
prevention in a timely manner yielded a huge savings in terms 
of misery and money. The most important problem to be solved 
today is the propagation of IT with integration. At least four 
options or combination of options are possible. Number one, 
allow the current stand-alone best of breed systems to evolve, 
hoping the purchasers of these systems will only demand 
integration. Number two, ask State or Federal government to 
modify rules and regulations that would facilitate propagation 
of integrated IT. Number three, ask the health care IT industry 
to work together with payers, providers, and consumers to 
develop common standards. Number four, ask payers, namely the 
insurers, both governmental and commercial, to financially 
support IT, whether by direct funding or implementation or by 
increased reimbursement for providers who do use IT in their 
practices, thinking that the cost of care would decrease as 
care is rendered in a more efficient and safe manner. Thank you 
for the opportunity to assist in this important endeavor.
    [The prepared statement of Dr. Weiss follows:]

 Statement of Allen Weiss, M.D., President, Naples Community Hospital 
                   Healthcare System, Naples, Florida

    Chairwoman Johnson, Representative Stark, distinguished members of 
the Committee:
    Good Morning. Thank you for the opportunity to advocate for 
patients, communities, care givers, and payers who must benefit by the 
use of information technology (IT) in healthcare. My comments are based 
on my own experiences that, I believe, may be typical for many care 
givers and leaders in healthcare today.
    By brief way of background, I was in solo private practice of 
Rheumatology, Internal Medicine and Geriatrics for twenty-three years 
in Naples, Florida before becoming President of the Naples Community 
Hospital Healthcare System (NCH) in 2000. During my last decade of 
private practice I used a computer system for billing purposes. During 
my last two years of practice I additionally used an inexpensive, 
commercially available voice recognition system for recording clinical 
information. Mine was not a ``high tech'' office, and I was not a 
``high tech'' person; my situation was rather typical of many offices 
across the United States at that time and even today where the majority 
of physicians are in either solo or small group practice.
    When I was asked to join the leadership team at NCH, we had many 
independent ``stand alone--best of breed'' computer systems. The 
interfaces among those systems were always intricate to build, 
expensive to maintain, and difficult to use. Learning best practices 
from other industries such as manufacturing and banking showed the 
wisdom of integration of systems. Having a common data repository that 
can be accessed in different ways depending on the various needs of 
patients, providers, and payers is the key both to safety and 
efficiency. The push for internal, seamless integration started 
seriously at NCH about five years ago. Now, this internal integration 
needs to be duplicated outside the hospital, in the community where the 
majority of patient care is rendered.
    NCH is typical of many hospitals in terms of size and 
demographics--two locations with 539 beds, almost 4000 employees, over 
35,000 admissions, 4000 births, 600 open hearts surgeries, and 130,000 
emergency room visits per year. We care for all who come to our 
hospital, with approximately 24% of our patients uninsured, unable to 
pay, or on Medicaid.
    We are a not-for-profit community-based system with three core 
competencies--demonstrative quality, operational efficiency and fiscal 
responsibility. Operational efficiency, with the extensive use of IT, 
nurtures demonstrative quality, in turn leading to fiscal 
responsibility.
    In striving to demonstrate quality, we earned a Healthgrades top 5% 
overall rating and a top 5% rating in cardiac, stroke, and pulmonary 
along with a top 3% in patient safety. We volunteered to participate in 
the Center for Medicare and Medicaid Services (CMS) project to 
demonstrate quality. This project compares us to 277 other hospitals 
that have also volunteered regarding measures for congestive heart 
failure, acute myocardial infarct (heart attack), coronary bypass (open 
heart surgery), community acquired pneumonia, and joint replacement 
(hip and knee). We also use a balanced scorecard as popularized by 
Norton and Kaplan. This scorecard stresses both quality metrics and 
operational efficiencies in addition to the traditional financial 
metrics. The leadership team at NCH believes that these quality awards 
were facilitated by the use of IT.
    NCH's most fundamental core competency is operational efficiency. 
Information technology is the tool that allows caregivers to provide 
better care more efficiently. A common metaphor concerning IT compares 
a hand and power drill. Both tools can produce the same end product, 
namely a hole, but the power drill accomplishes the task with a 
fraction of the energy in a fraction of the time. IT correctly used can 
not only drill the hole, but also guarantee that the hole was made in 
the right place without doing any neighboring damage. Moreover, IT's 
improved ease, speed, accuracy, and reliability in a process can, more 
fundamentally, encourage other processes to change.
    Hospitals are set-ups for tremendous inefficiency. For example, a 
common scenario is a duplicate laboratory test: the attending 
physician, after assessing the patient, orders an appropriate test, 
followed by the consulting physician, not able to read or find the 
order in the chart, ordering the same test later in the day while the 
original test was already in progress.
    Physicians using computers to enter orders will have instant, clear 
knowledge. In the example above, the second physician would receive a 
``pop up'' cautionary note stating that the same test is already in 
progress or that the results were now available. ``Do you want to order 
it again?'' would be the question displayed. The physician could exit 
the order-entry routine, avoiding another needle stick for the patient, 
another charge for the payer, and another inefficiency for the 
caregiver. Having the right information at the right time will make for 
a safer, more efficient environment for patients and caregivers.
    Ordering and administering medicines have become more complex over 
time. Only 60 drugs were commonly prescribed in 1960. In 2000 almost 
6000 medicines were commonly prescribed. Who can keep 6000 drug 
interactions in mind? No human can, but a well functioning IT system 
can give instant feedback for incorrect doses, inappropriate 
interactions, potential allergies, as well as make suggestions based on 
medical evidence. At NCH's smaller hospital, greater than a 50% 
decrease in medicine errors has been reported over the last four months 
since instituting a bar code system: portable bar code readers 
correctly identify patients wearing wrist bands with bar codes. 
Medicines are delivered to the bedside in bar coded containers, and 
nurses wear badges with bar code identification. Once the scanning is 
complete and the bar code reader states all is proper to proceed with 
the medicine administration, documentation is done automatically. A 
pharmacist who can intervene at any time electronically supervises the 
entire process. NCH's larger hospital has had the same system in place 
for only two months with similar positive results. IT in this situation 
makes caregivers more efficient and patients safer.
    As previously stated, NCH has strived towards an integrated IT 
system since 2000. On Saturday, September 8, 2001 our almost 1000 
nurses started documenting all of their notes using digital technology. 
This event was a sea change and retrospectively may have been the 
tipping point for our institution in the use of IT.
    One remarkable result in saving patients from the misery of 
pressure ulcers has been directly related to the process change 
facilitated by the use of IT. Pressure ulcers are sores which form on 
skin areas under pressure in people who are typically debilitated, 
malnourished, and lying or sitting in one position. These sores, for 
the most part preventable, usually develop on the sacral area 
(backside) or the back of the heels. Each pressure sore adds suffering 
to the patient as well as cost to the healthcare system in terms of 
length of hospital stay and thousands of dollars in patient care. The 
national average for prevalence of pressure ulcers was 7.3% in 2005. 
Patients can be assessed for risk of developing pressure ulcers by 
using the Braden Scale Scoring System that asks six questions and 
produces a score from six to twenty-three, inclusive. Starting 
intervention after doing these scores manually is burdensome to the 
caregivers, and often is not done. Using IT to facilitate the scoring 
and alerting the appropriate caregivers has been remarkable in 
effectiveness.
    Every patient at NCH is assessed for pressure ulcers once on 
admission and if at risk, daily thereafter. An elderly, malnourished, 
incontinent person with a fractured hip due to a fall in a skilled care 
facility is an example of a high-risk patient. Having a low score 
indicating risk for developing pressure ulcers, the patient is 
immediately seen by a nurse trained in prevention and given specific 
skin treatment. NCH's pressure ulcer rate was above 12.8% at the start 
of using IT to measure risk and start intervention. NCH's most recent 
assessment had a rate of 1.7% with no heel ulcers--a remarkable 
achievement.
    Drexel University has a competition for the best new use of 
technology in healthcare; our care givers won this year for using IT to 
decrease pressure ulcers. IT is the ``power drill'' in this remarkable 
example that allows for a process change resulting in decreased misery, 
improved safety, and lower cost. Patients, communities, care givers, 
and payers all benefit.
    Having strong integrated IT within the hospital is only the first 
step towards safety and efficiency. The goal of sharing health 
information is to have the patient, caregiver, and payer all have 
access to the portions of the health record that are appropriate for 
their respective needs. Granting practicing physicians access to the 
hospital system has been the most successful portion thus far. Sharing 
patient information from the physicians' office to the hospital has 
not. Thus far, information has flowed in one direction only--hospital 
to physician. Physician to hospital, physician-to-physician, and 
patient to care giver still depend on patients' and physicians' 
memories, copied papers, and faxes. Patients and payers continue to 
depend on care givers sharing clinical information in much the same way 
as decades ago. We practice and treat using 21st century technology, 
but we record and archive the same way we did in the 18th century. 
Demographic information is being shared by hospitals and physicians 
offices with payers primarily for reimbursement purposes. Having a 
patient both involved and informed in his or her care are two goals 
that have been shown to improve health and decrease anxiety. Who isn't 
anxious waiting for the results of a mammogram or PSA (prostate 
specific antigen)? Yet, we still can't report these results quickly and 
safely using the IT currently available. This challenge can be helped 
by creating a common set of standards and policies to exchange 
information among patients, communities, caregivers, and payers. 
Moreover, neutered data shared within and among communities may be 
helpful for public health purposes.
    Currently, NCH has about 525 physicians on staff. Over 350 of these 
physicians have secure access to the in-patient IT system from their 
offices and homes using high speed internet access. This access is in 
``read only'' mode to borrow a term from the computer industry. Each 
physician purchases a key fob at cost from NCH--seventy-five dollars. 
Security is maintained by a series of numbers that change each minute 
by satellite on the fob's screen. To access the system, a person must 
enter the numeric code for that minute in addition to a password. Early 
in our process of trying to integrate our physicians with the in-
patient IT system, NCH charged five hundred dollars for installation of 
the system in an office. Physicians in larger groups needed the billing 
information available on their in-patients and did buy the system 
primarily for that reason. These physicians needed to have high speed 
internet access in their offices and gradually came to the realization 
that it was easier to obtain lab results, vital signs, and other 
clinical information on their in-patients by going on-line rather than 
playing ``telephone tag'' with the nurse on the floor who might be 
occupied caring for another patient. NCH, realizing that the in-patient 
nurse became more efficient when relieved of the ``telephone tag'' 
process, decided to waive the five hundred dollar charge if the 
physician would also keep all of his/her hospital chart documentation 
up to date. NCH made this offer in conjunction with Florida's Doctors' 
Day in 2003.
    Now, physicians may obtain lab results, vital signs, nursing notes, 
and consultative notes on-line in a ``read only'' mode at any time and 
in any place with computer access. Obstetricians can view ``read only'' 
fetal monitor strips that are contemporaneous measures of an unborn 
child's health during the labor process. Soon, physicians will be able 
to order medicines, lab tests, and other modalities on-line for their 
patients. This off-site entry capability should facilitate 
communication and decrease the inherent risk of phone orders which even 
if read back, could be misunderstood or transcribed incorrectly.
    Local nursing homes, visiting home nurse companies, and more 
recently a mental health facility and the Medical Examiner's office 
also have secure access to the in-patient record. This capability has 
replaced the physical need for a person to travel to review a record or 
to fax dozens or even hundreds of pages per day to another provider. In 
the case of nursing home transfers, multiple nursing homes can review 
charts simultaneously to determine which patients are best suited for 
the home's particular environment. This off-site, pre-discharge review 
decreases a patient's hospital stay, previously devoted to in-person 
reviews by successive nursing facilities. In turn, costs are lowered 
and safety is improved.
    When NCH initiated this review process at the suggestion of the 
Director of Patient Advocacy, concerns about security and privacy 
arose. The electronic environment, although not perfect, is in fact 
better--safer--than the paper environment. With paper, anyone in the 
hospital can casually pick up a chart at the nursing station and browse 
anonymously. Patient charts have been minimally secured for decades 
without patients' realization. However, to ``open'' a patient chart 
electronically, one must first have a password. Then the record is 
updated showing the date and time of access, what specifically was 
examined, and the claimed relationship of the viewer to the patient. To 
search for unauthorized access, the log of viewers is reviewed both 
randomly and also using specific algorithms. Not only are searches done 
on high profile patients and high profile diseases, but also records 
are examined for viewers with same last names and those designated as 
``who to notify in case of an emergency.'' Hospital employees are 
warned that invasion of privacy will result in immediate termination, 
and NCH has enforced this regulation already. This termination policy 
has proven to be an effective deterrent. Long term using IT, health 
care will have comfort in security now perceived in the banking and 
finance industry. In the paper age, people had a false sense of 
security and privacy.
    An Electronic Health Record (EHR), for hospitals or physician 
offices of any size, requires support people with a variety of skills 
used episodically. Having full time employees to maintain hardware and 
software and train other employees does not take advantage of economies 
of scale or scope. Service personnel, as well as replacement parts, are 
needed for rapid repair to avoid unplanned downtime when computers are 
on-site. Even as a 539-bed two-hospital system, NCH could not support 
full time hardware service personnel on-site when needed only 
occasionally. NCH advantageously outsourced its main hardware, the 
computer server, to a specialist in remote hosting of computers. 
Similarly, NCH could not stock replacement parts economically. While 
remote hosting, web support and internet training do not obviate the 
need for face-to-face, hands-on employees, the need and cost are 
greatly reduced.
    The cost of purchase, installation, maintenance, and training is a 
challenge for small or moderate sized groups as well. Smaller groups 
have the same problems in an exaggerated form. Ideally, by combining 
five hundred physicians and a 539-bed two-hospital system, the costs of 
installation, maintenance and training would come down and be 
manageable for everyone.
    However, the major disappointment in our local health care 
community has been not having seamless EHR shared by the treating 
physicians and NCH. About eighteen months ago two local groups of 
physicians (one with approximately fifty-five physicians and the other 
forty) shopped independently for an electronic health record for their 
respective practices. Both ultimately purchased excellent IT products 
which do not interface with the equally powerful hospital system. 
Moreover, solo and small groups have installed ``stand alone'' systems 
that will be hard to integrate in the future. The goal of having one 
common community system was very attractive for many reasons including 
patient safety, patient and provider convenience, support personnel 
training, system maintenance, and overall efficiency. A unified EHR 
helps make an area attractive for retirees who rank health care as a 
major concern.
    Compounding this problem, Collier County has a summer and winter 
population variation between a nadir of approximately three hundred 
thousand and peak of over four hundred thousand people. Moreover, while 
NCH was previously the sole hospital in Naples, now Cleveland Clinic 
Foundation of Collier County has an eighty-bed hospital and HMA, a for-
profit hospital system, is in the permitting process to build a 
hundred-bed hospital. Most physician groups want to be able to interact 
with more than one hospital system. Most hospitals want to be able to 
service as many physicians and patients as possible in an efficient 
manner. Ideally, all EHR systems would have seamless interaction 
without the need for interfaces, but that is currently not the case. 
Complete integration would solve the problem of information transfer 
for patients, providers, and payers.
    NCH, in spite of relatively good relations with physician groups, 
could not build a mutual bridge of trust to share IT resources so that 
patients, communities, care givers, and payers would all benefit. What 
went wrong or why does Collier County, Florida have three major 
independent systems along with several additional ``stand alone'' 
systems? First, physicians questioned whether a successful outcome was 
possible given that installing IT in private offices was new territory 
for hospital services. Second, physicians wanted to be able to practice 
at all three hospitals in the county and not be locked into NCH if the 
other two systems chose a different IT system. Third, NCH was 
prohibited by self-referral laws from giving support services to 
physicians or groups of physicians.
    Any encouragement that could integrate healthcare IT within Collier 
County would be welcome and of benefit to all involved. Each system has 
advantages but having multiple different systems more than neutralizes 
any of the individual advantages as far as patient safety, provider 
convenience and payer efficiency are concerned. Hopefully, both IT 
companies and purchasers will understand that the next generation of 
software must be interoperable.
    Having common standards is quintessential for seamlessness, safety, 
efficiency, privacy, confidentiality, economic feasibility, and the 
development of evidence based medicine (EBM). Currently, a wealth of 
clinical information is not shared because it is either in paper form 
or in isolated digital form. Once a common language exists, large 
populations may be easily and quickly studied. EBM would advance at a 
much faster pace than can be done currently with controlled 
experiments.
    Common standards and digitalization of the EHR would also permit 
patients to have access to appropriate portions of their own medical 
records such as cholesterol results and blood pressure readings 
regardless of where they move to in the future. Patients who are 
involved with their own care are more compliant, are easier to care 
for, cost less, and have a better prognosis.
    IT also allows fungible work to be performed in remote locations. 
Currently, radiology reading and medical transcription are done abroad. 
Moreover, while calculations of total parental nutrition (a therapy to 
assist patients who cannot take in nutrition) are complex, requiring 
both a pharmacist and dietician's time and attention, the math can be 
done anywhere in the world. Healthcare workers will always be needed in 
the workforce because face-to-face contact with patients is not 
fungible. However, healthcare workers will need to adapt by learning 
new skills throughout their careers and realizing that their value lies 
in the human interface.
    Is payment for IT implementation holding back its adoption 
nationally? Thus far, the caregivers have paid for their IT systems, 
and the care givers have benefited somewhat but not as much as the 
patients and payers have benefited. Patients cared for in a functioning 
IT environment have a safer, higher quality experience while not having 
any additional out-of-pocket expense. Payers benefit by having fewer 
duplicate tests in addition to better quality, both of which always 
lower cost. Similar to the patients, the payers have not had any 
additional expense for their cost savings. The caregivers who have paid 
for the installation and maintenance of IT have benefited by avoiding 
medical errors. However, these care givers ultimately may lose revenue 
due to decreased patient volume as the power of IT shifts care to the 
outpatient arena.
    Ultimately, the right thing to do in caring for patients is to 
provide quality using the best tools (IT) available for operational 
efficiency. During evolutionary times, market share will shift as will 
profit margins for hospitals, caregivers, and payers. Those with the 
most to lose will resist the most; but in the free market with the 
exchange of information, change is inevitable.
    The pressing issue to be solved today is seamless propagation of 
integrated information technology and who pays the cost.
    At least four options or combinations these options are possible:
    #1 Allow the current ``stand alone--best of breed systems'' to 
evolve, hoping that the purchasers of these systems will ultimately 
demand integration. With this option, the providers--both hospitals and 
physicians--continue to pay rather than payers (insurance companies) or 
government. This ``do nothing'' approach could take too long and 
ultimately not develop a unified system. Reminiscent of this approach 
is the Beta versus VHS conflict in video technology, taking time but 
ultimately producing a sole system.
    #2 Ask state or federal government to modify rules and regulations 
that would facilitate propagation of integrated IT. With this approach, 
providers could continue to pay or government could financially support 
its mandate, speeding accomplishment. This government model has the 
advantage of universal applicability but the disadvantage of possible 
initial tax payer cost along with additional rules for providers.
    #3 Ask the healthcare information technology industry to work 
together with payers, providers and consumers to develop common 
standards for seamless information transfer among the in-patient and 
out-patient environments as well as among patients and payers. Thus 
far, the IT industry has not produced interoperability. With this 
option, the providers continue to pay but will be receiving better 
value.
    #4 Ask payers, namely the insurers--both governmental and 
commercial--to financially support information technology, whether by 
direct funding of implementation or by increased reimbursements for 
providers using information technology, thinking that the cost of care 
would decrease as care is rendered in a more efficient and safe manner. 
This approach would create more EHR care givers, perhaps allowing 
Option #1 to evolve faster or pressuring Option #3 to mature sooner.
    Thank you for the opportunity to assist in this important endeavor.

                                 

    Chairman JOHNSON. Thank you very much, Dr. Weiss. Ms. 
Pritts?

