[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]



 
                  LEGISLATIVE PROPOSALS TO PROMOTE 
              ELECTRONIC HEALTH RECORDS AND A SMARTER 
                        INFORMATION SYSTEM


                             HEARING

                           BEFORE THE

                      SUBCOMMITTEE ON HEALTH

                             OF THE 

                      COMMITTEE ON ENERGY AND 
                            COMMERCE

                     HOUSE OF REPRESENTATIVES


                    ONE HUNDRED NINTH CONGRESS

                         SECOND SESSION


                         MARCH 16, 2006

                        Serial No. 109-114

      Printed for the use of the Committee on Energy and Commerce


Available via the World Wide Web:  http://www.access.gpo.gov/congress/house


                    U.S. GOVERNMENT PRINTING OFFICE
30-339                      WASHINGTON : 2006
_____________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; DC area (202)
512-1800 Fax: (202) 512-2250  Mail: Stop  SSOP, Washington, DC 20402-0001


                   COMMITTEE ON ENERGY AND COMMERCE
                      JOE BARTON, Texas, Chairman
RALPH M. HALL, Texas                      JOHN D. DINGELL, Michigan
MICHAEL BILIRAKIS, Florida                  Ranking Member
  Vice Chairman                           HENRY A. WAXMAN, California
FRED UPTON, Michigan                      EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida                    RICK BOUCHER, Virginia
PAUL E. GILLMOR, Ohio                     EDOLPHUS TOWNS, New York
NATHAN DEAL, Georgia                      FRANK PALLONE, JR., New Jersey
ED WHITFIELD, Kentucky                    SHERROD BROWN, Ohio
CHARLIE NORWOOD, Georgia                  BART GORDON, Tennessee
BARBARA CUBIN, Wyoming                    BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois                    ANNA G. ESHOO, California
HEATHER WILSON, New Mexico                BART STUPAK, Michigan
JOHN B. SHADEGG, Arizona                  ELIOT L. ENGEL, New York
CHARLES W. "CHIP" PICKERING,  Mississippi ALBERT R. WYNN, Maryland
  Vice Chairman                           GENE GREEN, Texas
VITO FOSSELLA, New York                   TED STRICKLAND, Ohio
ROY BLUNT, Missouri                       DIANA DEGETTE, Colorado
STEVE BUYER, Indiana                      LOIS CAPPS, California
GEORGE RADANOVICH, California             MIKE DOYLE, Pennsylvania
CHARLES F. BASS, New Hampshire            TOM ALLEN, Maine
JOSEPH R. PITTS, Pennsylvania             JIM DAVIS, Florida
MARY BONO, California                     JAN SCHAKOWSKY, Illinois
GREG WALDEN, Oregon                       HILDA L. SOLIS, California
LEE TERRY, Nebraska                       CHARLES A. GONZALEZ, Texas
MIKE FERGUSON, New Jersey                 JAY INSLEE, Washington
MIKE ROGERS, Michigan                     TAMMY BALDWIN, Wisconsin
C.L. "BUTCH" OTTER, Idaho                 MIKE ROSS, Arkansas                       
SUE MYRICK, North Carolina
JOHN SULLIVAN, Oklahoma
TIM MURPHY, Pennsylvania
MICHAEL C. BURGESS, Texas
MARSHA BLACKBURN, Tennessee

                      BUD ALBRIGHT, Staff Director
                     DAVID CAVICKE, General Counsel
      REID P. F. STUNTZ, Minority Staff Director and Chief Counsel


                        SUBCOMMITTEE ON HEALTH
                    NATHAN DEAL, Georgia, Chairman
RALPH M. HALL, Texas                      SHERROD BROWN, Ohio
MICHAEL BILIRAKIS, Florida                  Ranking Member
FRED UPTON, Michigan                      HENRY A. WAXMAN, California
PAUL E. GILLMOR, Ohio                     EDOLPHUS TOWNS, New York
CHARLIE NORWOOD, Georgia                  FRANK PALLONE, JR., New Jersey
BARBARA CUBIN, Wyoming                    BART GORDON, Tennessee
JOHN SHIMKUS, Illinois                    BOBBY L. RUSH, Illinois
JOHN B. SHADEGG, Arizona                  ANNA G. ESHOO, California
CHARLES W. "CHIP" PICKERING,  Mississippi GENE GREEN, Texas
STEVE BUYER, Indiana                      TED STRICKLAND, Ohio
JOSEPH R. PITTS, Pennsylvania             DIANA DEGETTE, Colorado
MARY BONO, California                     LOIS CAPPS, California
MIKE FERGUSON, New Jersey                 TOM ALLEN, Maine
MIKE ROGERS, Michigan                     JIM DAVIS, Florida
SUE MYRICK, North Carolina                TAMMY BALDWIN, Wisconsin
MICHAEL C. BURGESS, Texas                 JOHN D. DINGELL, Michigan
JOE BARTON, Texas                           (EX OFFICIO)                            
  (EX OFFICIO)


                                 CONTENTS


                                                                      Page
Testimony of:
        Nelson, Ivo, Healthcare Industry Leader, Global and 
                Americas, IBM 	                                        17
        Braithwaite, William, Chief Clinical Officer, eHealth 
                Initiative and Foundation for eHealth Initiative 	31
        Mertz, Alan, President, American Clinical Laboratory 
                Association 	                                        40
        Vaughan, Bill, Senior Policy Analyst, Consumers Union 	        45
        Newman, Mark, President and CEO, Evanston 
                Northwestern Healthcare, on behalf of Healthcare 
                Leadership Council 	                                56
        Pyles, James C., Attorney Member, Powers, Pyles, 
                Sutter and Verville, P.C. 	                        96
        Detmer, Dr. Don E., President and Chief Executive 
                Officer, American Medical Informatics Association      127
Additional material submitted for the record:
        Braithwaite, William, Chief Clinical Officer, eHealth 
                Initiative and Foundation for eHealth Initiative, 
                Response for the Record 	                       154
        Mertz, Alan, President, American Clinical Laboratory 
                Association, Response for the Record 	               155
        Newman, Mark, President and CEO, Evanston 
                Northwestern Healthcare, on behalf of Healthcare 
                Leadership Council, Response for the Record 	       158
        Pyles, James C., Attorney Member, Powers, Pyles, 
                Sutter and Verville, P.C., Response for the Record     161
        Detmer, Dr. Don E., President and Chief Executive 
                Officer, American Medical Informatics Association, 
                Response for the Record 	                       164
        Blue Cross and Blue Shield Association, prepared 
                statement of	                                       166
        Peel, Deborah C., MD, Founder, Patient Privacy Rights 
                Foundation, prepared statement of	               171
        Advanced Medical Technology Association, prepared 
                statement of	                                       177

                  LEGISLATIVE PROPOSALS TO PROMOTE 
               ELECTRONIC HEALTH RECORDS AND A SMARTER 
                           INFORMATION SYSTEM


                        THURSDAY, MARCH 16, 2006

                        HOUSE OF REPRESENTATIVES,
                    COMMITTEE ON ENERGY AND COMMERCE,
                         SUBCOMMITTEE ON HEALTH,
                                                            Washington, DC.