         STATEMENT OF JOY L. PRITTS, ASSISTANT RESEARCH
         PROFESSOR, HEALTH POLICY INSTITUTE, GEORGETOWN
                           UNIVERSITY

    Ms. PRITTS. Good morning. Madam Chairman, Congressman 
Stark, members of the Subcommittee on Health, I would like to 
thank you for inviting me today to testify on the 
confidentiality of health information as the National Health 
Information Infrastructure continues to develop. As I was 
introduced, my name is Joy Pritts and I am Assistant Research 
Professor at Georgetown's Health Policy Institute. I have 
studied medical privacy issues, in particular medical privacy 
laws, for a number of years now, and I have spent a lot of time 
looking at State health privacy laws and the Federal privacy 
laws and how they interact with each other. Everyone seems to 
agree that as we develop a national Health Information 
Infrastructure and continue to push for this electronic 
exchange of health information, that protecting the privacy of 
the health information is an admirable goal and this is 
something that we should be doing. The question remains, even 
after all that has gone on up to this point, how to accomplish 
that goal. A comprehensive minimal Federal standard 
supplemented by Federal privacy laws is what we are working 
with today. I would say that, at a minimum, that is where we 
should end up.
    Where we should not end up is relying on the HIPAA privacy 
rule as it is written now as a national Federal standard. The 
HIPAA privacy rule standing on its own in the absence of higher 
State privacy protections is simply inadequate. It does not 
cover many of the people and organizations who will have access 
to health information on the National Health Information 
Infrastructure as it is envisioned, and it was designed as a 
minimal set of standards from the outset. I would first like to 
briefly address the scope of HIPAA as it is currently written. 
It is our only generally applicable Federal privacy standard 
for health information. It is not enough. It is not broad 
enough. The way HIPAA was written, it covers only a core group 
of people and organizations that hold health care information: 
Health plans, health care clearinghouses, and health care 
providers who transmit health information electronically for 
certain administrative and financial purposes, usually in 
connection with processing health insurance and claims and 
things of that nature.
    Because of the way it is written, HIPAA is very limited in 
who it covers. It doesn't even cover everybody in the core 
group of those who hold and use health information on a regular 
basis. For example, it does not cover health care providers who 
don't engage in health care insurance transactions. That means 
that health care providers who provide health care services 
over the Internet and accept credit cards are not covered by 
HIPAA. This is an increasing area of medical practice. People 
turn to the Internet for medical care, for one thing, in order 
to keep their medical information private and out of their 
other medical records, but also because they don't have health 
insurance and they have found this to be one mechanism that 
they can pay for their own health care at a reasonable level, 
is turning to the Internet. They are not covered by the Federal 
privacy protections. Beyond this core group that HIPAA does 
cover, it doesn't cover all of the other entities that receive 
health care information from the core group. It doesn't cover 
them directly. It doesn't cover Workers' Comp. It doesn't cover 
life insurance. In particular, it doesn't cover some of the 
people who are essential to the use of health care information.
    It also does not cover, according to the Department of 
Justice, employees of covered entities, and that is something 
that really needs to be remedied as we move forward. I would 
also like to emphasize that HIPAA sets minimal standards. It 
was conceived that way. It was written that way. When HHS 
received comments on the privacy rule and people requested them 
to set high standards for certain medical conditions, such as 
HIV, mental health treatment, consumers were reportedly told, 
this is the floor. We are not set out to set maximum or even 
best business practices. You can always turn to your State 
laws, and States have filled that gap where HIPAA has not 
reached a very high standard. Eliminating State law, as some 
have proposed to do, to set a uniform standard in order to ease 
the exchange of health care information would drastically lower 
consumer privacy rights and protections. We should not use the 
development of the National Health Information Infrastructure 
as an excuse to reduce privacy protections of health 
information to the least common denominator. Thank you.
    [The prepared statement of Ms. Pritts follows:]

       Statement of Joy L. Pritts, Assistant Research Professor,
             Health Policy Institute, Georgetown University

I. Introduction
    Madam Chairman and Members of the Subcommittee on Health of the 
House Committee on Ways and Means: Thank you for the opportunity to 
testify before you today on protecting the confidentiality of health 
information and health information technology (IT).
    My name is Joy Pritts. I am a lawyer and an Assistant Research 
Professor at GeorgetownUniversity's Health Policy Institute. In my 
position at Georgetown, I conduct research and analysis on a range of 
health privacy issues. Much of my work has focused on the Privacy Rule 
issued under the Health Insurance Portability and Accountability Act of 
1996 (HIPAA), its scope and its interaction with state health privacy 
laws. I have written extensively on this topic including: The State of 
Health Privacy (2002); Implementing the Federal Health Privacy Rule in 
California (2002); ``Altered States: State Health Privacy Laws and the 
Impact of the Federal Health Privacy Rule,'' Yale Journal of Health 
Policy, Law, and Ethics (Spring 2002); and ``Preemption Analysis Under 
HIPAA--Proceed with Caution,'' In Confidence (April 2003); and state-
specific consumer guides on how to obtain and correct or amend medical 
records under a combination of the HIPAA Privacy Rule and state law, 
available at http://hpi.georgetown.edu/privacy/records.html.
    My testimony today will focus on what, if any, actions the federal 
government should take with respect to protecting the confidentiality 
of health information in order to facilitate the electronic exchange of 
health information, including the development of a national health 
information infrastructure (NHII). In particular, my testimony will 
address why, at a minimum, the HIPAA Privacy Rule must be expanded to 
directly cover all who have access to individually identifiable health 
information. I will also discuss the importance of protecting the 
ability of states to build on the floor of federal privacy protections, 
as is currently permitted by HIPAA.

II. Background
    The electronic exchange of health information has the potential to 
improve the quality of health care. Electronic records will be more 
complete, legible, and more accessible to providers. These features 
should lead to improved quality of care, the elimination of repetitive 
tests and a streamlining of the administrative process. Under the right 
circumstances, electronic medical records should also be more secure 
than paper records.
    The risks of a computer-based health information system, however, 
remain real. Computerization of medical records will make large amounts 
of detailed personal data more readily accessible and transferable not 
only to health care providers but to others. When a breach in 
confidentiality occurs, it is often with respect to hundreds if not 
thousands of records at a time. For example, several thousand patient 
records at the University of Michigan Medical Center containing names, 
job status, treatment information and other data were inadvertently 
posted on public Internet sites for two months.\1\
---------------------------------------------------------------------------
    \1\ ``Black Eye at the MedicalCenter,'' The Washington Post, 
February 22, 1999, p. F5.
---------------------------------------------------------------------------
    Unintentional disclosure is not the only threat to heath 
information in electronic format. Some people improperly access and 
disclose medical records because they want to make money. A hospital 
employee sold country singer Tammy Wynette's medical records to the 
National Enquirer and Star tabloids.\2\ Hospital employees in New York 
sold emergency room patients' information to attorneys and others to 
use in insurance scams.\3\ Recently, an employee of cancer clinic 
accessed the medical records of a patient with terminal cancer, 
obtained credit cards in the patient's name, and ran up over $9000 in 
charges.\4\
---------------------------------------------------------------------------
    \2\ Selling Singer's Files Gets Man Six Months,'' Houston 
Chronicle, December 2, 2000, p. A2.
    \3\ Office of the District Attorney, Nassau County, New York, Press 
Release, November 23, 2004, available at http://www.nassauda.org/
dawebpage/pressreleases/NUMC%20arrests.htm
    \4\ U.S. Attorney's Office, Western District of Washington, Press 
Release, ``Seattle Man Pleads Guilty in First Ever Conviction for HIPAA 
Privacy Rules,'' August 19, 2004, available at http://www.usdoj.gov/
usao/waw/press--room/2004/aug/gibson.htm
---------------------------------------------------------------------------
    Others improperly access medical information to use against or 
embarrass a person. As New York Congresswoman Nydia Velasquez testified 
before the Senate Judiciary Committee, her medical records--including 
details of a bout with depression--were faxed from a New York hospital 
to a local newspaper and television station on the eve of her 1992 
primary.\5\ On a more local level, the medical records of a Maryland 
school board member, who had been treated for depression, were sent to 
school officials as part of a campaign criticizing his performance.\6\
---------------------------------------------------------------------------
    \5\ A. Rubin, ``Records No Longer for Doctors' Eye Only,'' Los 
Angeles Times, September 1, 1998, p. A1
    \6\ C. Samuels, ``Allen Makes Diagnosis of Depression Public; 
Medical Records Mailed Anonymously,'' The Washington Post, August 26, 
2000, p. V1.
---------------------------------------------------------------------------
    Still others improperly access and disclose medical information out 
of curiosity. An employee at a major hospital in Washington DC learned 
that one of her co-workers had HIV when she improperly accessed his 
medical record to find out why he was hospitalized. The employee 
revealed the patient's HIV status to other co-workers who ostracized 
him.\7\ When former President Clinton was in the hospital for heart 
surgery 17 hospital workers who had nothing to do with his health care 
improperly tried to access his medical records. Perhaps most disturbing 
was the reaction of the hospital employees, one of whom commented, 
``I'm not surprised. People are nosy. It happens all the time.'' \8\
---------------------------------------------------------------------------
    \7\ P. Slevin, ``Man Wins Suit Over Disclosure of HIV Status,'' The 
Washington Post, December 30, 1999, p. B4.
    \8\ J. Lite, D.Epstein and C. Katz, Clinton File Snoopers Rapped,'' 
New York Daily News, September 11, 2004, available at http://
www.nydailynews.com/news/local/story/230961p-198366c.html
---------------------------------------------------------------------------
    The risks of having medical information improperly accessed and 
disclosed are shared by nearly everyone: people going through a divorce 
or custody dispute; people who work in the health care system and who 
also happen to be patients of that system; people who live in small 
communities; and people with medical conditions that may subject them 
to stigma or discrimination. The consequences can be severe. People 
fear that they will be ostracized, that they may lose their custody 
battle, a political race, their job, or their insurance.
    As we continue to move toward the computerization of medical 
information, it is imperative to ask whether there are adequate privacy 
laws in place to reduce, if not eliminate, these risks. The HIPAA 
Privacy Rule is not sufficient. It is not broad enough to cover all of 
those who have access to health information, especially the growing 
number who will have electronic access. Furthermore, because HIPAA is 
designed to provide a minimal floor of privacy protections it is 
important that states retain their ability to offer higher levels of 
privacy protection.

III. Federal Privacy Protections Should Apply To Everyone Who Receives 
        Or Creates Identifiable HEalth Information
    HIPAA and the Privacy Rule issued under the Act only directly cover 
a core group of those who hold and maintain health care information 
(known collectively as ``covered entities''): health care providers who 
transmit health information electronically in connection with certain 
financial and administrative purposes, health plans and health care 
clearinghouses. As the Department of Health and Human Services (HHS) 
noted, ``Unfortunately, this leaves many of the people and 
organizations that receive, use and disclose protected health 
information outside of the system of [federal] protection.'' \9\ First, 
HIPAA does not cover all health care providers. Only providers who 
transmit health information electronically for certain administrative 
and financial transactions (largely related to insurance) are covered 
by HIPAA. For example, an increasing number of health care providers 
offer health services directly to consumers over the Internet, 
accepting only credit card payments. These providers are beyond the 
scope of HIPAA.
---------------------------------------------------------------------------
    \9\ U.S. Department of Health and Human Services, Preamble, 
Standards for Privacy of Individually Identifiable Health Information; 
Proposed Rule, 64 Fed. Reg. 59918, November 3, 1999, p. 59923.
---------------------------------------------------------------------------
    Other examples of persons who receive and use information and who 
are not covered by HIPAA include workers compensation carriers, 
researchers, life insurance issuers, employers and marketing firms. HHS 
also lacks the authority to directly regulate many of the persons that 
covered entities hire to perform administrative, legal, accounting, and 
similar services on their behalf, and who would obtain health 
information in order to perform their duties (called ``business 
associates'').\10\
---------------------------------------------------------------------------
    \10\ See 64 Fed. Reg. 59923.
---------------------------------------------------------------------------
    Although HHS attempted to fill some of these gaps by requiring 
covered health care providers and health plans to enter into contracts 
that require those who perform services on their behalf (known as 
``business associates'') to protect the confidentiality of the health 
information that they receive, HHS has no enforcement authority over 
these recipients. If business associates violate their contracts, HHS 
cannot impose civil or criminal penalties against them.
    Similarly, it appears that HHS may not have the authority to impose 
criminal penalties against individuals who improperly obtain or 
disclose individually identifiable health information even if they act 
for profit. HIPAA provides for criminal penalties for persons who 
knowingly in violation of the Act obtain or disclose individually 
identifiable health information relating to an individual.\11\ The Act 
provides the most substantial criminal penalties for those who commit 
these acts under false pretenses or with intent to sell or use the 
information for commercial purposes, personal gain or malicious 
harm.\12\ The United States Department of Justice has recently taken 
the position that these criminal penalties generally apply only to 
covered entities. Employees and others who improperly obtain and use 
health information (even if it is for profit or to cause serious harm 
to another) may not be prosecuted under this section.\13\ Under this 
interpretation, the hospital employees described above who sold 
emergency room patient information to lawyers could not be prosecuted 
under HIPAA.
---------------------------------------------------------------------------
    \11\ 42 U.S.C.  1320(d)-6(a).
    \12\ 42 U.S.C.  1320(d)-6(b).
    \13\ U.S. Department of Justice, letter for Alex M. Azar II, 
General Counsel, Department of Health and Human Services, June 1, 2005, 
available at http://www.usdoj.gov/olc/hipaa--final.htm
---------------------------------------------------------------------------
    These gaps in federal privacy protection coverage leave large 
volumes of identifiable health information vulnerable to improper 
access and disclosure without any real remedies. The promotion of the 
electronic exchange of health information heightens the urgency of 
filling these gaps through federal legislation. Forming a national 
health information infrastructure without adequate federal privacy 
protections threatens not only the privacy of patients but also the 
very viability of such a system.

III. Higher State Health Privacy Protections Should Remain In Place
    It is important to preserve the ability of states to impose more 
protective privacy standards on the use and disclosure of health 
information as we encourage the electronic exchange of health 
information. As currently written, HIPAA sets a federal floor for the 
protection of health information. The HIPAA Privacy Rule overrides 
(preempts) state laws that are less protective of privacy. However, 
state laws that provide health information privacy protections that are 
equal to or greater than those contained in the HIPAA Privacy Rule 
remain in place. These state laws offer additional privacy protection 
to people with medical conditions that often subject them to stigma or 
discrimination, such as HIV or mental health conditions. They give 
patients greater access rights to their own health information.
    Many in the health care industry would like to preempt all state 
health privacy protections so that the HIPAA Privacy Rule would serve 
as the uniform, national standard for protecting the privacy of health 
information. However, doing so would directly contradict a key, 
underlying premise of the HIPAA Privacy Rule. The Rule was explicitly 
conceived, written and issued as the minimally acceptable standard upon 
which states could build. Indeed, the ramifications of nullifying 
stronger state privacy laws are enormous and could be quite negative 
for patients on a number of fronts.
    In considering these issues, it is imperative to remember how we 
got to where we are today. States have traditionally exercised power 
over the health and welfare of their citizens. Over the years, states 
have developed an extensive range of statutes and regulations that 
protect the privacy of health information. Every state has some statute 
or regulation governing the use of health information. These laws can 
be found in health provider licensing laws, insurance laws, public 
health laws, the rules of evidence and civil procedures. Many states 
developed statutes and regulations that specifically address the use 
and disclosure of health information in a detailed and comprehensive 
fashion. In response to the needs of their citizens, most states have 
laws that provide privacy protections specifically for information 
related to medical conditions that are often associated with stigma or 
discrimination, such as HIV or mental health conditions.
    Additionally, in the 40 years preceding the issuance of the Privacy 
Rule, most states developed common law through court cases where people 
sued for the improper disclosure of their health information, often 
based on invasion of the right to privacy. The level of privacy 
protection afforded by the states, however, varied widely. Some states 
had broad, detailed privacy protections for health information while 
others had few protections.\14\
---------------------------------------------------------------------------
    \14\ See J. Pritts, ``Altered States: State Health Privacy Laws and 
the Impact of the Federal Health Privacy Rule,'' Yale Journal of Health 
Policy, Law, and Ethics (Spring 2002).
---------------------------------------------------------------------------
    As efforts to encourage the health care industry to adopt computer 
technology intensified it became apparent that there was a need for at 
least minimum federal standards to protect the privacy of health 
information. Beginning as early as 1980, Congress attempted to pass 
health privacy legislation. In 1996, Congress once again took up the 
issue of health privacy, this time within the context of HIPAA. The 
Administrative Simplification provisions of HIPAA were designed to 
encourage the development of an electronically based health care 
system. Recognizing that protecting the privacy of health information 
was an important component of this system, Congress set itself a 3-year 
deadline for enacting comprehensive health privacy legislation. If 
Congress failed to act in that time, HHS was directed to write and 
issue health privacy regulations. HIPAA expressly provides that these 
federal regulations will not supercede a contrary provision of state 
law if the state standard is more stringent than the standards imposed 
by the federal regulations.
    Congress was unable to pass comprehensive health privacy 
legislation within the 3-year period. No national consensus could be 
reached on some of the more difficult policy issues surrounding the 
protection of health information (such as the appropriate level of 
protection for HIV information or for genetic information and the right 
of an individual to sue for improper disclosures of information). 
Accordingly, the duty to craft federal health privacy protections 
passed to HHS.
    Throughout the rule-making process, HHS consistently maintained 
that it was establishing minimum federal standards, which would not 
disturb more protective state laws. In explaining its approach to the 
Privacy Rule, HHS stated:
    It is important to understand this regulation as a new federal 
floor of privacy protections that does not disturb more protective 
rules or practices. Nor do we intend this regulation to describe a set 
of a ``best practices.'' Rather, this regulation describes a set of 
basic consumer protections and a series of regulatory permissions for 
use and disclosure of health information. The protections are a 
mandatory floor, which other governments and any covered entity may 
exceed.\15\
---------------------------------------------------------------------------
    \15\ Preamble, Standards for Privacy of Individually Identifiable 
Health Information; Final Rule, 65 Fed. Reg. 82461, December 28, 2000, 
p. 82471.
---------------------------------------------------------------------------
    In response to public comments requesting additional privacy 
protection for HIV/AIDS information, HHS again explained that it was 
taking a minimalist approach:
    Where, as in this case, most states have acted and there is no 
predominant rule that emerges from the state experience with this 
issue, we have decided to let state law predominate. The final rule 
only provides a floor of protection for health information and does not 
preempt state laws that provide greater protection than the rule. Where 
states have decided to treat certain information as more sensitive than 
other information, we do not preempt those laws.\16\
---------------------------------------------------------------------------
    \16\ Preamble, Standards for Privacy of Individually Identifiable 
Health Information; Final Rule, 65 Fed. Reg. at 82731.
---------------------------------------------------------------------------
    One and half years later, HHS responded to consumer concerns about 
the elimination of the requirement that covered entities obtain 
patient's consent to use or disclose identifiable health information 
for treatment, payment, and health care operations, by reassuring them 
that state privacy protections would remain in place. HHS stated:
    The Privacy Rule provides a floor of privacy protection. State laws 
that are more stringent remain in force. In order to not interfere with 
such laws and ethical standards, this Rule permits covered entities to 
obtain consent. Nor is the Privacy Rule intended to serve as a ``best 
practice'' standard.\17\
---------------------------------------------------------------------------
    \17\ Preamble, Standards for Privacy of Individually Identifiable 
Health Information; Final Rule (as Modified) 67 Fed. Reg.53192, August 
14, 2002, p.53212.
---------------------------------------------------------------------------
    In short, from beginning to end the Privacy Rule has been built on 
the understanding that it would serve as a minimal floor of protection 
and that state laws affording higher protections would be preserved.
    As a result, many state laws remain in effect. Some of these state 
laws afford a higher degree of protection to sensitive medical 
information, such as information related to genetic testing, HIV or 
mental health. States continue to afford their citizens the right to 
sue for improper disclosures of their privacy or to obtain their 
medical records.
    Many in the health care industry would eliminate these higher state 
health privacy protections in the interest of having more uniformity. 
The Privacy Rule has set minimal standards in every state. It has 
effectively created privacy standards in states where few existed and 
raised standards in those with few protections. By establishing a 
federal floor of health privacy protections, HIPAA has already 
substantially evened the playing field. (See App. Fig. 2). Moreover, in 
response to the HIPAA Privacy Rule, many states have taken the 
initiative to re-examine their own health privacy laws. As a result, 
some states have amended their privacy laws, where appropriate, so that 
they are more closely aligned with the HIPAA standards. In practice, 
this voluntary action has also produced more uniformity.Preempting all 
state health privacy protections in the interest of producing yet more 
uniformity would have serious and wide spread ramifications. As 
discussed above, the HPAA standards are meant to be minimum standards. 
They were never intended to serve as the sole standard for protecting 
identifiable health information. Eliminating state law and relying on 
the HIPAA Privacy Rule would effectively lower the privacy protections 
in place for some of the most vulnerable health care consumers (such as 
mental health patients and those with HIV). (See App. Fig. 3) In many 
states, it would overturn hard-fought compromises over some of the very 
issues on which Congress has not been able to reach consensus. Such an 
approach would eradicate over 40 years of state common law giving 
consumers the right to sue for the improper disclosure of medical 
records. Given the variety of state laws that are designed to protect 
the privacy of health information it is difficult to predict the full 
range of consequences of such an approach. It is clear, however, that 
preempting state health privacy protections would seriously undermine 
states' traditional ability to protect the health and welfare of their 
citizens.

IV. Conclusion
    As we continue to move toward the electronic exchange of health 
information and the creation of a national health information 
infrastructure it is crucial that the privacy of health information not 
be compromised in the interest of expediency. Federal privacy 
protections for health information should be expanded to ensure that 
standards for using and disclosing health information are in place for 
everyone who receives or creates identifiable health information. 
Federal law also should ensure that those who improperly obtain use and 
disclose health information are subject to civil and criminal 
penalties.
    State laws that set higher standards for protecting the privacy of 
health information should remain in place. The HIPAA Privacy Rule is 
simply not adequate.

                       Uniformity--At What Cost?

            Health Privacy Protections Before HIPAA (Fig. 1)

[GRAPHIC] [TIFF OMITTED] T6387A.001


             Healh Privacy Protections After HIPAA (Fig. 2)

[GRAPHIC] [TIFF OMITTED] T6387A.002


   Health Privacy Protections--State Law Preempted by HIPAA (Fig. 3)

[GRAPHIC] [TIFF OMITTED] T6387A.003


                                 

    Chairman JOHNSON. Thank you, Ms. Pritts. Ms. Grealy?

            STATEMENT OF MARY R. GREALY, PRESIDENT,
                 HEALTHCARE LEADERSHIP COUNCIL

    Ms. GREALY. Thank you, Chairman Johnson, Congressman, 
Stark, and distinguished members of the Subcommittee. On behalf 
of the members of the Healthcare Leadership Council, I would 
like to thank you for this opportunity to testify today. We are 
pleased to share with you some specific recommendations 
regarding ways in which Congressional action can clear the way 
for greater progress in the adoption of health IT. Madam 
Chairman, there are at least two things that we know with 
certainty on this issue, one good and one is a matter of 
concern. We know that the promise of health IT is enormous. 
With widespread use of new technology, we can deliver health 
care with greater efficiency, bring about tremendous advances 
in patient safety, and literally transform our health care 
system to better utilize the wealth of knowledge and ideas that 
are possessed by health professionals throughout the country. 
We also know that there are obstacles that must be overcome 
before we can move forward. On that subject, I would like to 
turn specifically to the issue of privacy. Now, there is a 
misconception that the HIPAA privacy rules may not adequately 
protect the confidentiality and security of electronic medical 
information transmitted across a national health care network. 
We think that these concerns are not well founded.
    The HIPAA privacy and security rules were created 
specifically to protect electronic transfers of financial and 
administrative information. Significant civil and criminal 
penalties exist for improper disclosure. These strong 
safeguards also exist for clinical records. What is troubling, 
though, is the fact that the HIPAA privacy rule as it exists 
today does not always supercede State laws and regulations, 
and, in fact, it permits significant variations in the ways in 
which States can regulate medical privacy matters. As a result, 
providers, clearinghouses, and health plans are required not 
only to comply with the Federal law, but they also must comply 
with State privacy restrictions that are more stringent than 
the HIPAA rule. This will make the creation of an effective 
health information network, one that crosses that State 
boundaries, virtually impossible, and I think we heard that 
from Dr. Brailer this morning. Let us paint a very realistic 
scenario. A health care provider wants to acquire and implement 
a new health IT system that will allow them to be part of an 
interstate information network. This health provider knows that 
privacy protections vary widely State to State and are found in 
literally thousands of statutes, regulations, common law 
principles, and advisories.
    So, our hypothetical health care provider must, number one, 
find and identify every possible privacy-related rule, statute, 
law, and ordinance. Number two, they must obtain legal opinions 
as to whether the State laws are contrary to HIPAA and whether 
the contrary rules are more stringent. Number three, they must 
figure out how to comply with either the Federal rule, the 
State rule, or in some cases, both simultaneously. Then they 
must build their computer systems in a manner that ensures 
compliance, realizing that these laws can change even before 
the system is finalized. I have provided the Committee with a 
much more detailed nine-step process for determining this 
compliance for just one State. It will be much more complex 
when dealing with all 50 States. At the HLC, we understand the 
challenge that HIPAA-covered entities face because we took the 
initiative to commission a multi-jurisdictional study of State 
privacy laws and regulations to help with compliance. It is a 
study that initially cost more than $1 million and must 
continuously be updated, at considerable cost, to reflect any 
newly-enacted State privacy rules and regulations. Now, once 
the National Health Information Network is in place, systems 
will have to be constantly retooled, staffs continually 
retrained for these variations among the States. A network that 
is constrained by myriad State requirements on, for example, 
prior consent to use health care records for treatment, will 
operate at only a fraction of the speed and efficiency 
necessary to improve patient outcomes. Much of the promise of 
this new technology will be lost as a result.
    So, what is the answer? Madam Chairman, the current 
patchwork of applicable State and Federal privacy laws will be 
a severe disincentive for stakeholders who would otherwise be 
enthusiastic about participating in a national Health 
Information Network. Our solution is both clear cut and 
essential. Congress must enact Federal preemption provisions 
that will establish a unified national privacy standard. A 
uniform patient privacy framework is critical to the viability 
and interoperability of National Health Information Network. We 
stand on the verge of doing something extraordinary for 
patients, for health care consumers, and for our entire health 
care system. We urge Congress to take the final steps necessary 
to make the promise of health IT a reality. The members of the 
Healthcare Leadership Council, many of whom were the earliest 
adopters of electronic medical records and pioneers of this 
technology, look forward to working with you and the Committee 
on this shared vision. Thank you.
    [The prepared statement of Ms. Grealy follows:]

 Statement of Mary R. Grealy, President, Healthcare Leadership Council

    Chairman Johnson and Members of the Subcommittee, I want to thank 
you on behalf of the members of the Healthcare Leadership Council (HLC) 
for the opportunity to testify on the adoption of health information 
technology (HIT) and areas where Congressional involvement can further 
these efforts.
    The Healthcare Leadership Council supports the efforts of the 
President, the Office of the National Coordinator for Health 
Information Technology (ONCHIT), and the Congress, to create a national 
health information infrastructure. We believe that legislation should 
especially focus on areas where Congress and the President must act to 
facilitate successful implementation of HIT. We believe that one such 
area is harmonization of state laws regarding the confidentiality of 
individually identifiable patient information.
    Any regional or national system designed to facilitate the sharing 
of electronic health information must adequately protect the 
confidentiality of patient information. Efforts to establish a National 
Health Information Network or NHIN must take into account the privacy 
and security challenges associated with exchanging patient information 
among health care providers, consumers, payers and other authorized 
entities. Addressing these issues appropriately will be essential to 
achieving the interoperability necessary to improve the quality and 
cost effectiveness of the health care system--while still assuring 
patients' confidence that their information will be kept private.
    Confidentiality of patient medical information is governed by the 
Health Insurance Portability and Accountability Act of 1996 (HIPAA) 
statute and the privacy regulation promulgated thereunder (the Privacy 
Rule). Although HIPAA establishes a federal privacy standard, it 
permits significant state variations that will create serious 
impediments to ``interoperability'' of clinical information, 
particularly when information is sent across state lines. The patchwork 
of applicable state and federal laws will likely be a significant 
disincentive to participation in a national health information network 
for virtually all stakeholders. We believe Congressional action to 
establish a uniform federal privacy standard will help to ensure the 
viability of a national health information network. This is an 
important step that Congress can take to facilitate progress toward 
interoperability.
    Before I discuss the importance of these actions, let me first 
explain the perspective that HLC brings to the issue. HLC is a not-for-
profit membership organization comprised of chief executives of the 
nation's leading health care companies and organizations. Fostering 
innovation and constantly improving the affordability and quality of 
American health care are the goals uniting HLC members. Members of 
HLC--hospitals, health plans, pharmaceutical companies, medical device 
manufacturers, biotech firms, health product distributors, pharmacies 
and academic medical centers--envision a quality driven system built 
upon the strengths of the private sector. Several HLC member 
organizations have been among the earliest adopters and pioneers of 
health information technology. We believe HIT has the power to 
transform our health care system and provide increased efficiencies in 
delivering health care; contribute to greater patient safety and better 
patient care; and achieve clinical and business process improvements.
    Since 1996, HLC has led the Confidentiality Coalition, a broad-
based group of organizations who support workable national uniform 
privacy standards. The Confidentiality Coalition includes over 100 
physician specialty and subspecialty groups, nurses, pharmacists, 
employers, hospitals, nursing homes, biotechnology researchers, health 
plans, pharmaceutical benefit management and pharmaceutical companies.
    During Congressional consideration and subsequent regulatory 
development of the HIPAA Privacy Rule, the Confidentiality Coalition 
played a leadership role, working with members of Congress and the 
administration to advocate for a workable privacy rule. We sought a 
rule that would strike the appropriate balance between protecting the 
sanctity of a patient's medical information privacy while, at the same 
time, ensuring that necessary information is available for providing 
quality health care and conducting vital medical research. We believe 
that the Privacy Rule largely achieved this balance and has increased 
consumers' confidence about the privacy of their medical records while 
allowing providers and payers to establish the procedures necessary to 
accomplish the dual goals of privacy protection and the delivery of 
quality health care.
    Under the Privacy Rule, disclosing individually identifiable health 
information for purposes other than carefully defined appropriate 
health care activities is prohibited unless the patient grants 
specific, prior written authorization. For example, among others, 
information cannot be disclosed to employers, the media, or neighbors. 
It is important to note that HIPAA has strong penalties for non-
compliance. The Department of Health and Human Services (HHS) may 
impose civil monetary penalties on health plans, providers or 
clearinghouses of up to $250,000 for failure to comply with a Privacy 
Rule requirement. HIPAA also has criminal penalties. Persons who 
knowingly obtain or disclose individually identifiable health 
information in violation of HIPAA face a fine of $50,000 and up to one 
year of imprisonment. Criminal penalties increase to $100,000 and up to 
five years imprisonment if the wrongful conduct involves false 
pretenses. Penalties for wrongful conduct that involve the intent to 
sell, transfer, or use individually identifiable health information for 
commercial advantage, personal gain or malicious harm increase to 
$250,000 and up to ten years imprisonment. Criminal sanctions are 
enforceable by the Department of Justice--and there has already been 
one criminal conviction under the rule. Thus if you use a patient's 
record, without permission, for reasons other than legitimate health 
care operations, you could be sanctioned with severe federal civil and 
criminal penalties.
    As Congress and the Administration have considered the issues 
relating to the facilitation of a national health information network, 
questions about the privacy and security of electronic medical 
information have arisen. A common misperception is that the HIPAA rules 
may not adequately protect the confidentiality and security of 
electronic medical information in the context of an NHIN. It is 
important to remember that the HIPAA privacy and security rules were 
adopted to provide appropriate safeguards for the electronic exchange 
of financial and administrative information, and the regulation 
expanded this to also include paper records. The electronic exchange of 
clinical information is no different.
    Thus, HLC and the Confidentiality Coalition believe that the 
existing HIPAA Privacy Rule provides strong privacy protections--
effective to address the privacy and security challenges associated 
with exchanging patient information among health care providers, 
consumers, payers and other authorized entities in the context of a 
NHIN.
    However, we are troubled by the fact that the HIPAA Privacy Rule's 
preemption standard permits significant state variation. In general, 
HIPAA supersedes contrary provisions of state law. For example, the 
HIPAA standards for the electronic exchange of financial and 
administrative information, such as health insurance claims, preempt 
state laws that require billing records to be maintained or transmitted 
in written rather than electronic form. Congress, however, set a 
different preemption standard for privacy protections under HIPAA. The 
Privacy Rule does not supersede contrary state laws that are more 
stringent than the federal standard. As a result, providers, 
clearinghouses and health plans are required to comply with the federal 
law as well as any state privacy restrictions that are more stringent. 
In the context of HIPAA implementation this has been extremely 
difficult. In the context of a NHIN it is potentially impossible.
    State health privacy protections vary widely and are found in 
thousands of statutes, regulations, common law principles and 
advisories. Health information privacy protections can be found in a 
state's health code as well as its laws and regulations governing 
criminal procedure, social welfare, domestic relations, evidence, 
public health, revenue and taxation, human resources, consumer affairs, 
probate and many others. The rules typically apply either to specific 
entities--such as hospitals or county health departments--or to 
specific health conditions, and no two states are the same in this 
regard. Virtually no state requirement is identical to the federal 
rule.
    Thus HIPAA covered entities, such as hospitals, physicians and 
health plans, must find every possible state rule, statute, law, 
ordinance, etc. concerning every aspect of privacy, obtain a legal 
opinion as to whether or not the law, regulation or ordinance is 
contrary to the HIPAA privacy rule, and then determine if the contrary 
state rule is more stringent than the federal rule. Once this analysis 
is complete, covered entities must then determine how to comply. Within 
one state, there may be cases where the federal law applies and in 
others where both federal and state law applies. At that point, covered 
entities must build their information technology systems to implement 
the legal interpretation and hope that there isn't a change in law 
before the systems are up and running. But since nothing prevents 
additional state privacy rules and regulations from being enacted, it 
would take constant monitoring of state action, retooling of systems 
and retraining of staff.
    HLC attempted to assist covered entities in this process by 
commissioning a multi-jurisdiction study of state privacy laws, case 
law and regulations that analyzes the relationship between the federal 
Privacy Rule and state laws. The study is formatted as a website where 
authorized users can search state laws on a particular subject and 
determine whether or not they must comply with the state law, the HIPAA 
Privacy Rule, or both. The study initially cost more than $1 million 
and costs $100,000 to update annually. The Department of Health and 
Human Services made it clear when issuing the Privacy Rule that it 
would not provide this analysis and that covered entities must 
determine whether federal or federal and state law applies.
    The issues associated with privacy compliance are greatly magnified 
in the context of a NHIN. The creation of a successful NHIN will 
require a national system of interoperable systems that can exchange 
health information. Making information available through or to a NHIN 
conceivably could require entities to comply with a range of different 
state laws each time they disclose information in the context of a 
federated system.
    Some proposals attempt to address the patchwork of state privacy 
laws and regulations by suggesting that states should work together 
regionally to develop privacy agreements or harmonize state 
requirements. This would require states to review their own laws, 
regulations and ordinances, reach consensus with the other states on 
uniform rules, get the agreement enacted within each state without 
modification and ensure that existing rules are preempted. However, 
unless all 50 states agree to the same rules, this will not be adequate 
to address the problem of conflicting state regulation relative to 
interoperability of HIT nationwide.
    My testimony includes, as an attachment, a map developed by the 
Indiana Network for Patient Care. Each dot represents a patient seen at 
an Indianapolis hospital during a six month period. While the dots are 
stacked very deep around Indianapolis as you would expect, patients 
served by the Indiana health providers during this period were also 
located in 48 of the 50 states. Looking at this map it is easy to see 
why regional agreements will not be adequate to address the myriad 
regulations with which providers and others will need to comply to 
achieve ``interoperability.''
    One of the most common areas for states to legislate regarding 
privacy is that of patient consent and authorization for uses of their 
medical information. There are prolific and varying state requirements 
regarding who may access patient information, for what reason, and with 
what type of notice and consent to patients. During promulgation of the 
HIPAA Privacy Rule, the issue of requiring providers and payers to 
obtain the prior written consent of patients before using their 
information was examined and debated at great length. The final rule as 
modified allows covered entities to use patients' medical information 
without prior authorization for medical treatment, claims payment or 
health care operations, or as otherwise permitted or required by the 
Privacy Rule \1\ For any other uses, providers must obtain a written 
authorization from each patient.
---------------------------------------------------------------------------
    \1\ Under the Privacy Rule a covered entity is permitted to use and 
disclose protected health information without authorization for the 
following purposes or situations: 1) to the individual; 2) for 
treatment, payment and health care operations; 3) for uses and 
disclosures with an opportunity to agree or object; 4) for uses and 
disclosures that occur incident to an otherwise permitted use or 
disclosure; 5) for public interest and benefit activities; and 6) of a 
limited data set for purposes of research, public health or health care 
operations.
---------------------------------------------------------------------------
    Requiring providers and payers to obtain prior consent for 
treatment, payment and health care operations was rejected because of 
concerns that a prior authorization requirement would seriously delay 
and disrupt the care of patients, particularly the most vulnerable 
elderly and sick patients. For example, elderly patients would not be 
able to send a family designee to a pharmacy to pick up a prescription 
without first going to the pharmacy to sign consent forms; pharmacies 
would not be able to fill prescriptions for patients phoned in by 
physicians; and emergency medical personnel would be forced to get 
consent forms signed before treating patients--even when contrary to 
best medical practice. These concerns were not simply theoretical. 
Maine passed a law requiring prior consent for health care purposes, 
the law was suspended just 12 days after taking effect because of the 
chaos that ensued in hospitals and pharmacies.
    One of the primary goals of a national health information network 
is to improve the quality of health care by giving providers the 
information they need quickly. A NHIN that is constrained by various 
state authorization or consent requirements will provide only a 
fraction of the speed and efficiency necessary to improve patient 
outcomes. These unnecessary requirements are extremely burdensome for 
providers, impeding their ability to provide timely and efficient 
medical services. Even worse, they offer little value to patients. 
Varying notice provisions which force covered entities to provide 
notice to patients in triplicate are simply not helpful to patients who 
are more likely to be overwhelmed by the paperwork these requirements 
necessitate. It would be much better for patients if they, providers 
and payers could rely on a uniform standard based on the principles of 
the HIPAA Privacy Rule--that information can be used and disclosed only 
by authorized persons in order to provide and pay for medical care--and 
that information will be kept confidential.
    As a NHIN becomes a reality, we fear that states may also begin to 
legislate the degree to which patients can control their own electronic 
health record--deciding who can access what information for which 
reasons. Especially in emergency situations, where treatment is a 
matter of life and death, electronic health records can be a life-
saving tool for clinicians. However, if electronic records are to be 
utilized as a part of care delivery, patients simply must not be able 
to selectively provide information that may be relevant for treatment 
purposes. Should this occur, providers would be unable to rely on the 
NHIN as a tool for diagnosis and treatment as it may or may not include 
the facts necessary for the delivery of quality medical care. In 
addition, providers are very concerned about the liability that might 
result from their reliance on incomplete information.
    In conclusion, I reiterate the belief that the current patchwork of 
applicable state and federal laws is a significant disincentive to 
participation in a national health information network for virtually 
all stakeholders. Indeed, already HLC members working with emerging 
state consortia are reporting difficulty in navigating the variations 
in state privacy laws among bordering states.
    We believe that it will be extremely difficult to achieve 
interoperability without a more uniform framework for the protection of 
patient privacy. Absent such a framework, the barriers to using health 
information technology to improve the quality and efficiency of health 
care will be substantial and covered entities will be discouraged from 
participating. Federal preemption provisions that establish a unified 
national standard are essential to the viability of a NHIN. We believe 
the HIPAA Privacy Rules should be the national standard and should 
supersede state laws. Covered entities already have established HIPAA 
compliance programs, appointed privacy officers and implemented 
extensive staff training. But more importantly, we believe that HIPAA 
provides the privacy and confidentiality protections demanded by 
consumers and can set a high, uniform standard for health information 
practices across all states.
    The Healthcare Leadership Council appreciates the opportunity to 
testify on the protection of patient privacy and the development of 
health care information technology. We look forward to working with the 
Subcommittee in pursuit of these goals. Any questions about my 
testimony or these issues can be addressed to me or to Ms. Theresa 
Doyle, Senior Vice President for Policy, Healthcare Leadership Council 
(telephone 202-452-8700, e-mail [email protected]).

                                 