        The subcommittee met, pursuant to notice, at 10:10 a.m., in 
Room 2123 of the Rayburn House Office Building, Hon. Nathan 
Deal (chairman) presiding.
	Members present:  Representatives Deal, Shadegg, Burgess, 
Barton (ex officio), Brown, Waxman, Green, Capps, Baldwin, and 
Gonzalez.
	Staff present:  Chuck Clapton, Chief Health Counsel; Melissa 
Bartlett, Counsel; Ryan Long, Counsel; Nandan Kenkeremath, 
Counsel; Bill O'Brien, Legislative Analyst; David Rosenfeld, 
Counsel; Brandon Clark, Policy Coordinator; Chad Grant, 
Legislative Clerk; John Ford, Minority Counsel; Chris Knauer, 
Minority Investigator; Purvee Kempf, Minority Counsel Amy Hall, 
Minority Professional Staff Member; Bridgett Taylor; Minority 
Professional Staff Member; Jessica McNiece, Minority Research 
Assistant; and Jonathan Brater, Minority Staff Assistant.
MR. DEAL.  I will call the hearing to order.  We are pleased to 
have all of you with us today, and certainly another distinguished 
panel for this hearing.  Let me tell you at the outset that this is one 
of those days where we have a lot of votes on the Floor.  In fact, 
we are going to be interrupted almost at the point we begin today 
with a series of about 10 votes on amendments that were debated 
yesterday, and we'll be on the Floor for an immediate vote this 
morning.
	We thought we would try to get started and call the committee 
hearing to order and maybe get in a few opening statements before 
we have to leave.  We will try to accommodate your time 
constraints because you are our guests and we appreciate your 
presence with us today.  We also have a great deal of interest in the 
subject matter of this hearing and in the testimony that is going to 
be presented.  We will have several members of the full committee 
who are not members of our Health Subcommittee who will 
probably be joining us, and I invite them to join us on the dais.  I 
would ask unanimous consent for them to be allowed to submit 
their written statements for the record, and without objection that is 
so ordered.
	There may come a time in the questioning stage where, 
depending on how long we have been going in this hearing and the 
availability of time, that we will address the issue of their ability to 
ask questions at that point in the hearing process.  We would 
certainly at this point ask unanimous consent for those members of 
the full committee to be allowed to submit written questions for the 
record in the event time does not allow their oral questions, and 
without objection that is so ordered.
	I will now recognize myself for an opening statement.  As I 
said, we are pleased to have such a distinguished panel of guests 
with us today, and I look forward to your testimony on a subject 
that I think is certainly at the very top of most people's concerns 
when we talk about healthcare reform.  The use of better 
information technology and healthcare holds the potential not only 
to save lives but also money.  In the creation of an electronic 
system to track medical records hopefully we will reduce medical 
errors and help eliminate inefficiencies and waste in the current 
system.
	These systems hold a potential to significantly improve 
healthcare by eliminating illegible handwritten prescriptions, 
providing immediate access to laboratory test results, and making a 
patient's full medical history available to their treating physician 
no matter where that patient may seek treatment.  As many of you 
are aware, several bills have already been introduced in Congress 
to deal with this general subject matter of new technologies.  These 
proposals reflect a broad range of ideas about what can be done to 
create the proper incentives to encourage more healthcare 
providers to acquire and use healthcare information technology.
	This hearing is hopefully going to be the first in a series of 
hearings to explain these proposals and explore what actions 
Congress needs to take in this area.  However, we need to be 
cautious of dramatic legislative proposals which largely seek to 
regulate this budding technology area.  Innovators, investors, 
healthcare providers, healthcare payment systems and patients will 
drive these changes.  As a guiding principle, Congress should do 
nothing that would impede or limit reforms which are already 
transforming the market place.  The President and the Health and 
Human Services Secretary Michael Leavitt, have both shown 
broad leadership in promoting this great discussion and 
demonstration and initial activities that hopefully will be helpful to 
our future.
	We are also seeing many hospitals, physicians, pharmacies, 
and payers moving forward in the implementation of this 
technology.  We neither want to interfere with this effort nor 
overstate the government's role in innovations, applications, or 
basic investment decisions.  Ultimately investments and the 
products, training, and activities to promote the use of structured 
information will happen piece by piece and not by a grand 
government design.  We must also continue to provide patients 
with the assurance that their personal medical records will remain 
private and not be subject to inappropriate disclosures.
	Such protections must also balance the need to be realistic and 
workable so that patients can reap the benefits of better healthcare 
through the use of IT.  The adoption of new technologies holds the 
potential to improve accountability and empower patients with 
greater access to their own medical records.  At the same time, 
safeguards must be provided to prevent hackers and other 
unauthorized persons from gaining access to confidential medical 
records.  As we move forward, let us look at the many legislative 
proposals to promote electronic health records of health 
information technology in a cautious fashion.  Hopefully, we in 
Congress can be helpful and not unintentionally slow down or 
misdirect the growth in the many new innovations and applications 
to come.
	Again, I welcome our witnesses and thank you for your 
participation.  And in the absence of Mr. Brown, I am going to 
recognize Mr. Waxman for an opening statement.
	[The prepared statement of Hon. Nathan Deal follows:]