    Chairman JOHNSON. Thank you very much. I would like to 
throw out a question to the whole panel. We have had two very 
different opinions about the adequacy of HIPAA even as a 
national minimum and the role of the State laws. It is hard for 
me to see how you have a nationally operable system with the 
extent of variation caused by not just State laws, but all 
these regulations and subsections of State action. So, this is 
a very big issue. I hope that some of the studies that both HHS 
is commissioning now and that I am interested in seeing will 
begin to focus on what are the little differences that could be 
easily adjusted and what are the big differences. I would like 
those of you who face this in everyday life to give us examples 
of the problems and maybe comment on Ms. Pritts's testimony 
that too many are left out, that the standards are too minimum, 
versus Ms. Grealy's testimony that the laws are really quite 
adequate, but we can't tolerate the degree of variation if we 
are going to have an interoperable national information system. 
We will just start down the line.
    Dr. DETMER. Thank you. An excellent question, obviously. I 
agree with you. I think that studies underway are quite 
important, and I do think there are some place where we will 
find corrections and some things that need to be done. I think 
at the end of the day, I think part of what the study has to 
look at are the real tensions between some of these 
transformational gains and safety, quality, and so forth 
against some of the tensions that come where you need access to 
information, but at the same time, you also want to have 
privacy, and I think those are real tensions and at some point, 
I think we are going to have to have real basement-to-ceiling 
standards for an NIHH to work. A patient who works in the 
District, lives in Virginia, gets their care in Maryland or 
something like that may have a provider, excuse me, an insurer 
in any one of those three locations. You just can't have 
interoperability, I think, at the end of the day, without it. I 
think it is going to take, frankly, some will and leadership at 
that point and I think we will have to face this. As I say, I 
think the studies are important. I think there are some things 
that will need to be done. But ultimately, I think we are going 
to have to deal with this.
    Chairman JOHNSON. Thank you. Ms. Kloss?
    Ms. KLOSS. I would agree that we will learn from the 
studies, perhaps, that some of the States have found additional 
protections that should be added to the current floor we have. 
I would also suggest that it is incumbent on us in the design 
of the National Health Information Network to do all we can to 
use best practices, new best practices and new technologies 
that, again, weren't necessarily conceived of or available at 
the time that the HIPAA regulations were crafted.
    Chairman JOHNSON. You may in your comments want to 
differentiate as to Dr. Brailer, between this issue of 
transaction standards and privacy standards as the public 
thinks about them. Dr. Weiss?
    Dr. WEISS. Thank you. I will answer it in two ways. First, 
as a solo private practitioner, it is hard for an individual in 
an office to understand everything that is going on around 
them. They want to have an interaction with the patient and 
take care of that patient and move on. They are less concerned 
about national standards, just because of the practicality of 
the thing. As a hospital system, we obviously obey all the 
regulations, but it becomes confusing and expensive to have 
multiple regulations, and even more importantly, as we think 
about globalization--we are worrying now about State versus 
Federal--we send our night radiology reading to Australia right 
now. We send some of our dictation--some of our practitioners 
in our town send our dictation abroad, so that the real 
standards are not--we are quibbling over something in our 
country and not realizing that we are a global network, so that 
really, we need international common standards so that we can 
share the--and any of the work that is fungible around the 
world, which will make things more economical for everyone. 
There aren't ten best ways of doing anything, so to have 50 
different ways, be it 50 different States, of doing something 
is just inane and expensive. So, we really need to do this. We 
do need this interoperability. Trying to get that perfect to 
interfere with good will always slow us down. No legislation, 
with all due respect to all legislation, can be absolutely 
perfect, so that there will always be exceptions. It is just a 
question of doing what is best for the common good and 
sacrificing a little bit of individual freedom, although it is 
not comfortable, just to make this a viable system.
    Ms. PRITTS. Do you want me to wait until last?
    Chairman JOHNSON. Ms. Pritts?
    Ms. PRITTS. Should I wait until last?
    Chairman JOHNSON. All right, fine. Ms. Grealy?
    Ms. GREALY. I think the point here is that HIPAA provides 
us a framework. I think the comments about the studies that 
will be underway to really look at all 50 States, the key here 
is that we need to find a single national uniform standard that 
is a workable privacy rule. So, I think the studies underway 
are something that will be very valuable, but at the end of the 
day, we think HIPAA provides a framework. A lot of work has 
gone into compliance with the current HIPAA standards. Entities 
have installed privacy officers. They have done staff training. 
So, we think it does provide us a reasonable framework, but the 
studies will provide valuable information, as well. The key at 
the end of the day, as Dr. Brailer said, is reducing the 
variability, reducing the complexity, and allowing us to use 
our resources for direct patient care as opposed to trying to 
comply with this myriad of regulations and making these health 
IT systems much more expensive than they need to be.
    Chairman JOHNSON. Ms. Pritts?
    Ms. PRITTS. Well, there are a number of issues that were 
raised here that I would like to address. First, I would like 
to say that there are a lot of providers out there who are 
dealing with this multi-State issue right now and who are doing 
it successfully, and I would hope that as these studies are 
being taken place, that they are consulted and their best 
practices are taken into account, because obviously, there are 
some ways that people who have embraced this, the privacy rule, 
and have looked forward with it have been able to function 
quite well underneath it. I also think that it is really 
important while we are looking at this issue to understand how 
we got to where we are today, which is that we have been unable 
for the last 25 years to reach significant privacy standards in 
Federal--comprehensive Federal privacy standards in Federal 
legislation. What has happened is we have a core group of 
people and organizations, covered entities, who are covered by 
HIPAA, but there is this whole other range that is still--and 
nobody addressed this--that there are lots of people in the 
National Health Information Infrastructure who won't be 
covered.
    It is a very--I think it is a very difficult issue when you 
talk about wholly preempting State law. I understand the need 
to be able to exchange health information, but when you are 
talking about health privacy laws at the State level, you know, 
States have been in this business for much longer than the 
Federal Government has. I mean, traditionally, health, welfare, 
those are the issues that the States--of their citizens States 
have been legislating, and they have these laws in every nook 
and cranny in their codes and regulations and there are very, 
potentially, severe consequences of preemption of these laws. 
So, those consequences must be thought of before any action of 
that kind could even be really seriously considered. We are not 
looking for perfect here, but we are looking for protections of 
individuals. The gentleman, Dr. Weiss, said, well, sometimes 
the good, the common good requires the sacrifice of individual 
freedoms. The problem is, in our country, it is the individual 
who is going to bear the burden of--the cost of this in a 
very--it is not just freedom, it is in a very direct result. 
Our health care system is funded primarily through employers. 
People are afraid that if their health information gets out, 
somebody in their family has some expensive medical condition, 
they won't get a job. If they don't get a job, they don't get 
insurance. So, it is all interconnected. It all has to be 
considered within a context.
    Chairman JOHNSON. I think the goal, really, of this 
discussion at this point in the development of further 
legislation to guide the development of a national 
infrastructure is to begin to be sure that we do those studies 
and we look more carefully at what are the serious differences, 
what are the non-serious differences, and where do we really 
have to preempt, because it is--and whether we have to preempt. 
I mean, it may be that all the States are doing things that we 
are not doing and they get folded into the national standard. 
So, this isn't, do we preempt with the existing standards. This 
is, what do we do about the problem? So, I hope you will be 
involved in some of those studies. It will be a multi-year 
process, but it is serious enough that to think that the 
tensions in the future between privacy and portability may not 
have to be resolved differently, I think is to kind of ignore 
the dynamic that has taken place in other parts of the economy. 
On the other hand, we also don't know how much the capability 
to protect privacy is going to be developed in the technology 
and it will have a lot to do with our ability in fraud and 
abuse, too. I have taken my time and I am going to turn to Mr. 
Stark.
    Mr. STARK. Thank you, Madam Chair. I want to thank Ms. 
Pritts for, as near as I can tell, the only witness there that 
has concern for patients and consumers. The pharmaceutical 
industry is well represented and the interests of physicians 
are well represented, but somehow, it seems to me that somebody 
ought to think a little bit more about what those of us who are 
patients care about our privacy. Some States do a better job. 
Some States would have tougher requirements for a variety of 
reasons that we might not be able to pass at the Federal level. 
It happens in automobile emissions standards. We are much 
tougher in California than they are in North Dakota. So, if we 
took North Dakota's emissions standards, you wouldn't be able 
to see for the smog in big cities. I think the same thing could 
very well be true in various States and the standards that 
would be accepted. Dr. Detmer, you did or do represent this 
vital health statistics national Committee. You have worked 
with them. They have a common set of data elements. They have 
developed a common set of data elements for patient records, 
have they not?
    Dr. DETMER. No, not really----
    Mr. STARK. They haven't?
    Dr. DETMER. Not truly, no.
    Mr. STARK. Okay. So, they haven't developed it?
    Dr. DETMER. Well, they work on this because they are 
mandated to work on it from the HIPAA legislation, but it is 
not like that has comprehensively been completed.
    Mr. STARK. Okay. Do you think that there is a kind of a 
minimum set of data, like height, weight, blood pressure, that 
doctors could all agree on that would be sort of a minimal set 
of statistics that they could collect? Do you think we are----
    Dr. DETMER. You know, this is actually one of those very 
frequently debated points. Do we go toward a, if you will, 
minimum data set, or do we go toward an infrastructure that 
really tries to capture all of the things that go on.
    Mr. STARK. But you have got to start with the minimum, 
right?
    Dr. DETMER. I have to admit, I guess I tend to be in the 
population that say, look, I think that health care today 
really must have the complexities covered, too, because 
candidly, I practiced 25 years as a vascular surgeon. The kinds 
of data I typically needed to respond to a patient's personal 
needs wouldn't necessarily come up in a general practice kind 
of environment.
    Mr. STARK. I have got your thing here on standardization--
personal identifier, date of birth, gender, race or ethnicity, 
residence. I mean, you guys have agreed on that, right?
    Dr. DETMER. Oh, yes. There is a set of--there are a set of 
data, yes.
    Mr. STARK. That is what I am trying to get.
    Dr. DETMER. I am sorry. Sure.
    Mr. STARK. Okay. So, you guys are all in accord, and you 
suspect that the medical profession would generally say those 
are okay? They may want more, but----
    Dr. DETMER. Yes. I think the question is how the process 
works. If there are----
    Mr. STARK. No, I don't want to know about the process. I 
just want to know where we are. There are 49 line items here 
that you guys have agreed on, so that is a start.
    Dr. DETMER. Correct. It is a good start, I would say.
    Mr. STARK. Now, the question of interoperability and 
privacy, I would submit to you, either you or Dr. Weiss 
mentioned credit cards and banking, a subject about which, if 
my memory would serve me better, I know a good bit. It is quite 
possible that the--well, the interoperability of the credit 
card industry and checking accounts is a direct function of 
Federal mandates, okay. The Federal Reserve basically set the 
standard for clearing, without which I could not go into any 
airport in the world and have the ATM say, you are a bum, you 
don't have any money and we ain't giving you any more. They 
know that about me before I get off the plane. The privacy and 
security requirements in Shannon or Heathrow or San Francisco 
or Dulles are all different. Yet we are able to operate with an 
exchange of information. Our privacy standards for financial 
information are ten times tougher in California than they are 
in the District of Columbia. If my bank were to give out 
information even to their subsidiary and solicit me for 
insurance in California, they would be in deep trouble. Not so 
in many other areas. So, I guess what I am suggesting is a 
couple of things, and I would like your comments, Dr. Weiss, if 
the chair will indulge me with the red light a little longer. 
One, that we are not going to start or have interoperability 
until some one entity that can monitor and enforce it says, 
this will be the standard. Dr. Weiss, you are going to have to 
do it in Florida, right?
    Dr. WEISS. Yes.
    Mr. STARK. Dr. Detmer, wherever you practice. You guys are 
going to have to do it the same way. Now, you can add bells and 
whistles. I would use the case--let us just try it. Dr. Detmer, 
Dr. Weiss, do either of you use, what is that thing, the 
bookkeeping thing, Quicken? Do you use Quicken?
    Dr. WEISS. Yes.
    Dr. DETMER. I know what you are talking about.
    Mr. STARK. Do you use Quicken?
    Dr. DETMER. No, but----
    Dr. WEISS. I use Microsoft Money, but it is the same thing.
    Mr. STARK. Okay, the same thing. Now, you could hook up to 
your bank or Schwab or some--if you want, and they could import 
your credit card information into Microsoft Money each month, 
or you don't have to do it. You could balance your checkbook by 
hand. Your bank has a different set of security--you have got 
to have a password--than Microsoft Money. I guess what I am 
saying is that, yes, we could accommodate more sophisticated 
systems, and I would submit that Dr. Weiss's practice for each 
individual physician entering information on his or her laptop 
or whatever input device isn't any different than the thousands 
of Kaiser physicians in my district. They have got a bigger 
system someplace. But at the point of the physician entry, it 
doesn't make any difference. I guess, if I could get to the 
point, why shouldn't we, Dr. Detmer and Dr. Weiss, have CMS, 
for example, say you have got to start with this minimum amount 
of information and this type of electronic reporting or we will 
pay you less for Medicare and Medicaid, and then at least we 
would get started. Does that----
    Dr. WEISS. I agree. My fourth option is that as the 
government and the other payers--you have the commercial payers 
that pay one or 2 percent more for physicians who are using an 
IT system that has a minimal set of standards. Those physicians 
who decide to stick with paper rather than technology----
    Mr. STARK. Get less.
    Dr. WEISS. Will get one or 2 percent less.
    Mr. STARK. Could you live with that, Doctor?
    Dr. DETMER. Yes. I think if you make it revenue neutral, 
then you have dealt with it, too. I mean, I don't think you are 
necessarily talking about new money.
    Mr. STARK. Well, we will--your colleagues----
    Chairman JOHNSON. We have to wrap up pretty quickly, so let 
us add anything in.
    Mr. STARK. Thank you.
    Chairman JOHNSON. I thought the issue that Mr. Stark raised 
about global, basically, variation versus a core of 
standardization is a good one, and if any one of you want to 
comment on that. In our pay for performance bill that we are 
going to introduce tomorrow, we do have variable payment 
structures for just that reason.
    Dr. DETMER. No, I agree. It is good. I think that is good. 
I guess the comment I would make is it comes back to the 
clinical standards issue. I do think the government needs to 
invest enough to really make sure that this process is done and 
kept up and maintained and so forth, and I think the idea that 
you think you can just sort of do it and then not maintain it 
is just not going to work.
    Chairman JOHNSON. Right. I agree.
    Mr. STARK. Somebody has got to start it.
    Chairman JOHNSON. Yes.
    Ms. KLOSS. I would also follow on to our earlier discussion 
on certification of EHRs. The approach being taken is to set 
forth some fundamental standards for functionality, security, 
interoperability, and to go from there so that at least we know 
that all EHRs meet that basic set of standards. So, I think 
that is a sensible way to proceed.
    Chairman JOHNSON. Mr. Hulshof?
    Mr. HULSHOF. Thank you, Madam Chairman. I will try to be 
brief. Just a couple of quick comments. A lot of discussion 
about HIPAA, which the standards were intended to be a minimum 
privacy standard and yet sometimes, as is the case, at least in 
my experience, has been that State laws are not necessarily 
more stringent. It is just that they are different and, 
therefore, you have entities having to comply with two 
completely different sets of standards and one may not be more 
rigorous than the other. So, that is one comment I would make. 
Let me commend everyone for the written testimony. There is 
some great stuff, and I know when you are trying to pare it 
down into a five-minute presentation, a lot of good things get 
missed, and I would just commend everybody to take all of your 
written testimony. I wanted to emphasize a point, Ms. Pritts, 
you made in yours, that you cite in your written testimony a 
number of instances in which medical information was sold. 
Isn't that already prohibited under HIPAA?
    Ms. PRITTS. Well, it is prohibited under HIPAA, but what 
has recently happened is the Department of Justice issued 
guidance to HHS saying that the criminal provisions of HIPAA do 
not apply to most employees, even of covered entities. So, if 
you had--the example in my testimony says, if you had a 
hospital and the hospital will have policies in place saying 
you may not sell patient information, that the hospital is not 
going to be prosecuted under HIPAA, and rightfully so, because 
it is not the one selling the information improperly. The 
employee who is improperly taking patient information and 
selling it is not going to be prosecuted under HIPAA because 
the Department of Justice has announced they are not covered by 
HIPAA.
    Mr. HULSHOF. Let me emphasize another point that Dr. Weiss 
made, because again, in your testimony, you talk about privacy. 
We have been talking a lot about privacy of medical records. 
But again, Dr. Weiss, thank you for just reminding us that, 
really, the electronic environment, though not perfect, as you 
write on page five of your testimony, is better and safer than 
the paper environment. Right now, anyone in the hospital can 
pick up a medical chart, browse through it anonymously, whereas 
on electronic records, you have access--if you have access, you 
can then call up and see who exactly accessed your information 
based on privacy. So, again, thanks for those real world 
examples. Now, Dr. Weiss, in the remaining time I have got, let 
me ask you this. Can you describe how an exception to the 
physician self-referral laws and the anti-kickback statute 
would actually increase adoption, or would it increase adoption 
of health IT among your physicians, because here is the concern 
that we have heard from some. Some would argue that maybe a 
safe harbor like this would create a situation in which 
hospitals would compete for physicians based on IT spending, or 
they might create these captive referral systems between 
physicians in certain hospitals. So, can you respond to that 
generally, and I will yield you the remaining balance of my 
time.
    Dr. WEISS. Thank you. I will start with a real story that 
is happening as we speak, where we have 525 physicians on 
staff. We have a group of 55 physicians in town who are 
wonderful. We have another group of 40 physicians who focus on 
an indigent care market. About 18 months ago, these other two 
small groups were out to buy an IT system. I spent a 
significant amount of time and energy, as did they, to see if 
we could get interoperability among the systems. I was 
advocating that they use the hospital system, which is relative 
mature. We are not quite a paper-free environment, but we are 
heading that direction. During that period of time, these two 
physician groups had three concerns that actually never 
happened. They ended up buying two excellent systems, but not 
the same system the hospital has right now, so basically we all 
have romance languages but we are not speaking to each other. 
We are doing French, they are doing Italian and Portuguese or 
whatever. So, we sort of understand, but at the end of the day, 
we have got to print everything, carry it to and from.
    They can read our system anywhere that they have high-speed 
Internet connection, but they can't get from their system to 
our system, and so if a patient gets a lab result earlier in 
the day in his or her doctor's office and gets admitted to the 
hospital later in the day, we will repeat the blood test 
because it is too hard to get the results. Now, what actually 
happens and gets to the regulation question, we looked at the 
new Stark laws. As a private practitioner, I understand the 
temptation of self-referral and self-inducement and I applaud 
those rules. That really does make a difference. There are a 
small minority of physicians who take advantage of patients 
economically and do self-referral and the law has been a great 
law. The actual practicality of it is, when we thought about 
trying to help physicians, of our 525 physicians, 200 admit 
patients commonly in the hospital. That leaves 325 whom we 
would have to pay for computers for their offices who really 
aren't associated. There are another 300 physicians in the 
community who don't use our hospital, so that we don't have the 
money--we have about a three percent profit margin, we are a 
not-for-profit community-based hospital and we are doing fine 
and we reinvest all our money, but that is not the highest--we 
can't buy computer systems for 800 physicians. It is just 
practically not economically possible.
    Then we have one other hospital in town and we have a third 
hospital who will be probably coming to town. The physicians 
were worried about, number one, the hospital's IT department's 
ability to implement IT or computer systems in his or her 
office, and being on the provider side before, no offense to 
government, but it is the ``I am from the government, I am here 
to help you.'' We say, ``I am from the IT department of the 
hospital, I am here to help you,'' and it makes you a little 
bit worried. So, that the doctors were worried about our 
ability, and our ability is great, but we are used to working 
inside the hospital. So, the first thing was the ability to 
make it happen. The second thing was, as an individual 
physician, they were worried about being married, having--
monogamous relationships are necessary for healthy marriages, 
but not for businesses, so that they wanted to be able to be 
involved with the other two hospital systems in town and not be 
married to one hospital. If I were in individual practice the 
way I was before 2000, I certainly wouldn't want to be married 
to one system.
    The third thing--and the third major point was it just 
economically wasn't feasible for us to do that, so that even 
though the rule was relaxed somewhat, it is just not practical. 
What we really need is the health care industry as an industry 
to do integration, to do it voluntarily. Right now, I sort of 
have the idea that everyone wants to become like Microsoft when 
Commodore and Apple were involved. But really, if you go back 
to the Sony and VHS in 1975 to 1980, the group that won out was 
the group that cooperated. The VHS won out because they gave 
their technology to other people. The group that lost, even 
though Sony had a two-year lead and arguably a better product, 
never made it because they didn't connect and collaborate. They 
tried command and control. In our environment in 2005, command 
and control does not work. Connect and cooperate does. Thank 
you.
    Chairman JOHNSON. Thanks very much. What I hear you saying 
is that once sort of the standards are set so that there isn't 
this worry about the monopolistic relationship and we have a 
greater flexibility than the Committee-wide exception, that 
then those things could have happened and the outcome for the 
public and for the patient would have been far better. I thank 
the panel very much for their testimony today. It was very, 
very helpful and very specific. We appreciate it. As we move 
forward, we will look to call on you for your advice and input. 
Thank you. The hearing stands adjourned.
    [Whereupon, at 12:28 p.m., the hearing was adjourned.]
    [Submissions for the record follow:]

            Statement of James Bayot, McKesson Corporation,
                       San Francisco, California

    For more than 170 years, McKesson has led the industry in the 
wholesale delivery ofmedicines and healthcare products. Today, a 
Fortune 15 corporation, McKesson delivers vital pharmaceuticals, 
medical supplies, and healthcare IT solutions that touch the lives of 
more than 100 million patients in every healthcare setting. As the 
world's largest healthcare services company with a customer base that 
includes more than 200,000 physicians, 25,000 retail pharmacies, 5,000 
hospitals and 600 payers, McKesson is well positioned to help transform 
the healthcare system.
    McKesson strongly supports the goal of improving healthcare quality 
by using healthcare information technology (IT) to reduce medical 
errors and lower costs. As the largest provider of automation and 
information technology in the healthcare industry, we deliver 
innovative technologies at each point in the healthcare system to 
reduce medication errors, lower costs, and improve the quality and 
efficiency of healthcare. We are dedicated to making healthcare safer, 
a goal that requires a deep understanding of healthcare delivery 
processes and a clear focus on what is required by key stakeholders 
such as physicians, nurses, pharmacists and patients.
    McKesson fully supports the President's goal that every American 
should have an electronic health record (EHR) in 10 years. To meet this 
bold vision, McKesson believes that the federal government should 
pursue a two-pronged strategy to spur the adoption of automation and 
healthcare IT. First, we need broad deployment today of high-impact 
technologies that provide unquestionable benefits in the delivery of 
healthcare. Second, on a parallel track, we need to develop the 
standards and promote the interoperability of systems that are 
essential for medical information to be shared among healthcare 
providers, patients, and public health agencies in a safe, secure 
manner.
    At McKesson, we know that technology itself is not the inhibitor of 
change in the healthcare system. The technology is available and 
working. It is intolerable that people die every day from medication 
errors that could be prevented with bar-code technology, the same 
technology that is used in every major retail outlet in this country. 
We conduct sophisticated banking and other business transactions 
electronically across continents; yet most physicians in the United 
States still rely on their memories for complex medical information, 
and write orders using pen and paper.
    While deployment of healthcare IT is growing, less than 20 percent 
of hospitals in the United States today use bar-codes to verify the 
administration of patient medications, and fewer than 10 percent of 
physicians in hospitals enter patient prescriptions and medical orders 
electronically. The numbers are only slightly better outside the 
hospital: only about 25 percent of large physician offices enter their 
prescriptions electronically. The number drops considerably for small 
physician practices.

Three Areas Where High-value, High-impact Technologies Already Make a 
        Difference
    We can and must make the healthcare system safer and more efficient 
by accelerating the use of technology in all hospitals and physicians' 
offices in the United States. There are three areas where high-value, 
high-impact technologies already make a significant difference:
    1. Bar-code technology. Medications should be packaged in unit-
doses labeled with bar codes and scanned at the bedside before they are 
given to patients. Today, on average, there are 27 steps in the 
medication use process that involve many decisions, multiple handoffs 
and various people, ranging from the physician who prescribes the order 
to the pharmacy staff to the nurse who ultimately administers the 
medication to the patient. Healthcare IT and automation can reduce the 
handoffs and eliminate, on average, 40 percent of the steps. This 
results in dramatically improved accuracy, efficiency and safety. In a 
group of 75 hospitals that use McKesson's bedside bar-coding 
technology, 400,000 ``alerts'' are triggered weekly to nurses or other 
healthcare professionals to advise them that the wrong medication or 
incorrect dosage is about to be administered. As a result of these on-
line warnings, we estimate that these hospitals prevent 56,000 errors 
each week. Hospitals that deploy bar-code scanning technology report 
dramatic error reduction in medication administration, as high as 90 
percent.
    2. Electronic prescriptions. We must eliminate paper prescriptions. 
Each year, more than three million preventable adverse drug events 
occur in physicians' offices or other out-patient care settings. 
Imagine a world where a patient's list of current medications is 
available to the physician and the physician can order initial scripts 
or refill them online. All the medication names would be legible, and 
all orders checked for drug-drug interactions and allergies. Today, 
McKesson's systems help to ensure safe prescriptions are written and 
filled 100,000 times each month, but, nationwide, 80 percent of 
prescriptions are still on paper, and many are illegible.
    3. Secure Web-based access to patient information. We must equip 
physicians and clinicians with the information needed to make informed 
decisions about patient care. Today, most healthcare is delivered in a 
paper-based world. It is not uncommon for physicians to provide 
patients with advice, give directions to other staff and recommend 
treatment changes without any access to a patient's chart. These blind 
encounters happen every day. Secure Web-based access to clinical 
patient information, such as laboratory results, the patient's medical 
record and diagnostic images, enables physicians to find, within 
seconds, the information they need to make more informed decisions and 
initiate or adjust treatment. McKesson currently records 1.8 million 
logins each month to its Web-based physician portal, almost double 
compared to a year ago. Remote access via Web portal technology is in 
common use across many industries; yet, in healthcare, its deployment 
is only in the 50--60 percent range.
    Funding to support these focused initiatives can lead to dramatic 
progress very quickly. McKesson applauds the leadership shown and 
initiatives undertaken by the Congress and this Administration. 
Implementing these three forms of technology will build the required 
momentum and provider support for adoption of healthcare IT.
Technology is Improving Healthcare Quality Today
    Healthcare technologies today save lives, reduce medical errors, 
improve the quality of care, and reduce overall health costs. The 
following healthcare organizations are just a few of our customers that 
have taken these important first steps to improve care for their 
patients:
    Concord Hospital, an affiliate of Capital Region Health Care 
(CRHC), Concord, NH: Concord was one of the first hospitals in the 
United States to introduce bedside bar-code scanning of medications in 
1994, which reduced its already low medication error rate by 80 
percent. This reduced error rate, which has been sustained for more 
than 10 years, has improved productivity and efficiency as well as 
increased clinician satisfaction and retention.
    Medical Associates Clinic, Dubuque, IA: Medical Associates is 
deploying an ambulatory electronic health record and e-prescribing 
system for more than 100 physicians and medical providers, which 
represent 30 specialties dispersed across 16 locations in three states. 
With the implementation still underway, physicians are already entering 
26,000 e-prescriptions each month, and patient information is available 
electronically regardless of location. Nurses spend far less time on 
medication management; they have reduced the time spent on paper 
charting activities by 24 percent; and, they spend 16 percent more time 
with patients and their families. In addition to improved quality and 
better decision-making, this clinic projects an annualized net gain of 
$1.7 million with full system deployment.
    Regional West Medical Center, Scottsbluff, NE: A regional referral 
center covering more than 12,000 square miles in rural Nebraska, 
Regional West has used information technology to streamline the 
delivery of healthcare. Through secure Internet access, physicians and 
other clinicians can view a single electronic medical record for each 
patient, which includes diagnostic medical images, pharmacy data and 
laboratory results. A McKesson pharmacy robot dispenses bar-coded, 
unit-dose medication packets virtually error-free. Electronic patient 
charting at the bedside has cut nurses' daily paperwork by nearly 1.5 
hours, enabling them to spend more time caring for patients. The 
hospital has reduced its medication error rate by 30 percent to less 
than one percent. Before giving a medication, the nurse must capture a 
three-way bar-code match between his/her badge, the medication and the 
patient's wristband to check the five ``rights'': the right patient is 
receiving the right dose of the right medication at the right time via 
the right route.
    Mary Lanning Memorial Hospital, Hastings, NE: The largest employer 
in Hastings, Nebraska, Mary Lanning Memorial Hospital has served the 
healthcare needs of the surrounding community for the past 83 years. 
Although the hospital's medication error rate was low, a single tragic 
event highlighted the need for standardized medication administration. 
Bedside bar-code scanning technology was implemented along with a 
pharmacy information system to reduce the risk of medication errors. 
Additionally, medications scanned at the bedside are compared to orders 
reviewed by pharmacists and screened for allergies, interactions and 
therapeutic duplications. Preliminary data has shown a 35 percent 
increase in the reporting of near-miss events related to wrong drug and 
wrong patient.
    Presbyterian Healthcare Services in Albuquerque, NM: Using 
McKesson's bar-code technology solutions, Presbyterian reduced 
medication administration errors by 80 percent. Technology has also 
allowed pharmacists to be redeployed to critical care units to work 
directly with patients and physicians and enhance the quality of care.
    These innovative health systems and others across the country are 
saving lives and saving money. Physicians, nurses, and pharmacists now 
spend more time interacting with patients and less time performing 
administrative functions. More importantly, these organizations are 
creating a new baseline for patient care in the United States. While 
making healthcare safer through seamless, rapid and accurate 
information flow, they are also addressing one-third of healthcare's 
overall costs: administrative paperwork, clinical errors, manual hand-
offs and rework.

Developing Standards and Promoting Interoperability
    McKesson fully supports efforts of Congress and the Administration 
to facilitate standards harmonization, encourage the formation of 
regional health information organizations and establish a National 
Health Information Network. Development of the requisite technology 
standards will allow the computer systems of doctors, hospitals, 
laboratories, pharmacists and payers to efficiently communicate and 
share information. We are honored to work with Dr. David Brailer and 
the Office of the National Coordinator for Health Information 
Technology as he moves to create a foundation for the transformation of 
our healthcare system. We are also pleased to be a member of the 
Commission for the Certification of Health Information Technology, a 
collaborative public-private partnership to develop standards and 
certify health information technology systems.
    We all remember the incremental steps that were taken by other 
industries as they moved towards connectivity and interoperability. 
First, they automated individually and then, collectively, they 
collaborated to connect the information. Consider the banking industry. 
A full decade elapsed between the early proliferation of bank-specific 
automatic teller machines (ATM) and the formation of ``shared ATM 
networks'' in the 1980s. Once the automation was complete, connectivity 
and interoperability occurred very quickly. In the interim, banks were 
able to realize the cost and efficiency savings of ATMs, and consumers, 
appreciating the convenience of ATMs, quickly adapted to this new 
banking system. Connectivity is a natural evolution of automation. We 
are confident the same evolution will happen in healthcare. Once our 
nation's healthcare providers are fully automated, it will be possible 
to connect previously isolated healthcare systems.

Understanding and Overcoming Barriers to Rapid Adoption of Health 
        Technology
    The biggest obstacle to healthcare information technology adoption 
is securing the needed funding and resources. Today, physician 
practices and hospitals do not have access to the capital necessary to 
invest in their own technology or, on a larger scale, to fund 
connectivity.
    The federal government can play a key role in financing this 
healthcare transformation through creative funding arrangements. One 
option is through the creation of Government Sponsored Entities, which 
would provide indirect federal support through guaranteed loans for 
healthcare providers to purchase, adopt, and implement proven health 
technology solutions that are focused on error elimination and safety. 
Coupled with the pay-for-performance initiatives that reward providers 
for the quality of healthcare delivered rather than for services 
rendered, guaranteed loans or other financial incentives will spur 
technology adoption.
    A combination of financial and performance incentives would help 
mitigate the initial expense of technology implementation. The 
reduction in medication errors and improved efficiencies in delivering 
improved healthcare will also provide a return on investment for 
healthcare organizations, thereby enabling them to repay the loans.

Conclusion
    McKesson believes our healthcare system must adopt and deploy 
proven technologies today that reduce medical errors in order to save 
lives, improve the quality of care, and reduce costs. These initial 
steps should include:

    1.  Implementation of bedside bar-coded medication administration 
systems across the United States.
    2.  Elimination of paper prescriptions through use of e-prescribing 
in physicians' offices.
    3.  Secure, online, ``anytime, anywhere'' access for physicians to 
critical patient information.

    Automated information will enable our healthcare organizations to 
store and collect patient data, which will ultimately lead to a 
comprehensive electronic health record. Concurrently, we need to adopt 
the standards necessary to ensure interoperability among systems that 
will facilitate communication within our health system. If we execute 
these initiatives simultaneously, McKesson strongly believes that this 
Congress and this Administration will be able to deliver visible and 
measurable results with a lasting impact on the quality of healthcare 
for the American public.
    As a nation, we have both the will and the means to transform 
healthcare for the better. This will be a remarkable legacy, and one we 
should act on today.
    We appreciate the committee's interest in healthcare information 
technology and look forward to working with members of the Subcommittee 
on Health, as well as other Members of Congress, to address these 
critical issues.

                                 

  Statement of Patricia Gibbons, Mayo Foundation, Rochester, Minnesota
OVERVIEW
    The proposal to move to the ICD-10-CM/PCS (International 
Classification of Diseases, 10th Edition, Clinical Modification and 
Procedure Coding System, hereafter referred to as ICD-10-CM) should to 
be coordinated with other legislative and regulatory initiatives having 
to do with the use of standard terminologies for the reporting of 
clinical information. These include pay-for-performance and quality 
reporting, the public interest in encouraging the use of SNOMED for the 
improvement of clinical description, and the establishment of a 
standards-based national health information network (NHIN). The NHIN 
should include a roadmap for the adoption of terminologies if true 
interoperability is to be achieved. If the various terminology 
initiatives can be synchronized, it will be possible to realize 
improvements in health care diagnosis, quality, safety and treatment, 
along with significant cost savings, for the benefit and well-being of 
all Americans.

CURRENT SITUATION
    Neither ICD-10-CM/PCS, nor its predecessor currently in use, ICD-9-
CM, allow for the capture of data at the detailed level that is 
required for the identification and description of case types (groups 
of patients with a similar diagnostic profile) as specified by most 
quality measures. Such case types and the optimal interventions 
prescribed for them are now defined by a combination of ICD-9-CM codes 
plus additional clinical information, much of which cannot be coded at 
an appropriately detailed level in ICD-9-CM or in ICD-10-CM/PCS. In 
contrast, SNOMED (the Systematized Nomenclature of Medicine), which has 
been identified by the NCVHS (The National Committee on Vital and 
Health Statistics) and by CHI (the federal Consolidated Health 
Informatics Initiative, now part of the Federal Health Architecture 
project) must be considered the preferred terminology for the 
expression of clinical information. SNOMED has been shown to be able to 
handle this level of detail, in two studies on content coverage 
performed at Mayo Clinic.\1\
---------------------------------------------------------------------------
    \1\ Chute, et al, http://www.jamia.org/cgi/content/abstract/3/3/224 
The second content coverage study was done in the summer of 2004 and is 
not yet published, but the findings are very similar to the 1996 study.
---------------------------------------------------------------------------
    SNOMED contains the detail needed for the 1) billing and 
reimbursement, 2) national health statistics and public health 
reporting, 3) the real-time measurement and reporting of safety and 
quality measures, and--most importantly--4) the precise 
characterization and recording of information about all medical 
diagnoses, findings, treatments, and events by care providers, as they 
occur.
    Important work is currently underway by the National Library of 
Medicine, in collaboration with HL7, the leading standards development 
organization for health care, to accomplish the translation of SNOMED 
codes into ICD-9-CM codes. A similar translation (or mapping) is 
planned between SNOMED and ICD-10-CM. A mapping already exists, as 
well, between ICD-9-CM and ICD-10-CM. Work remains to be done. 
Completion of these mappings should be expedited, tested, and adjusted 
to assure continuity in moving forward. But that alone is not adequate 
to achieve the potential benefits of the synchronization. Additional, 
supportive standards for the specification of clinical statements and 
templates for clinical documents, under development by HL7, complete 
the array of standards needed to support SNOMED to ICD synchronization.
    The Centers for Medicare and Medicaid Services (CMS) and the 
National Center for Health Statistics (NCHS), which are today the 
leading users of ICD-9-CM-coded data must play a critical role in 
providing and maintaining for general use, a single approved, computer-
based mapping of SNOMED to ICD-9-CM and to ICD-10-CM. This mapping 
should allow organizations, including providers, payers, and other 
stakeholders, to ``capture the data once,'' store it as SNOMED 
expressions, and produce from it all ``derivative'' information (such 
as ICD codes for reimbursement, and for statistics and public health 
reporting).

TERMINOLOGY NEEDS FOR QUALITY AND SAFETY
    Quality indicators and patient safety measures, now characterized 
by a cumbersome mixture of ICD-9-CM codes plus other data, can be 
better and more consistently captured by SNOMED. If ICD-10-CM is 
implemented without coordination with SNOMED, a major recasting of 
indicators into ICD-10-CM terms will still need to be done and 
calibrated. All indicator-related data not currently encodable into 
ICD-9-CM will need to be scrutinized for codability in ICD-10-CM, and 
much of the information will still need to be gathered manually, with 
different processes for different indicators On the other hand, if 
SNOMED is specified as the basic nomenclature for reporting of quality 
indicators, all detailed clinical data needed can be characterized 
using SNOMED, since SNOMED can handle the content of both the ICD-10-CM 
codes and the additional data required for quality indicator reporting. 
Not that every element of information available in SNOMED will always 
be in use, but if a new measure or finding is required, it will be 
there. By way of analogy, SNOMED will provide a complete dictionary, 
and grammar, for composing any sentence, whereas today we have no more 
than a list of pre-formed and pre-selected ``sentences'' to choose 
from.
    To understand this better, let us look at the findings of the first 
content coverage study from 1996 which compared SNOMED with ICD-9-CM 
and ICD-10-CM. ``Content coverage'' is the relative ability to describe 
full clinical content, including diagnoses, findings, prescriptions and 
drug information, procedures and other information. It includes the 
ability to modify these expressions in various ways (from ``stages'' of 
cancer, to degrees of certainty, to modifiers such as ``family history 
of,'' ``history of,'' ``exposure to''). The versions of SNOMED and ICD-
9-CM that were in available at the time were used in the study. Plus, 
there was a draft version of ICD-10-CM available that was used in the 
study. The approximate results from the 1996 study are tabulated below: 
\2\
---------------------------------------------------------------------------
    \2\ These numbers are derived from the graphic in the published 
study. See actual study for precise results.

----------------------------------------------------------------------------------------------------------------
                                                           ICD-9-CM            ICD-10-CM            SNOMED
----------------------------------------------------------------------------------------------------------------
Diagnoses                                                          1.61                1.61                1.92
----------------------------------------------------------------------------------------------------------------
Findings                                                           1.22                1.24                1.82
----------------------------------------------------------------------------------------------------------------
Modifiers                                                          0.38                0.41                1.71
----------------------------------------------------------------------------------------------------------------
Other                                                              0.55                0.79                1.52
----------------------------------------------------------------------------------------------------------------
Procedures/Rx                                                      1.01                1.09                1.79
----------------------------------------------------------------------------------------------------------------
  OVERALL                                                          0.81                0.84                1.75
----------------------------------------------------------------------------------------------------------------
Figure 1. Scores by semantic group for major coding systems. Bar graph of mean scores over all concepts within
  each semantic domain and Overall. The scale is based on a 0--2 integer scaling reflecting a subjective measure
  of concept capture. 0 = absent, 2 = complete.

    The two content coverage studies show that, despite structural 
changes and a switch to alphanumeric codes (which theoretically add 
much expandability to the coding system), ICD-10-CM/PCS does not 
increase content coverage in a major way. Overall, both the 1996 and 
the 2004 studies show similar content coverage for ICD-9-CM and ICD-10-
CM/PCS. Content coverage for SNOMED is roughly twice that of either 
version of ICD.
    There are several reasons these studies do not show a significant 
increase in content coverage between ICD-9-CM and ICD-10-CM:
    1. The study looked at actual histories, and although there are 
some new diseases and procedures, these typically occur in low volumes; 
once they are recognized, they are added to ICD-9-CM (or-10 or SNOMED) 
in regular or special updates.
    2. Many of the changes in ICD-10-CM/PCS are changes to the internal 
way codes are handled, rather than the addition of new codes. There are 
some additions that are very helpful, such as the ability to indicate 
``right,'' ``left'' or ``both,'' but in many cases, it is the old pie 
that is being cut up.
    3. ICD-10-CM is largely a recasting of major two types of clinical 
knowledge, major diagnosis and interventional procedures, which is also 
captured by ICD-9-CM.
    In general, the scope of ICD-10-CM/PCS has not broadened to include 
the range of detailed clinical information covered by SNOMED.\3\
---------------------------------------------------------------------------
    \3\ http://www.snomed.org/snomedct/documents/July05--CT--
FactSheet.pdf
---------------------------------------------------------------------------
    SNOMED, on the other hand, shows particular strength of content 
coverage precisely in those areas central to the measurement of 
clinical quality and safety: detailed findings and clinical modifiers. 
All-in-all, SNOMED outperforms either ICD-9-CM or ICD-10-CM/PCS by a 
margin of nearly two to one. This of profound importance when it comes 
to the specification, collecting, and reporting of quality measures--if 
what we mean to do is, truly, to create the foundation of a new 
generation of medical knowledge which can serve as the foundation for 
major new improvements and advances in patient care and public health.
    ICD-10-CM provides limited specificity regarding lab findings, non-
billable procedures (such as many nursing activities) and 
pharmaceuticals. SNOMED either maintains links to such information or 
has developed it internally.\4\ Plus SNOMED has a vision and flexible 
structure which allows for entire new dimensions to be added in the 
future.
---------------------------------------------------------------------------
    \4\ Information on SNOMED inclusions and mappings to other coding 
systems (including LOINC for lab values and various nurse activity 
coding systems) is provided at: http://www.snomed.org/snomedct/
documents/July05--CT--FactSheet.pdf
---------------------------------------------------------------------------
CHARACTERISTICS OF THE ICD CLINICAL MODIFICATIONS
    Although ICD-10-CM allows for greater extensibility (the ability to 
add more codes in many areas), it remains unchanged in two respects. It 
is designed for aggregation and/or classification. It retains use of 
``NOS'' and ``NEC'' codes.\5\ This means that it gathers similar 
diagnoses into common groupings. Sometimes, these ``groupings'' 
represent a single clinical expression, but not always, and not 
fundamentally. The ICD Clinical Modifications have done a reasonable 
job of serving the functions for which they were designed, statistical 
reporting, case retrieval for study, and, more recently, reimbursement.
---------------------------------------------------------------------------
    \5\ NOS means ``Not otherwise specified.'' ``NEC'' means ``Not 
elsewhere classified.'' In short, unusual, uncommon, and--importantly--
new conditions, such as SARS or avian flu, are first likely to be 
lumped into one of these ``other'' categories, until their correct 
etiology or expression are better understood. For reimbursement or 
statistics this tends to work reasonably well. A new type of flu will 
end up in ``other influenza,'' for instance, and so be counted and 
reimbursed in a reasonable manner.
---------------------------------------------------------------------------
    But, to handle the new proliferation of quality indicator 
reporting, neither ICD-9-CM nor ICD-10-CM/PCS have the detail, the 
structure, or the ability to adapt to foundational changes to its 
underlying assumptions; it will still be possible to run out of codes. 
With genomic data rapidly being linked to symptoms and diseases and 
with the promise of an ever-changing but always growing set of 
requirements for detailed and ``subtle'' quality criteria 
(``nonbillables''), any fixed classification system will be short-
lived. Indeed, ICD-10-CM is based on the First Edition of ICD-10, and 
the Second was introduced last year, along with a whole new user 
interface technology. If history is to be the guide, ICD-11 is due out 
in the next few years, and is expected to be more SNOMED-like in its 
design. Indeed, ICD-10-PCS, the Procedure Coding System (to be used for 
inpatient procedures only; it does not replace CPT), a thoroughly U.S.-
developed system--uses a SNOMED-like approach.\6\
---------------------------------------------------------------------------
    \6\ It must be emphasized that the ICD-10-PCS, Procedure Coding 
System, is not based on any ICD mortality coding system, but was 
developed under contract by 3M for CMS.
---------------------------------------------------------------------------
    It is indeed most commendable that AHIMA, which has 40,000+ members 
involved largely in the coding of medical information into the ICD, CPT 
and related families of coding systems, is now voicing its strong 
support for the mapping SNOMED to ICD-10-CM as part of a coordinated 
strategy in the direction of adequate, ``capture once, use many times'' 
clinical description capability. This is a significant step forward. 
There is every reason to believe that these talented professionals will 
continue to play a key role in the future of all aspects of clinical 
information capture.

RECOMMENDATIONS
    The following two measures are required in order for the United 
States to move forward to a detailed, flexible, and clinically useful 
system for characterizing health related conditions, findings, 
interventions, and events:

    1.  CMS and NCHS should provide, for general use, a mapping between 
SNOMED and both ICD-9-CM, and ICD-10-CM/PCS
    2.  CMS should require that all data specified for the reporting of 
newly mandated safety and safety measures should be submitted in SNOMED 
terms
Designated Mapping between SNOMED and ICD-9-CM and ICD-10-CM
    CMS and NCHS must help develop, certify and provide for use, an 
approved mapping of SNOMED codes to ICD-9-CM and ICD-10-CM. It is 
surely possible that more than one roll-up will be possible given the 
``multiple inheritance'' capability of SNOMED.\7\ Work is progressing 
on the mapping of SNOMED to ICD-9-CM, in the joint initiative of the 
NLM and HL7. Work should begin as soon as possible on ICD-10-CM as 
well. A mapping to ICD-10-PCS may also be considered, although it is 
not a necessary part of the diagnosis cross-mapping.
---------------------------------------------------------------------------
    \7\ Indeed, the fact that ICD only allows a condition to be 
assigned to one category is considered a valuable feature for purposes 
such as classification and grouping for reimbursement, in reality, 
conditions often have multiple characteristics and other aggregations 
may also be useful, not only for research, but also for practice. A 
bacterial infection of a heart value is both a heart condition and a 
bacterial infection. Metastatic liver cancer is not only a cancer but 
has multiple sites that may be characterized. SNOMED handles this kind 
of multiple characterization much more easily than do the ICDs.
---------------------------------------------------------------------------
    CMS and NCHS should, as well, take on the necessary calibration 
work to assure that in terms of payment and statistics, the disease 
profiles which result from the mappings to ICD-10-CM are consistent 
with those derived from ICD-9-CM. Not all health care organizations 
will be able to go to use of SNOMED at the outset and will likely 
prefer a more straightforward move to coding into ICD-10-CM. Provider 
organizations that want to move to automated problem lists which can be 
used directly by care providers and which can be linked to clinical 
advice/alerts and medical literature (creating the full cycle of 
evidence-based medicine), can be expected to enthusiastically embrace 
SNOMED-based problem lists. These organizations should be assured that 
any potential decreases in reimbursement due to the ability to provide 
additional detail should be neutralized initially and factored in over 
time. A potential source of revenue for handling any such gaps can be 
expected from decreases in ``fraud and abuse,'' which can result from 
differences in coding conventions between payers and providers. With a 
system based on SNOMED-level detail, disagreements over which category 
(ICD code) a condition should be assigned to will be eliminated by the 
explicit use of the actual description of the condition as the primary 
data entity. Only consequently will this detailed diagnosis be 
assigned--by means of a CMS-approved mapping--to an ICD-level category. 
Actual abuse will be actually documented and furthermore, will be 
internally testable, for instance, by the ability to compare a SNOMED-
coded diagnosis with a SNOMED-coded lab result to see if they are 
consistent. Systems will naturally evolve which internally check to 
assure that such inconsistencies are noticed and attended to.
Requiring Quality Indicators to be Submitted using SNOMED
    SNOMED has been designated by CHI as the preferred standard for use 
for most clinical reporting, and is mapped to LOINC and several nursing 
terminologies. In short, SNOMED contains the level of detail needed for 
the direct encoding of the details needed for the reporting of quality 
indicators. Neither ICD-9-CM or ICD-10-CM/PCS are capable of capturing 
this level of detail nearly as well as SNOMED. SNOMED, is based on a 
natural ordering, or ontology, which reflects the natural relationships 
among health-related entities (states of health and disease, symptoms, 
findings, events, interventions, medications, and all types of 
interactions with care providers). And it has the flexibility to be 
changed as the understanding of these relationships change--as they are 
certain to do, given the rapid advancement and restructuring of medical 
knowledge

ADDITIONAL BENEFITS
    Major new benefits and `freedom of (clinical) expression' will 
result from adopting this approach. Provider organizations will be free 
to implement EHR systems which use SNOMED as the foundation of all 
their information needs, enabling them to provide the highest quality 
patient-oriented care. Systems of medical advice and on-line access to 
medical knowledge, for patients and care providers alike, will be 
enhanced; and active quality and safety management can be integrated 
into systems rather than patched onto them. And yet it will still be 
possible for providers to submit the financial and administrative data 
required of them--only with less bureaucracy and duplication of effort, 
and a real savings of consumers' and tax payers' dollars. For years we 
have been moving deliberately to this new vista, and so many of the 
initiatives are ready to bloom. There is every reason to believe that 
we are at the verge of the emergence of the long-anticipated ``common 
language of medi-

cine'' which can make the new era of ``collaborative health decision-
making'' a reality rather than a dream.