PREPARED STATEMENT OF THE HON. NATHAN DEAL, CHAIRMAN, 
SUBCOMMITTEE ON HEALTH

 The Committee will come to order, and the Chair 
recognizes himself for an opening statement.
 I am proud to say that we have a distinguished and expert 
panel of witnesses appearing before us today that will help 
us explore how to best increase the proper utilization of 
information systems in our healthcare delivery system.  
 The use of better information technology in healthcare 
holds the potential to save lives as well as money.  The 
creation of an electronic system to track medical records 
will sharply reduce the number of medical errors and help 
eliminate inefficiencies and waste in the system.
 These systems hold the potential to significantly improve 
healthcare by eliminating illegible handwritten 
prescriptions, providing immediate access to laboratory test 
results and making a patient's full medical history available 
to their treating physician no matter where that patient 
seeks treatment.  
 Several bills have been introduced with the intent of 
helping speed the adoption of these new technologies.  
 These proposals reflect a broad range of ideas about what 
can be done to create the proper incentives to encourage 
more healthcare providers to acquire and use health 
information technology.  
 This hearing is hopefully going to be the first in a series of 
hearings to examine these proposals and explore what 
actions Congress needs to take in this area.
 However, we need to be cautious of dramatic legislative 
proposals which largely seek to regulate this budding 
technology area.
 Innovators, investors, healthcare providers, healthcare 
payment systems, and patients will drive these changes.  
 As a guiding principle, Congress should do nothing that 
would impede or limit reforms which are already 
transforming this marketplace.  
 The President and the Health and Human Services 
Secretary Michael Leavitt have both shown broad 
leadership in promoting the many discussions, 
demonstrations, and initial activities that will be helpful for 
our future.
 We are also seeing many hospitals, physicians, pharmacies, 
and payers moving forward in the implementation of this 
technology.  
 We neither want to interfere with this effort nor overstate 
the government's role in innovations, applications, or basic 
investment decisions. 
 Ultimately, investments in the products, training and 
activities to promote the use of structured information will 
happen piece by piece and not by a grand government 
design.  
 We must also continue to provide patients with the 
assurance that their personal medical records will remain 
private and not be subject to inappropriate disclosures.  
 Such protections must also balance the need to be realistic 
and workable so that patients can reap the benefits of better 
healthcare through the use of IT.
 The adoption of new technologies holds the potential to 
improve accountability and empower patients with greater 
access to their own medical records.  
 At the same time safeguards must be provided to prevent 
hackers and other unauthorized persons from gaining 
access to confidential medical records.
 As we move forward, let's look at the many legislative 
proposals to promote electronic health records of health 
information technology cautiously.  
 Hopefully, we in Congress can be helpful and not 
unintentionally slow down or misdirect the growth in the 
many new innovations and applications to come. 
 Again, I welcome our witnesses and thank them for their 
participation.  
 I now recognize my friend from Ohio, Mr. Brown, for five 
minutes for his opening statement.