                                 

    Statement of William Hogan and Vergil Slee, The Rods Laboratory
      (at the University of Pittsburgh), Pittsburgh, Pennsylvania

                                SUMMARY

    It would be a mistake to switch from ICD-9-CM to ICD-10-CM in the 
Medical Record Health Information System (MRHIS) \1\ at the present 
time.
---------------------------------------------------------------------------
    \1\ The MRHIS is the information system which originates with data 
in the medical records of hospitals and physicians' offices. It must 
first meet the needs of the physician as a memory and communication 
tool in care of the individual patient. Some medical record content is 
then used to support billing and to create statistics on health and 
healthcare.
---------------------------------------------------------------------------
    The resource expenditure required would present an unnecessary, 
perhaps insurmountable, obstacle to the efforts of the federal 
government to modernize the healthcare industry with information 
technology (IT), most especially the adoption by physicians of the 
electronic medical record (EMR).
    The claim that implementing ICD-10-CM is critical to 
biosurveillance for such threats as SARS and avian influenza is 
inaccurate--the public health reporting system does not use ICD-9-CM 
codes for this purpose.
    The basic problem that the healthcare system and the federal 
government need to address is that there is no standard set of codes 
for diagnosis INPUT. Our system is obsolete. It uses diagnosis OUTPUT 
codes \2\ for diagnosis INPUT --both ICD-9-CM and ICD-10-CM are OUTPUT 
codes.
---------------------------------------------------------------------------
    \2\ Output codes are codes which represent the labels of the 
categories of a classification which has been constructed for 
statistical purposes. Each diagnosis output category (code) contains a 
collection of the individual diagnoses which are its input. In both 
ICD-9-CM and ICD-10-CM, several hundred thousand specific diagnoses are 
collected into the few thousand categories of the classification. Most 
individual diagnoses, therefore, have no unique codes.
---------------------------------------------------------------------------
    Instead of switching to ICD-10-CM, we should develop and implement 
a modern system for diagnosis INPUT \3\ No system for this purpose 
exists today.
---------------------------------------------------------------------------
    \3\ Input diagnosis codes are codes which exactly represent 
diagnosis entities as expressed by the physician. The physician may or 
may not record a diagnosis using its ``preferred term;'' he may or may 
not even use a standard synonym. Following input, the computer system 
will add the ``standard code'' for the preferred term in order to 
facilitate finding it in all medical records.
---------------------------------------------------------------------------

                            OUR CREDENTIALS

    Willian Hogan, MD, MS is an Assistant Professor of Medicine in the 
School of Medicine of the University of Pittsburgh and a senior analyst 
in its Realtime Outbreak and Disease Surveillance (RODS) Laboratory. 
RODS carries out research under funding from DARPA, CDC, NLM, DHS, 
AHRQ, and NSF. Hogan has extensive experience in building 
biosurveillance systems, as well as conducting basic biosurveillance 
research. Prior to joining the RODS Laboratory in 2002, he worked at 
Health Language, Inc, where he gained expertise with vocabulary 
standards including ICD-9-CM and SNOMED. He is the expert on vocabulary 
standards at the RODS Laboratory, and led the effort at the RODS 
Laboratory to map proprietary codes used by eight hospital laboratories 
to LOINC \4\ and SNOMED CT for electronic laboratory reporting. He has 
written on vocabulary standards, biosurveillance, and the intersection 
of the two.
---------------------------------------------------------------------------
    \4\ LOINC--Logical Observation Identifiers, Names, and Codes.
---------------------------------------------------------------------------
    Vergil Slee, MD, MPH, FACP, FACHE (Hon) was responsible for the 
first deployment of ICD in hospitals as a tool for diagnosis indexing, 
a task for which ICD was admirably suited at that time (1955). In 1975 
he represented the U. S. at the WHO conference which designed ICD-9. In 
1976 he became President of the Council on Clinical Classifications 
which, in collaboration with the U. S. National Center for Health 
Statistics, developed ICD-9-CM (1978). He has analyzed ICD-10-CM 
(Reference 6) and has written extensively on the expanding demands on 
medical record information (Reference 7), demands which have destroyed 
ICD's suitability for diagnosis input.

                        STATEMENT OF THE ISSUE:

    The Federal government is being urged to replace ICD-9-CM diagnosis 
codes with ICD-10-CM diagnosis codes in the Medical Record Health 
Information System (MRHIS) \5\ This system uses medical record data for 
three major purposes:
---------------------------------------------------------------------------
    \5\ NOTE RE PROCEDURE CODING: Proponents of the switch to ICD-10-CM 
imply that it would also require the switch, for hospital inpatient 
records, from Volume 3 of ICD-9-CM to ICD-10-PCS (which was written by 
3M under contract from HHS). Procedure coding is a separate issue from 
diagnosis coding. No simultaneous switch is necessary; the system could 
stay with the present procedure coding or consider the procedure coding 
available with SNOMED CT (Standardized Nomenclature of Human Medicine--
Clinical Terminology). SNOMED CT is a reference terminology developed 
and maintained by the College of American Pathologists (CAP). SNOMED CT 
has been made available to the healthcare system by HHS under a 
contract with CAP.
---------------------------------------------------------------------------
    PRIMARY PURPOSE: Patient care. The medical record's primary, 
nonnegotiable purpose is to be the memory and communication tool for 
the physician. It has no substitute for the care of the individual 
patient.
    SECONDARY PURPOSES: (1) Billing and (2) Statistics on health and 
health care.

                              BASIC FACTS:

    Two essential facts about the MRHIS must be included in discussing 
the question of switching from ICD-9-CM to ICD-10-CM:
    For patient care, the physician must have diagnoses in their 
greatest detail.
    For billing and statistics, diagnoses must be grouped.
    ``ICD coding,'' the coding used in the MRHIS, is category 
coding,\6\ which captures only the labels of the groups (categories) in 
a clinical modification of ICD. The ICD series \7\ was designed for the 
OUTPUT of data for statistics (and, in the U. S., the clinical 
modification (CM) is essential for billing). The ICD series was never 
intended for INPUT, the purpose for which we (mis)use it. The precise 
diagnoses are simply discarded, except in the rare instance where a 
category has only one diagnosis (see the illustration on page 8). The 
result is that ICD coding--category coding--is not useful for the 
physician in the care of the patient.
---------------------------------------------------------------------------
    \6\ Category coding of diagnoses is coding in which each code 
(number) represents (the title of) a category of diagnoses, e.g., 
``Other diseases of the liver.'' In category coding, the coding of the 
diagnosis itself and its classifying are combined into one step.
    \7\ ICD, the International Classification of Diseases, is a serial 
publication of WHO. The U.S. created ICD-9-CM (a clinical modification, 
CM) in 1978 for use in hospitals and doctors' offices. ICD-10-CM based 
on ICD-10, first edition (1992), is now in draft in a version dated 
June 2003. WHO issued a second edition of ICD-10 in 2004. Presumably 
the U. S. ICD-10-CM would have to be made to correspond with each new 
edition.
---------------------------------------------------------------------------
    Category coding has an especially pernicious effect for statistics. 
The coded data are already aggregated, and aggregated data can never be 
disaggregated--they can only be combined into larger groups (such as 
DRGs). This means that our health care system is in a ``one-size-fits-
all'' situation and must use the same statistics for such disparate 
purposes as public policy, quality review, facility management, and 
evidence-based medicine. Common sense dictates that each of these uses 
has unique information demands and should have its own grouping of 
diagnoses. We propose a solution below.

                  SWITCHING FROM ICD-9-CM TO ICD-10-CM

    Proponents of switching argue that switching is a cost-effective 
and necessary step to modernize our healthcare information system, that 
we must keep in step with other nations for international comparisons 
of morbidity, and that ICD-10-CM is more up-to-date, has more room for 
``things,'' can more easily accommodate new diseases such as SARS, and 
is better suited to biosurveillance for terrorist and emerging disease 
threats.
    UP TO DATE: ICD-9, the parent of ICD-9-CM, was written in 1975 and 
ICD-9-CM was put into use in 1978. ICD-10 was written in 1989 and 
published in 1992. ICD-10-CM is still in draft form. The U.S. agreement 
with the World Health Organization (WHO) (the author of the ICD series 
of classifications) states that any clinical modifications (CM 
versions) must be ``collapsible'' back into the categories of ICD 
itself, which greatly reduces our freedom to keep it current with 
medical progress.
    LACK OF SPACE: A second argument is that ICD-9-CM has few remaining 
codes to assign to new diagnoses. Actually it uses only about 13,000 
codes out of the over 100,000 permitted by its structure. The problem 
is that it uses an antiquated code structure, where the code indicates 
the location of a category in a hierarchy of categories.\8\ Modern 
computer methods do not require that codes be in such a numerical 
hierarchy. ICD-10-CM (2003 draft) has 67,000 codes, and thus one might 
expect that it has more clinically relevant detail, but this number is 
misleading. For example, one category, Code S82 Fracture of lower leg, 
including ankle, with its mandatory extensions, accounts for 3,248 of 
the codes in this count.
---------------------------------------------------------------------------
    \8\ ICD-10- and ICD-10-CM maintain this antiquated hierarchical 
code structure, but have a higher number of possible codes. Depending 
on how our knowledge of disease increases, ICD-10 could also eventually 
``run out of codes'' in some parts of its category hierarchy.
---------------------------------------------------------------------------
    NEW DIAGNOSES: We have no system for promptly coding new conditions 
such as avian influenza, SARS, and Gulf War Syndrome (real or 
suspected) with ICD-9-CM, nor would we with ICD-10-CM. For example, 
there were no ICD-9-CM codes for SARS until October 1, 2003, nearly 3 
months after the WHO lifted all its travel advisories and considered 
the outbreak under control. Nor is the system ready to uniquely 
identify avian influenza. The inability of a category coding system to 
classify new entities is due to the necessity of deciding what they are 
before deciding where to put them in the classification. There are also 
the requirements that a committee make the decisions, and that changes, 
which must be implemented first by human coders dispersed throughout 
the nation, are only made once a year.
    INTERNATIONAL MORBIDITY DATA: The U. S. is under no obligation to 
use ICD for anything other than mortality data. In personal 
communication with Dr. Slee, a WHO statistician stated that for 
virtually all international morbidity studies, special data collection 
is required.
    BIOSURVEILLANCE: Proponents of ICD-10-CM argue that it is essential 
to make the switch to have better disease surveillance for terrorist 
and emerging infectious disease threats. However, the current 
biosurveillance system makes little use of even ICD-9 codes for 
detecting disease outbreaks. When physicians, hospitals, and 
laboratories report notifiable diseases to public health, they do not 
use (nor are they required to use) ICD-9-CM codes. Influenza 
surveillance relies in part on mortality statistics (which are 
retrospective, of course), but mortality statistics are already 
compiled using ICD-10 (not ICD-10-CM) codes. We have already noted the 
inadequacy of ICD-9-CM for accommodating emerging disease threats such 
as SARS.
    In view of these facts, the arguments as to advantages of ICD-10-CM 
over ICD-9-CM lose a great deal of their weight.

                           FINANCIAL IMPACT:

    MONETARY COSTS: Two estimates have been made of the cost of 
switching to ICD-10-CM from ICD-9-CM. The RAND Corporation figure, for 
the Centers for Disease Control, was from $425 million to $1.125 
billion over 10 years. The Robert E. Nolan Company figure, for the Blue 
Cross Blue Shield Association, was from $6 billion to $14 billion over 
2-3 years. The higher figures are likely to be more accurate, because 
Nolan based its estimates on similar information technology conversions 
in the past, namely actual costs to the healthcare system of the year 
2000 (Y2K) remediation and Health Insurance Portability and 
Accountability (HIPAA) compliance. Nolan also gave some details of 
actual costs incurred by Canada, Australia, and the United Kingdom 
during their switch to ICD-10.\9\
---------------------------------------------------------------------------
    \9\ Canada created and implemented its own modification of ICD-10 
called ICD-10-CA. Similarly, Australia created and implemented ICD-10-
AM. The U.K. uses ICD-10 for morbidity with no modifications. Note that 
each has used a different version of ICD-10, thus making international 
comparisons far more difficult than if the same code version (clinical 
modification) were used.
---------------------------------------------------------------------------
    Regardless, the switch would require the commitment of human and 
financial resources which would thus not be available for solving the 
underlying problem with health care information: we use diagnosis 
output codes for diagnosis input. Detailed diagnosis input is a 
building block on which the entire MRHIS must be (re)built. It is 
critical that the healthcare system and the federal government devote 
resources to the solution of this problem, as we discuss below.
    SAVINGS: The most optimistic estimate of the benefit of switching 
to ICD-10-CM is $7.7 billion over 10 years (Rand). By contrast, the 
projected savings to the healthcare system of a national health 
information network (NHIN), as envisioned by the Office of the National 
Coordinator for Healthcare Information Technology (ONCHIT), is $337 
billion over the first 10 years, and $77.8 billion per year thereafter 
(Reference 1). This estimate assumes the use of the EMR, the adoption 
of which requires diagnosis input codes in place of ICD-9-CM codes.\10\ 
Importantly, none of the benefit of NHIN results from switching to ICD-
10-CM.
---------------------------------------------------------------------------
    \10\ The ICD-9-CM coding would continue, however, since it is at 
the heart of the billing process, and financial stability must be 
maintained.
---------------------------------------------------------------------------
    BUILDING NHIN: Achieving this goal would be seriously delayed. In 
the event of a switch to ICD-10-CM physicians would have to give the 
new code system priority over the EMR so that they could maintain 
revenue. Health plans considering financial incentives to physicians 
for adopting EMRs would have to divert resources to the ICD-10-CM 
switch. Hospitals, health plans, physicians, and state governments 
would all have fewer resources to devote to developing health care data 
exchange.
    INFORMATION COSTS: The costs of the switch in its effects on health 
and healthcare information cannot be predicted, but they may well be, 
in the long run, more important than money. One particular effect:
    Longitudinal studies (studies which cross the date on which 
classifications change, e.g., from ICD-9 to ICD-10) usually are 
seriously disrupted and often have to be abandoned. Disturbance of such 
studies costs money as well as information. To illustrate with one such 
study:
    ICD-10 has been used for U.S. mortality tabulations effective with 
1999 death certificates. In Florida, the AIDS death rate, which had 
been declining by about 6% per year until 1999 took a sudden rise of 
about 6% in that year. Investigation showed that this 12-13% jump was 
entirely due to the coding change; the true trend had been badly 
distorted (See Reference 2).
    INFORMATION QUALITY: Information quality always sags, often for 
several years, simply as the result of changing coding (the effects are 
prolonged by the fact that implementation cannot be achieved on a 
single date; all elements of the system, from coders, through 
computers, must be up to speed before the system becomes reliable).
    HOSPITAL AND PHYSICIAN REIMBURSEMENT: Our reimbursement system is 
in financial equilibrium. Any change in coding would require 
recalibration, involving collection of both medical and financial 
information on huge numbers of patients (enough to give statistical 
validity to each DRG, for example), and parallel operation of both the 
old and the new systems until reliability could be guaranteed. This is 
truly a non-trivial aspect of switching.
    MODERNIZATION OF THE MRHIS: The switch would delay attention to 
actually modernizing the system, as outlined below.

                       MODERNIZATION OF THE MRHIS

    We contend that we should not try to put a ``band-aid'' on our 
obsolete MRHIS. Instead, we should develop the missing component, a 
system for INPUT of diagnoses, and bring the system up to 21st century 
standards. Modernization should start with these steps:

    1.  DELAY THE SWITCH to ICD-10-CM: We should continue to use ICD-9-
CM, modifying it as necessary for the reimbursement system, in order to 
free the resources, human and financial, needed to modernize the 
system.
    2.  DEVELOP A CODED DIAGNOSIS INPUT SYSTEM: Add diagnosis entity 
coding \11\ to the medical record.
---------------------------------------------------------------------------
    \11\ Diagnosis entity coding, necessary to modernize MRHIS, is 
coding in which each code represents an individual diagnosis entity. 
The diagnoses can, with this coding, be placed in ANY classification, 
e.g., ICD-9-CM, ICD-10-CM, or policy, planning, or research groupings.

    It is a basic principle in science that original observations--in 
this instance, original medical records--should be preserved 
permanently, without alteration, in order to permit review and further 
analysis as needed. Preserving diagnoses only after they have been 
placed in groups and have lost their individual identity, as we do 
today with category coding input, is a gross violation of this basic 
principle. The practice is an embarrassment and should be stopped 
immediately. Entity coding would permanently preserve the original 
diagnoses.
    The needed input system would be simple and user-friendly for the 
physician--with no look-up or coding required. This would demand three 
critical attributes. The system would
    a. Accept natural language input for any term the physician wishes 
to use (See Reference 8 which discusses ``free vocabulary'' and 
References 3 and 4 which discuss the need for an ``interface'' 
vocabulary for users of EMRs).
    b. Map, by computer, this free language term to a standard 
vocabulary such as SNOMED CT. (SNOMED CT is a reference terminology for 
well-studied conditions, not an input terminology, although its 
preferred terms are, of course, often those the physician normally 
uses.)
    c. Provide instant, ``realtime'' codes for new diagnoses such as 
SARS--coding for new terms is delayed in the present system for months 
or years, as was the case with AIDS.
    3. DEPLOY THE INPUT SYSTEM:  Make the entity diagnosis coding 
system freely and readily available to all elements of health care.

                  ADVANTAGES OF THE MODERNIZED SYSTEM

    The modernized system would

    1.  Provide physicians the detailed diagnoses they need for patient 
care.
    2.  Remove a major barrier to acceptance of the EMR.

                                 

                                   America's Health Insurance Plans
                                               Washington, DC 20004
                                                      July 26, 2005
The Honorable Nancy Johnson Chairman
Subcommittee on Health
House Ways and Means Committee
1136 Longworth Building Washington, D.C. 20515

Dear Madam Chair:

    On behalf of America's Health Insurance Plans (AHIP), I am writing 
to submit testimony for your subcommittee's July 27 hearing on health 
information technology.
    AHIP and our members are committed to playing a leadership role in 
developing an interconnected health care system--based on voluntary, 
national, uniform standards--in which consumers and providers have 
access to patient-owned Personal Health Records (PHRs) that provide 
integrated health information, from all clinicians and all settings of 
care, in a usable form and in a timely manner. Our testimony focuses on 
several key areas:

      opportunities to deploy health information technology to 
improve quality, value and efficiency for health care consumers;
      the role health insurance plans are playing in advancing 
health information technology through the Ambulatory Care Quality 
Alliance (AQA) and other initiatives; and
      the importance of establishing consumer-centric Personal 
Health Records (PHRs) that are fully compatible with Electronic Health 
Records (EHRs).

    We are pleased that health information technology has been the 
focus of bipartisan legislation in both chambers of Congress. At the 
same time, we have serious concerns about one proposal addressed by 
several pending bills. Specifically, we strongly oppose provisions that 
would relax the federal fraud and abuse laws for the purpose of 
allowing hospitals to support physician use of health information 
technology. We are concerned about the unintended consequences of tying 
physicians to hospitals financially through equipment subsidies or 
electronic record sharing. Moreover, the ability of physicians to 
cooperate with other providers--and deliver services in a range of 
hospitals--may be hindered if they become dependent on a hospital-based 
information sharing network.
    Another concern is that the proposed exceptions could 
unintentionally lead to local information sharing programs that are 
isolated and impede the development of the interconnected system that 
is needed to exchange information across the country. We believe that 
creating new exceptions to the current fraud and abuse laws is not only 
unnecessary, but will undermine the integrity of the existing 
regulatory framework.
    Thank you for considering our concerns on this issue. We also 
appreciate this opportunity to submit testimony on the broader issue of 
advancing an interconnected health care system to improve the delivery 
and quality of health care in America.
            Sincerely,
                                                      Karen Ignagni

                                 

     Statement of Rebecca Marshall, American Academy of Pediatrics,
                      Elk Grove Village, Illinois
Introduction
    This statement is submitted on behalf of the American Academy of 
Pediatrics (AAP), an organization of 60,000 primary care pediatricians, 
pediatric medical subspecialists, and pediatric surgical specialists 
who are dedicated to the health, safety, and well being of infants, 
children, adolescents, and young adults. The AAP would like to thank 
the House Committee on Ways and Means for the opportunity to submit a 
statement for the record on congressional involvement to further the 
adoption of health information technology (HIT).
Key Principles
    In January 2005, the AAP joined with the American Board of 
Pediatrics, the Child Health Corporation of America, and the National 
Association of Children's Hospitals and Related Institutions to develop 
the following key principles of a National Health Information 
Infrastructure:

    1.  Every child should have a personal electronic health record 
that is available 24 hours a day, 7 days a week, in whatever location 
is necessary to provide care to the patient. If regional networks are 
formed to facilitate the sharing of data within a community, it is 
crucial that these networks be built using the same national standards 
for data, functionality, and transmission so that patient information 
may be shared across networks when necessary.
    2.  All information systems must be built on national standards for 
both data and functionality. The Health Level 7 (HL7) EHR Draft 
Standard for Trial Use, its accompanying standards, and future versions 
should be adopted in all health care settings, including hospital, 
ambulatory care, and public health. The use of controlled medical 
terminology should be encouraged in the design of any data structure.
    3.  A standard method of transmission of data among information 
systems must be established.
    4.  All information systems and procedures for data transmission 
must protect the privacy and integrity of patient data through 
compliance with the Privacy and Security Rules of the Health Insurance 
Portability and Accountability Act (HIPAA) of 1996. Systems must also 
be flexible enough to enable more stringent controls where required by 
law. Data sharing will require national standards for authentication of 
users and verification of access rights, and must support audit tools.
    5.  The availability of planning and implementation grants to begin 
building local networks based on national standards and including all 
health care providers would greatly improve the speed at which the NHIN 
will develop.

    These key principles highlight the need for national standards for 
data, functionality, transmission, and vocabulary so that a patient's 
electronic health record is accessible wherever it is needed, whenever 
it is needed.
Resource Challenges
    It is well known that one of the greatest challenges in encouraging 
physician adoption of HIT is the misalignment of incentives. 
Pediatricians wishing to implement EHRs face additional challenges.

    1.  Children, who are generally healthy, account for less than 12% 
of personal health care spending. Therefore, market incentives have not 
compelled private industry to focus on the unique IT needs of the 
health care of children. As a result, the development of IT focused on 
children's health care progressed more slowly than in other areas. 
Where it does exist, the provider must have the resources to develop 
customized IT systems. Of the pediatric dollars spent, 80% are 
generated by children with special healthcare needs (who in turn 
constitute approximately 16% of the pediatric population).i 
This figure supports the need for financial incentives for systems that 
improve care for the most medically complex children. In addition, 
since these children are living longer, adult systems will eventually 
need to handle the same functions in order to care for patients who 
transition out of pediatric care.
---------------------------------------------------------------------------
    \i}\Health Care Financing Review/Web Exclusive/December 2, 2004, 
Volume 1, Number 1, page 2.
---------------------------------------------------------------------------
    2.  Because pediatric evaluation and management services are often 
compensated at lower rates than the equivalent adult services or 
procedures, children's doctors--pediatricians and family physicians--
often are unable to invest either the money or time required to obtain 
and use IT appropriately.
    3.  Because pediatricians do not make frequent use of transcription 
and often practice in solo practice or small groups, the usual 
components of return on investment (reduced transcription costs and 
reduced staff support) either do not apply or apply only marginally to 
practices, making investment in an EHR difficult to recoup.
    4.  To date most public resources for IT development have been 
focused on the Medicare population, with quality improvement efforts 
focused on adult measures. This leaves physicians who care for children 
at a disadvantage, since there are only approximately 12,000 pediatric 
Medicare beneficiaries, and risks allowing market forces to drive EHR 
development based almost exclusively on adult care.
Recommendations
    In order to encourage adoption of HIT without impeding progress 
already being made, Congress should:

    1.  Ensure that the Office of the National Coordinator for Health 
Information Technology receives sufficient funding to continue its 
work.
    2.  Allow for licensing and support of national health information 
standards identified by the Department of Health and Human Services.
    3.  Provide funding to support activities of standards development 
organizations, which often rely on volunteers for labor-intensive 
development, refinement, and maintenance of standards.
    4.  Ensure that legislation impacting healthcare quality 
improvement activities and incentives for HIT adoption apply to 
Medicaid and SCHIP populations, in addition to Medicare.
    5.  The Stark laws and anti-kickback legislation should be relaxed 
to allow for data-sharing between the hospital and the ambulatory 
practice. In addition, since large medical centers typically have 
financial and other resources for development of clinical information 
technology that small, ambulatory practices do not, there should be 
some provision for sharing of those resources to assist local providers 
in accessing the RHIO.

    In conclusion, the American Academy of Pediatrics fully supports 
efforts to speed the adoption of electronic health records across the 
nation. The Academy is heavily involved in clinical information 
technology standards-setting and in assisting its members as they make 
this transition. The fate of our children's healthcare is at stake. We 
are available to answer any questions you may have regarding this very 
important subject, especially as it relates to children. The Academy 
appreciates your efforts, which will assist our members and all those 
who care for children in improving health care quality and safety.

                                 

Statement of Jane M. Orient, M.D., Association of American Physicians & 
                       Surgeons, Tucson, Arizona
    Madame Chairman and Members of the Committee:
    The Association of American Physicians and Surgeons was founded in 
1943 to preserve private medicine. We represent thousands of physicians 
in all specialties nationwide, and the millions of patients that they 
serve. I am the executive director, and a practicing internist in 
Tucson, Arizona
    Nine years ago, President Bill Clinton signed into law the Kennedy-
Kassebaum bill, also known as the Health Insurance Portability and 
Accountability Act of 1996 (HIPAA). It was the end product of three and 
a half contentious years of White House and Congressional horse-
trading. These efforts resulted in new laws that were supposed to make 
health insurance easier to purchase, with the capability to follow a 
worker from one job to another, with policies more responsive to the 
needs of patients, doctors and hospitals. It was also supposed to help 
38 million Americans obtain health insurance.
    There are now an estimated 45 million uninsured Americans, 
according to the U.S. Census Bureau and other government sources. 
Premium increases grew by 8% in 2000, 11% in 2001, 13% in 2002 and 14% 
in 2003. We now spend an estimated $480 billion annually on U.S. health 
care, according to the Robert Wood Johnson Foundation.
    We believe that this situation is in large part the unintended 
consequences of HIPAA. Additionally, many of the rules of HIPAA 
continue to erode the quality of health care, add to the cost of 
medical and administrative services, and undermine the patient-
physician relationship.
    Rather than making medical care portable and more accountable, 
HIPAA has apparently laid the foundation for a one-size-fits-nobody 
national health insurance program. Reliance on the Internet and an 
interoperable technology system may promise cost-savings to the federal 
government and certain third-party payers, but it will add enormous, 
unsupportable costs to private practitioners and small facilities. 
Moreover, many physicians fear that the establishment of an Internet-
based health information infrastructure will enable facilitate, or even 
lead inexorably to an effective hostile government takeover of American 
medicine.
    One of the objectives of HIPAA is the creation of a mandatory 
electronic coding, tracking and surveillance system that would use a 
uniform set of codes for every single medical procedure. Every doctor, 
hospital and clinic would be required by law to submit these coded 
procedures so that diseases could be tracked and ``quality'' could be 
monitored. Even if proponents deny that a national database would be 
established, the existence of multiple, interoperable databases would 
be its functional equivalent. In other words, everyone's personal 
medical history, including the most sensitive and intimate records, 
would be accessible on the ``worldwide web'' to persons unknown to the 
patients, with unpredictable and potentially devastating effects.
    Back in 1996, when the ``Information Superhighway'' began 
electronically linking all of humankind, it was paved with fiber optics 
that led to high-speed modems. There were no visible potholes, viruses 
or worms, and just a few annoying pop-ups. The Internet looked like the 
answer to our dreams of a modern world, but it has become a dangerous 
place for storing personal records of any kind.
    One only needs to consult the Congressional Record of June 23, 2004 
to better understand the intent and scope of medical information 
technology: Upon introduction of his Health Care Modernization, Cost 
Reduction and Quality Improvement Act of 2004, legislation (S. 2421, 
108th U.S. Congress) amending HIPAA and the Public Health Service Act, 
Sen. Edward Kennedy explained his vision for medical information 
technology:
    ``The legislation we are introducing is an effective way to 
modernize and improve the health care system, by using modern 
information technology, by paying for value and results [emphasis 
added] and not simply for procedures performed or patients admitted to 
hospitals, and focusing in improving quality and preventing disease,'' 
Kennedy explained to his colleagues.
    In one paragraph, Kennedy proposed that what was supposed to be a 
way to help seniors pay their medical bills into a command-and-control 
economy directed from Washington. His assumption that government knows 
enough to define ``value and results'' and should have the authority to 
deny payment for services rendered in good faith illustrates immense 
chasm of understanding of American health that currently exists between 
the U.S. Senate and the practitioners of modern medicine
    The government takeover begins with so-called Pay-for-Performance 
(Pay-for-Conformance really) within the Medicare program. Doctors would 
not be allowed to participate in Medicare unless they met all the 
information technology requirements proscribed by the U.S. Congress.
    But that is just the camel's nose! Even if in compliance with the 
electronic requirements, doctors would only be paid for what 
bureaucrats decide should be done, under what circumstances, for whom, 
and with what results--in other words only for care that follows 
government ``guidelines.'' (These will be ``voluntary,'' so physicians 
will be responsible for any untoward consequences, but any 
``deviation'' will have to be justified or punished.) If paid only for 
``successful'' outcomes, physicians who desired to remain financially 
solvent might be forced to restrict their practice to patients with a 
relatively good prognosis, who are inclined to follow doctor's orders.
    Under the guise of streamlining the practice of medicine by 
discouraging any procedures that computers might be able to identify as 
defensive medicine, Pay-for-Performance becomes an obstacle to medicine 
tailored to the needs of individual patients by focusing only on pre-
approved procedures for specific treatments and illnesses.
    The electronic surveillance of medicine would make it that much 
easier for trial lawyers to sue doctors, and doctors who would no 
longer be paid for defensive medical practices. Under Kennedy's 
proposal, doctors would not be paid for anything but results
    If the House Ways & Means Committee and the U.S. Congress intend to 
reduce medical costs, increase quality, and eliminate needless tests 
and administrative overhead, a good first step would be to complete 
work on long-overdue and badly needed caps on monetary awards for 
``pain and suffering,'' limits on contingency fees that lawyers charge, 
and penalties for filing unfounded lawsuits.
    Instead, the federal government may require use of the Internet to 
expose private medical records, monitor medical procedures, and dictate 
the day-to-day operations of doctors' offices, hospitals, and 
pharmacies.
    The government-dictated medical information technology movement and 
the intrusive, restrictive central planning in American medicine that 
it would foster would render the practice of modern medicine as we know 
it today virtually impossible. The quality and privacy of medical care 
would suffer, as well as availability, because many excellent 
practitioners are likely to become demoralized and withdraw from active 
practice as soon as possible, unwilling to perform under constant 
surveillance by bureaucrats. Advancements in medical technology and 
groundbreaking treatments for disease would become nonexistent, because 
the federal government would control all financial incentives for 
medical research and development.
    As the members of this Committee debate the broader issues of 
medical information technology, and the potential for cost-savings for 
government programs like Medicare and Medicaid, please keep foremost in 
your mind the need to protect the sacred relationship between 
physicians and their patients. In this 109th U.S. Congress, doctors and 
their patients are facing a deluge of punitive and doctrinaire 
regulatory proposals including the failure to reform medical liability 
laws, moratoriums on physician financial interest in specialty 
hospitals, information technology requirements for physicians 
participating in Medicare, and now the proposed assault on the actual 
practice of medicine--pay-for-performance.
    The Association of American Physicians and Surgeons is urging 
restraint, reflection and reassessment of the use of relatively novel 
information technology and its relationship with government programs 
and federal and state spending on health care. Forcing technology on 
medicine by top-down central planning risks an end to advancements in 
information technology, as outmoded, inappropriate, cumbersome systems 
are imposed. Physicians and medical facilities will voluntarily adopt 
technology as they find it serves their patients well, just as they 
have been quick to use new imaging technology, surgical procedures, and 
medications.
    Please do all you can to roll back destructive federal interference 
in medicine, so that those with actual knowledge of medicine and of 
their patients can do their jobs efficiently, economically, and 
privately. At least, stop adding new burdens to a system already 
overloaded by counterproductive regulation.

                                 

   Statement of Robin J. Thomashauer, Council for Affordable Quality 
                               Healthcare

    The Council for Affordable Quality Healthcare (CAQH) is an 
unprecedented alliance of the nation's leading health plans, networks 
and industry trade associations (see Appendix) working collaboratively 
to help improve the healthcare experience for consumers and providers. 
Our members, who provide healthcare coverage to more than 50 million 
Americans, are strongly committed to developing and implementing 
programs that reduce administrative burdens for physicians and patients 
and improve quality of care. On behalf of its Board of Directors and 
members, we appreciate the opportunity to submit a written statement 
for consideration by the U.S. House Ways and Means Committee for 
inclusion in the printed record of the Subcommittee on Health July 27, 
2005 Hearing on Health Care Information Technology.
    The purpose of this statement is to make the committee aware of a 
public-private, multi-stakeholder initiative that is currently 
developing an approach to promote and facilitate interoperability 
between health plans and providers. Facilitated by CAQH, the initiative 
is called the Committee on Operating Rules for Information Exchange or 
CORE.

Interoperability
    The benefits of an interoperable healthcare system are well 
understood. However, technology adoption rates, data security, and 
inconsistency associated with transactions between health plans and 
providers have made interoperability in the healthcare arena extremely 
difficult. No quick, effective mechanism exists today for provider 
practices to access consistent patient administrative data--plan 
coverage, co-pays, deductibles, etc. Furthermore, the information that 
is available varies from plan to plan, requiring provider office staff 
to spend hours of time on the phone or Web tracking down information. 
It is estimated that the cost of this administrative work runs in the 
millions of dollars per year. Incomplete or incorrect data has often 
been cited as a significant cause of denied claims by insurers. CAQH 
and its members strongly believe that interoperability between 
providers and plans is critical to advancing improvements in healthcare 
data transactions.

The Banking Industry Model
    After conducting extensive research on the best approach for 
facilitating interoperability, CAQH determined that a solution could be 
found in the banking industry. In that sector, electronic data exchange 
rules--embraced by the industry--has made ATM transactions and direct 
deposits an everyday occurrence. Throughout 2004, CAQH worked with 
NACHA, The Electronic Payments Association, and other experts in the 
banking field to develop an organizational structure by which all 
appropriate stakeholders could participate in an initiative to bring 
interoperability to healthcare. NACHA establishes and enforces the 
standards, rules and procedures that enable financial institutions to 
exchange payments on a national basis through the ACH (Automated 
Clearing House) Network. CAQH drew on the organization's more than 30 
years of expertise in developing operating rules for the financial and 
energy industries.

Committee on Operating Rules for Information Exchange (CORE)
    CORE is the result of the collaboration between CAQH and NACHA. 
Launched in January 2005, CORE is bringing together industry 
stakeholders to build consensus on a set of operating rules that will 
govern eligibility and benefits data exchange. It is important to note 
that the initiative is solely focused on developing operating rules and 
not software solutions. CORE believes that industry vendors, including 
those currently participating, will develop software products that 
adhere to the operating rules and enable consistent data exchange.
    Based on that focus, CORE is working to

      Identify common business practices between trading 
partners that will facilitate ease of information exchange and 
influence the simplification of data exchange between disparate 
processing systems by supporting the identified common business 
practices
      Ensure all recommendations are independent of any 
technology or vendor solution
      Interact with standard setting bodies to facilitate 
business rules enhancements (CORE rules will be built on existing HIPAA 
standards)
      Define clear roles and responsibilities for all 
stakeholders: technology solution vendors, payers (public and private) 
and their trading partners, business associates of trading partners and 
clearinghouses, and providers
      Identify key changes that must be made by trading 
partners
      Suggest migration steps to promote successful adoption of 
CORE operating rules
      Promote and encourage voluntary adoption of the rules 
with tools and support
      Support HHS national health information network Guiding 

Principles
      Report and monitor successes and status of mission by 
participating entities and provide tools and assistance, where 
possible, to assist in the implementation of CORE's mission, vision and 
strategy

A Phased Approach
    CORE was envisioned as a multi-phase initiative (see timeline 
below). Stakeholders strongly believed that a process allowing 
meaningful but achievable initial results was particularly important. 
Therefore, its first set of operating rules, slated for rollout in 
early 2006, will help standardize delivery of the following set of data 
to providers:

      Determine which health plan covers the patient
      Determine patient benefit coverage
      Confirm service type
      Confirm the patient's copay amount (as defined in the 
member contract)
      Confirm the patient's coinsurance level (as defined in 
the member contract)
      Confirm the patient's base deductible levels (as defined 
in the member contract)

    Initial CORE efforts (Phase I) are building on applicable HIPAA 
eligibility transaction requirements. Going forward, CORE will create 
rules for additional components of eligibility transactions, such as 
the amount the patient owes for services, what amount the health plan 
will pay for authorized services and coordination of benefits, 
enrollment/ disenrollment and claims status, prior authorization and 
referrals. CORE's long-term aim is to standardize a comprehensive set 
of patient administrative data, greatly decrease data request response 
times and eliminate phone calls and website searching to track down the 
information.

CORE Participation
    CORE participation is open to every organization that has an 
interest in eligibility transactions. To date, the initiative has 
succeeded in attracting nearly 70 industry stakeholders. These include 
health plans, providers, vendors, CMS and other government agencies, 
associations, regional entities, standard setting organizations and 
organizations from the banking industry (see Appendix).
    Participating organizations are contributing input on the operating 
rules by serving on CORE's Steering Committee and/or its three work 
groups.
    Steering Committee--Accountable for CORE strategic oversight and 
creation of a long-term vision with objectives and implementation time 
frames.
    Policy Work Group--Developing CORE policies and procedures, such as 
a contractual participant ``pledge'' that states commitment to comply 
with CORE operating rules.
    Technical Work Group--Determining the technical specifications for 
CORE.
    Rules Work Group--Writing the detailed business rules that will be 
reviewed by the Steering Committee and voted on by CORE members.

CORE Timeline
    The initiative is on track to finalize Phase I rules and policies 
by year-end and encourage participant implementation in 2006. All 
participating organizations recently received a Mid-year Communication 
Package, which included ``strawman'' drafts of the CORE Phase I rules, 
such as the CORE pledge and standards for response times. The rules 
will be completed and tested by the end of 2005.
    CORE's three phases are scheduled as follows:

Phase 1: 2005--Early 2006
      Establish CORE Vision, Steering Committee and Work Groups
      Create operating rules for selected patient eligibility 
and benefits data elements and create a formal methodology to gain 
market commitment and adoption
Phase II: 2006--2007
      Promulgate and promote adoption of CORE Phase I operating 
rules
      Identify other opportunities to enhance market adoption 
and industry support for interoperability among trading partners
      Create rules for additional components of eligibility 
transactions, such as the amount the patient owes for services, what 
amount the health plan will pay for authorized services and 
coordination of benefits
      Create rules for other business transactions, which may 
include enrollment/ disenrollment and claims status
Phase III: 2007 and Beyond
      Promulgate and promote adoption of CORE Phase II 
operating rules
      Identify other opportunities for enhanced 
interoperability among trading partners
      Create rules for other business transactions, which may 
include prior authorization and referrals
In Conclusion
    CAQH, its Board and members and all CORE participants support an 
interconnected healthcare system that allows for real-time, 
standardized, quality data exchange among all stakeholders. We are 
committed to playing a leadership role in achieving that system. And we 
believe that the time to pursue that goal is now and feel certain that 
CORE will make a significant contribution.
    As Congress works to address the many issues surrounding healthcare 
IT, we are eager to offer our assistance. CAQH looks forward to a 
continuing dialogue with committee members on modernizing the 
healthcare system.

                                 

     Statement of Richard Trachtman, American College of Physicians

    The American College of Physicians (ACP)--representing 119,000 
physicians and medical students--is the largest medical specialty 
society and the second largest medical organization in the United 
States. Internists provide care for more Medicare patients than any 
other medical specialty. Of our members involved in direct patient care 
after training, 50 percent are in practices of 5 or fewer physicians 
and 66 percent are in practices of 10 or fewer. We congratulate 
Subcommittee Chairman Nancy Johnson and Ranking Member Pete Stark for 
recognizing the importance of moving toward an interoperable health 
information technology infrastructure and the crucial role the federal 
government has in assisting the health care industry acquire and 
utilize information technology. Thank you for holding this important 
hearing on congressional involvement in speeding the adoption of health 
information technology.

Background
    In the Institute of Medicine's (IOM) 2001 Report, ``Crossing the 
Quality Chasm--A New Health System for the 21st Century,'' the authors 
describe the growing disparity between society's willingness to embrace 
the advantages of information technology in many aspects of everyday 
life, with the exception of health care. The IOM report cautions, 
however, ``In the absence of a national commitment and financial 
support to a build a national health information infrastructure--the 
progress of quality improvement will be painfully slow.'' \1\ Since 
that time, numerous studies and other policy experts agree that the 
full adoption and utilization of health information technology (HIT) 
can revolutionize health care delivery by improving quality of care and 
reducing high medical costs.
---------------------------------------------------------------------------
    \1\ Institute of Medicine, Crossing the Quality Chasm--A New Health 
System for the 21st Century, March 2001, and U.S. Department of Human 
Services, Information for Health: A Strategy for Building the National 
Health Information Infrastructure, Report and Recommendations from the 
National Committee on Vital and Health Statistics, November 15, 2001.
---------------------------------------------------------------------------
    Meanwhile, Congress and the Administration have taken some initial 
steps to advance the adoption of an interoperable health information 
infrastructure model. The 2003 Medicare Modernization Act anointed the 
Commission for Systematic Interoperability to take the lead in 
developing a strategy for the adoption of uniform national standards. 
In the 109th Congress, several bills have been introduced to mold the 
framework for adopting HIT infrastructure.
    President George W. Bush also seized on the opportunity to further 
HIT adoption. In his January 2004 State of the Union address, Bush 
first described the benefits that information technology will bring to 
the health care sector: ``By computerizing health records, we can avoid 
dangerous medical mistakes, reduce costs and improve care.'' \2\ The 
President backed up this support by proposing additional funding for 
federal HIT initiatives in his FY 2005 and FY 2006 Budgets.
---------------------------------------------------------------------------
    \2\ Bush, George W., State of the Union, Washington, DC, January 
20, 2004.
---------------------------------------------------------------------------
    More significantly, however, was the April 2004 announcement by the 
President calling for the widespread adoption of interoperable 
electronic health records within the next decade. To oversee this bold, 
new, ten-year initiative, the President announced the creation of the 
Office of National Coordinator for Health Information Technology 
(ONCHIT), and named its first Director, Dr. David J. Brailer. 
Subsequently, ONCHIT devised a 10-year funding strategy for 
policymakers to consider in speeding HIT adoption nationwide. According 
to ONCHIT's ``Framework for Strategic Action,'' Congress should 
consider several funding options, including additional Medicare 
reimbursement as well as the use of loans, tax credits, and grants. It 
also should consider the easing of fraud and abuse laws to allow the 
sharing of electronic hardware.
    ACP strongly supports the Congress and the Administration in these 
initiatives to speed the adoption of uniform standards for health 
information technology (HIT). The College is committed to providing 
practicing internists with practical tools to help them improve 
quality. ACP's Physicians Information and Education Resource (PIER) 
provides ACP members--at no cost to them--with access to ``actionable'' 
evidence based guidelines at the point of care for over 300 clinical 
modules. PIER has also been incorporated into several electronic health 
record systems. It is currently in the process of aligning its 
evidence-based content to support a starter set of measures selected by 
the Ambulatory Care Quality Alliance (AQA). PIER is also creating paper 
order sets that imbed such quality measures so that physicians who have 
not made the transition to electronic health records could still 
utilize PIER content to support their participation in performance 
measurement initiatives.
    ACP's Practice Management Center has developed resources to help 
internists in the decision-making process on electronic health records 
and is leading an initiative to provide internists with tools and best 
practices to help them redesign their office processes to improve 
health care quality.
    But without sufficient financial assistance from the federal 
government to incentivize providers to purchase the full range of HIT, 
particularly those in small physician practices, we will be unable to 
achieve a smooth transition into a fully-integrated HIT society. We 
believe it is absolutely essential for Congress to begin to immediately 
fund initiatives to adopt uniform national standards, and to fully fund 
the pilot testing of HIT integration into all health care sectors.