	MR. WAXMAN.  Thank you, Mr. Chairman.  I appreciate you 
holding this hearing.  It is an important issue.  As we look forward 
to electronic health records and promoting smarter information 
systems, I want to raise the same caution that you just did.  
Computerized medical records pose a threat to one of the most 
basic privacy rights that an individual can have.  Basic medical and 
genetic information should not be shared without meaningful 
informed consent, but even with consent protections against 
release of information, the right to be informed of any breach of 
privacy, the right to have access to one's own information and 
strong protections against the discriminatory use of the information 
are all critical.
	Further, the maintenance of State laws that protect privacy 
should be a bedrock principle.  We cannot take such comfort in our 
Federal rules that we can afford to eliminate any additional 
protections.  And, finally, I cannot help but comment on the irony 
that we would even contemplate limiting State protections when 
we have so clearly failed at the Federal level to adopt legislation 
that assures basic protections against discrimination on the basis of 
genetic information.  This committee has jurisdiction in this area 
and it should exercise it.  It is an important one to keep in mind.  
As we look at the positive side of it, we should also recognize that 
there is a potential negative side to this new computerized health 
world.  Thank you, and I yield back the balance of my time.
	MR. DEAL.  Mr. Shadegg, you are recognized for an opening 
statement.
	MR. SHADEGG.  Thank you, Mr. Chairman, and I want to 
compliment you on the legislation you put in this area.  I would 
echo the remarks you made in your opening statement.  I will not 
make my own opening statement other than to say that while there 
are important gains that can be made in this area, my personal 
belief is we ought to also be looking at giving consumers more 
choice.  Choice works in so many other places, and in the 
healthcare field we have given consumers virtually no choice.  
Their healthcare plan is selected by their employer in the vast 
majority of cases.  It is handed to them from their doctor.  They are 
told who their doctor is in any given area, and I believe we have 
taken them too much out of the equation.  And it is critical while 
the gains we can make here are very important and need to be 
pursued, and I compliment the bill you have, we also need to be 
looking at advancing choice and healthcare to the greatest degree 
possible.  With that, I yield back.
	MR. DEAL.  I thank the gentleman.  Ms. Capps, you are 
recognized for an opening statement.
	MS. CAPPS.  Thank you, Mr. Chairman, and I want to thank 
you also.  I am pleased that we are holding hearings on health 
information technology because I believe that facilitating better 
sharing of information between members of the healthcare 
community is a very important aspect of improving patient safety 
and quality of care.  I am very excited to hear from our witnesses 
today, and I thank each of you for coming.  I am excited by the 
prospect of eliminating unnecessary procedures and duplication of 
examinations or lab work that is often caused because of the 
inadequate filing and information transfer.
	I am optimistic about how utilizing health information 
technology has the possibility of removing many of the 
administrative burdens that healthcare professionals, especially 
nurses, must devote their time to.  Thinking of the people who are 
carrying the burden of delivery of care within our institutions and 
settings and the time that is so often taken away from the patient to 
fill out the duplicative records, and each time that is done it makes 
the possibility of error creep in.  As we all know, the current 
nursing shortage crisis is only continuing to worsen.  Less time 
spend filling out paperwork, as I said, or combing through 
extensive medical histories means that nurses and other patient 
care providers can spend more time with their patients.  That is 
going to mean better healthcare for patients.
	I am also interested in how health information technology has 
the potential to reduce costly, often fatal, medical errors such as 
adverse drug reactions, interactions.  The prospects for expanding 
the use of current information technology extend far beyond how 
we treat current patients also.  Finally, I am hopeful about how 
digitalizing records may help serve the medical research 
community as long as the privacy protections are maintained, and 
that is a big as long as.  But I think the possibility exists for doing 
this, and I want us to explore the ways that technology can help us 
with the privacy protections, as well as accessing medical research 
which is imperative for future developments in healthcare.
	As we work to reap the potential benefits of health IT, we will 
face challenges in developing a method that is cost effective and 
accessible to all providers.  Furthermore, while evaluating the 
different paths toward increasing the usage and improving the 
interoperability of health IT, we must remain concerned, as I said, 
about protecting patient privacy.  As always, expanding the use of 
information technology systems lends itself to greater access of 
information in both positive and negative ways.  We must ensure 
safeguards are in place which protects information from being 
accessed by the wrong parties or being used to discriminate against 
individuals.  So I look forward to hearing from our witnesses today 
on how we can create a system that is beneficial to everyone 
involved in the provision of healthcare, keeping our bottom line to 
improve treatment and protect patient privacy.  I yield back the 
balance of my time.
	MR. DEAL.  I thank the gentlelady, and am pleased to recognize 
my friend, Mr. Brown, the Ranking Member of the Health 
Subcommittee.
	MR. BROWN.  Thank you, Mr. Chairman.  I apologize for being 
late and, thank the witnesses, all of you, for joining us today.  We 
have all heard according to the Institute of Medicine report to err is 
human.  Studies have found that deaths from medical errors range 
from estimates of 44,000 a year to as high as 98,000.  Among the 
reasons cited in the report for such extremely high numbers of 
errors are issues like illegible writing in medical records, and the 
lack of coordination and communication across providers.  I am 
pleased the committee has called this hearing today because 
increased use of electronic medical records is a very promising 
means by which to address these errors, cut down on the number of 
unnecessary deaths in this country, as well as improve the quality 
of healthcare.
	Electronic medical records provide the ability to coordinate 
care across different healthcare sites.  This means your general 
practitioner can keep track of what treatments you are receiving 
from different specialists, helping to oversee your care, and make 
sure you get the services that you need.  They can reduce 
healthcare administrative costs as duplicate folders of paper 
records are consolidated into one electronic record accessible from 
any computer in the office.  Hospitals and doctor offices can 