The Benefits of Interoperable Health Information Technology
    Policymakers agree that the universal utilization of interoperable 
HIT can revolutionize health care delivery by putting real-time 
clinically relevant patient health information and up-to-date evidence-
based clinical decision support tools into the hands of providers. 
Adoption of HIT at all levels of health care will lead to the 
improvement of health care quality and reduce the high costs for 
individuals with complex health problems, particularly for those 
Medicare patients with multiple costly chronic conditions.
    Investment in the adoption of HIT is expected to result in 
significant return savings. The Department of Health and Human Services 
(HHS) and ONCHIT both agree that savings from a universal interoperable 
HIT infrastructure could achieve between $140 billion to $170 billion 
per year, close to 10 percent of total U.S. health spending. They note 
the majority of these savings would be achieved by reducing duplicative 
care, lowering health care administrative costs, and avoiding costly 
medical errors. Independent studies also confirm substantial annual 
savings as well.\3\
---------------------------------------------------------------------------
    \3\ Walker, Jan; Pan, Eric et al., Health Affairs, ``The Value of 
Health Care Information Exchange and Interoperability,'' January 2005. 
``Full standardized health care information exchange and 
interoperability could yield a net value of $77.8 billion per year once 
fully implemented.''
---------------------------------------------------------------------------
    The savings could even be more substantial when the adoption of HIT 
is coupled with value-based purchasing programs (also known as ``pay-
for-performance''), now under consideration by key congressional 
committees. Substantial savings in the Medicare Part A Trust Fund could 
be captured by preventing unnecessary hospitalizations caused by 
complications, needless duplications of medical tests and procedures, 
and the lowering of health care administrative costs. Unfortunately for 
small physician practices considering whether to make a significant 
investment in converting their practice to a fully-integrated HIT 
system, the cost-benefit analysis of making the initial purchase 
currently favors the public and private payer over the health care 
provider.

Costs of Acquiring Health Information Technology
    The single biggest barrier to achieving fully interoperable HIT 
across the nation is the substantial cost in acquiring the necessary 
technology. This obstacle is especially acute for physicians practicing 
in small office settings, where three-fourths of all Medicare 
recipients receive outpatient care.\4\ An additional related barrier is 
that public and private payers, not the physicians, will realize the 
savings from physician investment in acquiring the necessary HIT (i.e., 
electronic health records, electronic prescribing, clinical decision 
support tools, etc).
---------------------------------------------------------------------------
    \4\ Center for Studying Health System Change, ``Most Medicare 
Outpatient Visits Are to Physicians With Limited Clinical Information 
Technology,'' July 2005.
---------------------------------------------------------------------------
    The initial start-up costs for the purchase of a fully 
interoperable HIT system can be substantial. Depending on the size of 
the practice and its applications, acquisition costs on average range 
from $16,000 to $36,000.\5\ (The Harvard Center for Information 
Technology Leadership estimates HIT systems cost about $29,000 per 
physician). The ongoing costs associated with training, maintenance, 
and system support of the HIT system make these estimates substantially 
higher over the lifetime of the practice.
---------------------------------------------------------------------------
    \5\ Congressional Research Service, ``Health Information 
Technology: Promoting Electronic Connectivity in Healthcare,'' The 
Library of Congress, April 13, 2005.
---------------------------------------------------------------------------
    Unfortunately, the savings from interoperable HIT will largely go 
unrecognized for physicians making the investment to convert their 
practices. In fact, it's more likely the majority of the savings from 
physician investment will be recognized by payers and patients--through 
a reduction in duplicative care, the lowering health care 
administrative costs leading to lower health insurance rates, and 
avoiding costly medical errors--not to the providers that pay the 
initial and ongoing implementation costs. ACP strongly believes that 
physicians' collective and individual contributions must be recognized 
in order to achieve Medicare and Medicaid savings through HIT adoption. 
Current reimbursement policies should allow for individual physicians 
to share in the system-wide savings that are attributable to their 
participating in HIT and other quality improvement programs.
    While the College and the physician community recognize the great 
potential for improving the overall quality of care that HIT brings, 
the majority of small physician practices cannot afford to expend the 
necessary capital to make the initial investment. For physicians 
dealing with a multitude of financial issues--ranging from low 
reimbursement under Medicare and Medicaid, declining fees from managed 
care, the rising costs of medical malpractice insurance, and the cost 
of compliance under increasing state and federal regulation--the 
majority are not in any financial position to make the initial $16,000 
to $36,000 investment.
    The reality of HIT underinvestment by the typical physician 
practice is affecting millions of Medicare beneficiaries. The Center 
for Studying Health System Change (HSC) recently released a study 
documenting the significant lack of Medicare beneficiary access to 
physician practices with fully-integrated HIT systems. The study 
monitored physician practice adoption trends for the following five 
clinical functions: obtaining treatment guidelines; exchanging clinical 
data with other physicians; accessing patient notes; generating 
preventive treatment reminders for the physician's use; and writing 
prescriptions.
    While nearly half of the Medicare outpatient visits used at least 
one of these five clinical functions, according to the HSC study, only 
9 percent of visits were to physician practices with electronic 
prescribing capabilities. The study concluded that while Medicare is 
targeting small practices by offering technical assistance and 
undertaking a chronic care pay-for-performance demonstration, ``Broader 
policy efforts--including financial incentives--may be needed, however, 
to substantially improve patient access.'' \6\
---------------------------------------------------------------------------
    \6\ See HSC study, July 2005.
---------------------------------------------------------------------------
The Need for Immediate Congressional Involvement
    The current Medicare physician reimbursement system does not reward 
physicians for quality. Because physicians are paid on a per-procedure 
or per-service basis, the Medicare reimbursement structure emphasizes 
volume over quality. In recognition of the need for a Medicare 
reimbursement system that rewards innovation and quality, Congress is 
examining the role that value-based purchasing programs might play in 
the Medicare program.
    ACP strongly believes a solution to this problem lies in changing 
the Medicare physician payment policies to reward those physicians who 
fully incorporate all aspects of HIT (and value-based purchasing 
programs) into their practice. Under today's Medicare payment 
formula,physician payments is based upon several factors: relative 
value units (RVUs) for each service, reflecting the relative amount of 
physician work effort, practice expenses, and malpractice insurance 
expenses involved with furnishing each service; a dollar conversion 
factor that translates these RVUs into monetary payment amounts; and 
geographic practice cost indexes (GPCIs) for physician work, practice 
expenses, and malpractice insurance expenses to reflect differences in 
physician practice costs among geographic areas.
    But in order to speed the adoption of HIT into physician practices, 
and to take into account the ongoing, everyday costs associated with 
maintaining such systems, the College recommends Congress consider 
legislation that builds into the Medicare physician payment system an 
add-on code for office visits and other evaluation and management (E/M) 
services. This payment mechanism should identify that a service was 
facilitated by electronic health data systems, such as electronic 
health records, electronic prescribing and clinical decision support 
tools, and reimburse accordingly.
    In addition, Congress should also allocate the necessary funding 
for small physician practices to make the initial HIT investment to 
purchase the necessary hardware and software. The majority of bills 
that have been introduced in the 109th Congress only utilize either 
grants, loans, tax credits, or a combination of the three. We believe 
those funding mechanisms alone are insufficient to put the necessary 
HIT systems into the hands of small physician practices.
    Finally, the College is growing deeply concerned over the lack of 
coordination in the creation of uniform HIT standards. In order to 
facilitate the seamless and secure transition to an electronic flow of 
health information, Congress must push for the adoption of uniform 
standards for everyone to use. To date, several standards have already 
been developed by a mixture of public and private entities. 
Unfortunately, these entities are, in most cases, duplicating efforts. 
We believe Congress must intervene in this process and bring public and 
private entities together into one decision-making body to agree on 
existing standards, determine what additional standards are needed, 
prioritize future standard development, and make sure approved 
standards are maintained.
    ACP is very supportive of the initiative recently announced by HHS 
Secretary Mike Leavitt to create the American Health Information 
Community (AHIC), a public-private collaboration that will help develop 
standards and achieve interoperability of health information. This 
collaboration will provide a forum for interest ed parties to recommend 
specific actions that will accelerate the widespread application and 
adoption of electronic health records and other health information 
technology. We believe an entity, such as AHIC, should be recognized as 
the sole organization charged with developing uniform standards and 
certifying HIT products for industry use. Therefore, Congress must 
immediately authorize and provide the sustained funding to begin the 
development of uniform national HIT standards.
    Once developed, HIT standards will need real-world pilot testing. 
This should come as no surprise to Congress given the dire situation we 
found ourselves in 2003 with the implementation of standards mandated 
under HIPAA Transaction and Code Sets Standard. As with HIPAA Standards 
compliance, implementation of HIT standards will require time and a 
significant amount of pilot testing by the full range of health care 
providers from all sectors with adequate HIT in place. Testing must 
include physicians in solo/small and large practice settings (rural and 
urban areas), psychologists, hospitals, community health centers, 
skilled nursing facilities, laboratories, and pharmacies. All 
participants in the pilot must utilize the full range of HIT systems 
and the necessary ongoing training must be provided. Therefore, we 
believe Congress must provide the necessary funding to ensure adequate 
testing of HIT standards across all health care sectors. These pilot 
tests can begin immediately as standards become accepted. As additional 
standards are approved, they can be immediately incorporated into the 
pilot.

Legislation in the 109th Congress
    In the 109th Congress, a flurry of legislative proposals has 
already been introduced to define the federal role in speeding the 
adoption of HIT. ACP is supportive of many of the bills that have come 
forward, especially those we believe will lead to the achievement of 
universal acceptance and adoption of HIT. We are also appreciatative of 
the Senate-passed FY 2006 Budget Resolution that creates a HIT 
``reserve fund'' to permit financial incentives which will encourage 
the adoption of information technology for the period of fiscal years 
2006 to 2010. Recognizing the quality and the cost savings benefits, 
the FY 2006 Budget Resolution provides the authority for the Senate 
Finance Committee and the Senate HELP Committee to report out language 
offering financial incentives that encourage the adoption of HIT, 
anticipating they will pay for themselves within 5 years.
    The College is particularly supportive of the bipartisan bill, H.R. 
747, the ``National Health Information Incentive Act,'' sponsored by 
Reps. Charles Gonzalez (D-TX) and John McHugh (R-NY), because it 
specifically targets those small physician practices who are in need of 
the most financial assistance. Like most of the legislative proposals 
introduced so far, H.R. 747 offsets the initial start-up costs and 
ongoing training and maintenance costs of acquiring interoperable HIT 
systems by providing grants, loans, and refundable tax credits. But 
more importantly, the legislation builds into the Medicare physician 
payment system an add-on code for office visits and other evaluation 
and management (E/M) services, care management fees for physicians who 
use HIT to manage care of patients with chronic illnesses, and payments 
for structured email consults resulting in a separately identifiable 
medical service from other E/M services. These fees would be triggered 
if the procedure or service was facilitated by an electronic health 
data system (such as electronic health records, electronic prescribing 
and clinical decision support tools) when used to support physicians' 
voluntary participation in performance measurement and improvement 
programs. Additionally,H.R. 747 takes the appropriate step of 
establishing two-year pilot testing of the standards and the 
determining quality improvements and cost savings of the integration of 
HIT.
    In addition, the College is also strongly supportive of the 
bipartisan bill, S. 1227, the ``Health Information Technology Act,'' 
introduced by Sens. Debbie Stabenow (D-MI) and Olympia Snowe (R-MA). 
Like the Gonzalez-McHugh bill, S. 1227 includes one-time tax credits 
and grants for the purchase of HIT as well as Medicare physician 
payment changes that recognize the ongoing costs in maintaining HIT by 
authorizing adjustments to Medicare payment when an identifiable 
medical service is provided using HIT.
    The College strongly believes Congress should provide the necessary 
funding to offset the initial costs in obtaining HIT, but it should 
also recognize the unquantifiable and ongoing costs in utilizing HIT. 
It is this combination of one-time and on-going financial incentives 
put forward by H.R. 747 and S. 1227 that will substantially speed HIT 
adoption and improve access to physician practices with HIT, resulting 
in tremendous system-wide savings. Congress should recognize the 
collective and individual contributions needed to achieve Medicare and 
Medicaid savings through the adoption of HIT. Therefore, we believe 
funding initiatives should allow for individual physicians to share in 
the system-wide savings that are attributable to their participating in 
HIT and other performance measurement and improvement programs.

Conclusion
    ACP is pleased that the House Committee on Ways and Means 
Subcommittee on Health is examining the congressional role in 
accelerating the adoption of health information technology. We strongly 
believe Congress has a very important role in promoting the adoption of 
uniform standards and providing the necessary initial and ongoing 
funding mechanisms to assist small physician practices to adopt and 
utilize HIT. The benefits of full-scale adoption of interoperable HIT 
will be significant, leading to a higher standard of quality in the 
U.S. health care system. Unfortunately, without adequate financial 
incentives, small physician practices will be left behind the 
technological curve and their patients with them.

                                 

             Statement of William Vaughan, Consumers Union

    Madame Chair, Members of the Committee:
    Consumers Union is the independent, non-profit publisher of 
Consumer Reports.
    Like so many others, we believe expediting the development of a 
common health care information technology has the potential to bring 
enormous long-term savings and quality improvements.
    But--and this is a big qualifier--there needs to be more consumer 
involvement in and understanding of how consumers' very personal 
medical data is going to be used and protected.
    A truly modern health care system should enable medical providers 
to immediately access an individual's medical records, images or drug 
reactions in an emergency, or quickly put their hands on the complete 
medical history of a new patient. But the promise of better health care 
through easily useable medical records is accompanied by deep fear that 
one's most private medical records might be easily compromised. In 
recent months, we have seen this compromise of electronic data in the 
theft of millions of Americans' financial records. Computers are hacked 
into almost daily; identity theft has become a common story. If these 
severe problems happen constantly in the financial world, the consumer 
wonders what is to keep them from happening in the medical world?
    The consensus Senate IT bill seems to deal with privacy issues 
largely through a cross-reference to the Health Insurance Portability 
and Accountability Act of 1996. Yet the average person on the street 
has no idea what HIPAA means, or how it may protect their medical 
recored privacy. Legislation that promotes the use of health care IT 
needs provisions that educate the American public about what it means, 
how it will work, and what a person's rights and protections are in the 
new system. The privacy standards need to be restated and clearly 
explained, the penalties for willful and malicious violations 
strengthened, and individuals should be given the right to opt out of 
the system until they want to join in. Also, if a person's medical 
record is ever compromised, they should be informed immediately about 
the breach. It should be clear that individuals should in general be 
able to see their records and request corrections.
    To date, the health care IT process has been largely a technical 
discussion involving providers and purveyors of IT services. But what 
hasn't been talked about is the incredibly personal and sensitive 
information these electronic medical records would contain. Any and all 
advisory commissions created by any health care IT legislation should 
include a majority of ``ordinary'' citizens to make sure that the 
American consumer is comfortable with measures to protect this 
sensitive information.
    Rather than increasing the sense of powerlessness and vulnerability 
in our modern computer age, the health care IT system of the future 
should be a benefit to consumers' quality of life of consumers. Only by 
including consumers in the process, educating the public about this 
technology, and strengthening privacy protections will consumers have 
faith in the new system.

                                 

 Statement of Richard Patrick Yanes, Clinical Social Work Federation, 
                          Arlington, Virginia

    Chairwoman Johnson and Members of the Committee, we appreciate this 
opportunity to address the Committee as it continues its work in 
examining the issues attendant to the greater uses of the developing 
information technologies in the health care field. Clearly such 
technologies offer great opportunities to provide improved and better 
integrated physical and mental health care services. Just as clearly, 
however, such technologies carry great risks of harm. Our comments, 
then, will be directed at our concern that such technologies not put at 
risk the disclosure of an individual's private health information 
without the individual's consent.
    For decades Congress has recognized the need to protect consumers' 
personal information and has passed laws ensuring the privacy of 
information contained in bank, credit card, other financial records, 
and even video rentals. With respect to an individual's health 
information, Congress has been no less vigilant. With the passage of 
the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), Congress recognized the importance of protecting the 
consumers' most sensitive information--health information \1\ as did 
the previous Administration, drafting regulations implementing the Act 
that required consumers' consent \2\ The protection offered in HIPAA, 
however, was a continuation of the almost three decades long 
application of the confidentiality regulations developed to protect the 
consumers of substance abuse services.\3\
---------------------------------------------------------------------------
    \1\ 67 Fed. Reg. 14775 and 14777.
    \2\ 45 CFR  164.506
    \3\ 42 CFR Part 2.
---------------------------------------------------------------------------
    With the enactment of these and other legislative policies, 
Congress recognized the many reasons for safeguarding consumers' health 
information including that many individuals will refuse to seek timely 
physical and mental health care for conditions they perceive may have a 
stigmatizing effect on them should the information not be held in the 
strictest confidence. ``People's willingness to seek help is contingent 
on their confidence that personal revelations of mental distress will 
not be disclosed without their consent.\4\ To delay treatment is to 
exacerbate the condition and increase costs should treatment be sought 
later.
---------------------------------------------------------------------------
    \4\ Department of Health and Human Services, Mental Health: A 
Report Of The Surgeon General, (Washington D.C., GPO, 1999) p. xvii.
---------------------------------------------------------------------------
    The Federal courts have also recognized the critical nature of 
confidentiality when the United States Supreme Court held in Jaffe v. 
Redmond that patients receiving mental health therapy have a right to 
privacy in therapist-patient communications and that such 
communications cannot be used or disclosed without their consent \5\ 
The Court also recognized that all 50 states and the District of 
Columbia have enacted some form of psychotherapist-patient privilege 
and it was through that reason and experience that the Court was led to 
its holding.\6\
---------------------------------------------------------------------------
    \5\ Jaffe v. Redmond 518 U.S. 1 (1996).
    \6\ Ibid.
---------------------------------------------------------------------------
    As the Subcommittee goes about its work we urge that the Members be 
mindful that not only has the federal government placed critical 
importance on the protection of health information but that many states 
have adopted their own standards of protection as well. Both the 
Congress and the Department of Health and Human Services (HHS) gave 
assurances through their enactment of HIPAA and its implementing 
regulations that federal privacy standards would not supercede state 
privacy laws ``. . . if the provision of State law imposes 
requirements, standards, or implementation specifications that are more 
stringent than the requirements, standards, or implementation 
specifications imposed under the regulation . . .'' \7\ and again later 
when commenting on the adopted Privacy Rule HHS stated that ``State 
laws that are more stringent remain in force. In order to not interfere 
with such laws and ethical standards, this Rule permits covered 
entities to obtain consent.'' \8\
---------------------------------------------------------------------------
    \7\ 67 Fed. Reg. 1475 et seq., 264(c)(2).
    \8\ 67 Fed. Reg. 53,212.
---------------------------------------------------------------------------
    In conclusion, as the Subcommittee continues its work to set 
standards for the development of information technologies and their 
application to health care information we urge that the Members 
continue to give the highest priority to the protection of the 
individual's right to control the disclosure of their private health 
information.
                                 ______
                                 
                                                        Appendix A.

    The Clinical Social Work Federation, the largest clinical social 
work organization in the United States, has members and societies in 
37states both nationally and in Canada. The Federation works for 
improvement of the standards of the profession, the protection of 
clients, and the professional development of its members. The 
Federation provides both clients and members with advocacy on mental 
health issues before the Congress and regulatory bodies and assists the 
state societies with advocacy at the state level.
    Licensed clinical social workers provide 41% of the mental health 
services in the United States and work through social service agencies, 
hospitals and community health centers, health maintenance and managed 
care organizations, schools, and private practice. Clinical social 
workers are licensed in all 50 states and diagnose, treat, and engage 
in preventive services of mental, behavioral, and emotional disorders 
in individuals, families, and groups.
    Both the states and the courts have upheld the confidentiality of 
the special relationship the clinical social worker has with their 
clients. Clinical social workers are also recognized and testify as 
expert witnesses on the diagnosis and treatment of mental disorders. 
All clinical social workers hold advanced degrees and have undergone 
thousands of hours of supervised clinical internships prior to 
licensing.
                                 ______
                                 
                                                         Appendix B
    Clinical social work plays a crucial role in the delivery of mental 
health services nationally with over 250,000 licensed clinical social 
workers. Clinical social workers hold advanced degrees and have 
undergone thousands of hours of supervised clinical internships prior 
to licensing. In most states, clinical social workers are licensed to 
diagnose, treat, and engage in preventive services of mental, 
behavioral, and emotional disorders in individuals, families, and 
groups.

      Clinical social workers provide 41% of mental health 
treatment in the country (ASWB, 2003) and have clinical training 
standards that are the equivalent of or stronger than psychologists, 
mental health counselors, marriage and family therapists, and 
psychiatric nurses.
      Clinical social workers have one of the lowest actionable 
complaint rates of any mental health discipline with national rates of 
0.9% (ASWB, 2003).
      Clinical social workers have one of the highest 
satisfaction ratings of all mental health professionals, as surveyed 
and reported in a 1995 Consumer Reports article according to 4000 
consumers of mental health services.
      Clinical social workers are trained to provide diagnosis 
and treatment through psychotherapy and counseling of all mental health 
disorders. Both the states and the courts have upheld the 
confidentiality of the special relationship the clinical social worker 
has with their clients.
      Clinical social workers work through social service 
agencies, hospitals and community health centers, health maintenance 
and managed care organizations, schools, and private practice.
      Clinical social workers reduce medical problems and 
health care costs by treating the emotional disorders that lead to 50% 
of the visits to family practitioners (Office of the Surgeon General, 
2000).
      Clinical social workers play an integral role in state, 
county, and city mental health programs throughout the country.

                                  