establish support systems for their doctors to help them make the 
best decisions for their patients.  Right at the bedside doctors can 
check for patient allergies and whether they have a family history 
of stroke, for example.
	According to the IOM, health information technology is a key 
step to improving the quality of healthcare.  Finally, the electronic 
medical records means that records can travel with patients backed 
up in case of emergencies.  Katrina highlighted this point clearly in 
the wake of the hurricane.  Thousands of displaced individuals 
with serious medical conditions found themselves with no access 
to their medical records.  Paper records in doctor offices were 
unreachable or in many cases were destroyed.  Patients had no 
record of what medications they had been taking, what dosage, 
what treatments they were receiving, whether these treatments had 
been effective or not.  Breaks in care can be deadly for individuals 
with conditions like some forms of cancer or HIV/AIDS that 
require ongoing and regular treatment.
	In a system of paper records stored on shelves in doctors' 
offices, displaced residents find themselves having to try and re-
create years of medical records.  In circumstances like these, 
electronic medical records can actually protect patients' health by 
allowing doctors to immediately identify healthcare needs and 
provide treatment in a timely manner.  I do want to be clear, 
however, that while there are many benefits to increased 
implementation of health information technology we have to be 
very cautious about how we move forward.  Over time these 
systems may result in savings for providers and for patients.  Their 
development and implementation is a costly process, one that can 
be a heavy burden for family physicians and their practices.
	We should never mandate the implementation of costly 
technology without adequate support, particularly for small 
physician practices that may not have the necessary capital.  
Finally, there must be adequate protections for patient privacy.  We 
have all read the stories about stolen bank records in the last few 
months.  Imagine the cases of stolen medical records.  My own 
State of Ohio has enacted a series of laws expressly aimed at 
protecting a patient's confidentiality, a patient's ability to 
determine with whom and how medical information is shared in a 
right of action in cases of inappropriate disclosure.  In particular, 
the State has enacted laws protecting information concerning birth 
defects, HIV/AIDS, and genetic tests.  These are important 
protections.  The last thing we want to do is see an individual 
avoiding necessary and important medical care for fear of lack of 
confidentiality.
	We need to put resources in to developing standards and 
guidance to assist physicians and medical institutions through the 
process of developing electronic medical record systems.  
However, we have to be keenly aware of finding an appropriate 
balance between utilizing technology and protecting patients.  I 
look forward to hearing from all of our witnesses about how to 
address these issues.  Thank you, Mr. Chairman.
	MR. DEAL.  I thank the gentleman.  I recognize Dr. Burgess 
from Texas, a member of our subcommittee, for an opening 
statement.
	MR. BURGESS.  Thank you, Mr. Chairman.  I appreciate you 
calling this hearing today.  I do have an opening statement I will 
submit for the record, but I would just like to make a few 
observations.  A few years ago in a graduate level course that I 
took so that I would be better able to understand the business work 
as I practiced medicine, I learned a startling fact that the insurance 
industry spent between 7 and 12 percent of their budget on 
information technology.  The average small office such as mine 
spent an average of 1 to 3 percent.  Clearly, we could not keep up 
at that rate.
	We had an opportunity in this country with the Y2K, most 
people do not remember that now, but it was a big deal in the 
health industry for a time, and I used that opportunity to upgrade 
the computer services in my office over the objection of my 
partners because it did not return any real value.  And it is going to 
be a process of educating physicians, particularly physicians my 
age, who did not grow up in the computer world to recognize what 
that value is.  But that brings me to another point, and it is not 
really related to this discussion this morning but it is important in 
that we are faced with the prospect of continually cutting Medicare 
reimbursement for physicians year over year under the SGR 
formula.
	And, Mr. Chairman, we have to seriously deal with that 
because we are going to drive out the best and brightest physicians, 
and I am referring to physicians my age, the 40 to 50-year-old 
doctor who is going to be driven away from the Medicare system.  
If we are going to spend all of this money, all of this investment, in 
information technology, you want to keep your best and brightest 
involved in the field.  So people have said we cannot tackle it this 
year.  It is just too big a bite, but I submit that there is no better 
time than the present to do that.  The Ranking Member brought up 
health privacy issues with HIV and birth defects.  As we move into 
the genomic it is going to become even more critical, and we have 
to be able to assure people, the public, that their medical 
information will be private and not readily dispersible across half 
of the civilized world.
	And then finally, Mr. Chairman, I just have this observation.  
In the 21st Century it almost makes no sense that we still fight 
things the way we do here in Congress, and while I appreciate you 
having this hearing here this morning, to me it just underscores that 
there is no committee on health in the United States Congress.  The 
jurisdiction is divvied up between several committees, and I think 
it is time for the Committee on Energy and Commerce to assert its 
rightful place and take all of that jurisdiction so we can deal with 
these problems without having to go through stove pipes.  With 
that, I will yield back.
	MR. DEAL.  I thank the gentleman.  Another member from 
Texas, Mr. Green, is recognized for an opening statement.
	MR. GREEN.  Thank you, Mr. Chairman, for holding a hearing 
on electronic health records and legislation introduced by our 
colleagues to facilitate further development of health information.  
I would like my full statement to be placed in the record, and I will 
just talk about two incidents recently.  When we had Hurricane 
Katrina and Rita, Katrina in Louisiana and obviously Rita in 
southeast Texas and southwest Louisiana, there were a couple of 
events that could show how important electronic records were.  As 
both hurricanes approached the area and everyone fled, including a 
lot of our healthcare providers who closed their facilities, at the 
time they had to figure out how they were going to store their 
records.  The benefit of electronic records is incalculable for 
providers who had them in place.
	In Beaumont, Texas, a 19-doctor practice knew that Rita was 
coming and backed up their computer data with a server in a Dallas 
hotel room.  And a week after Rita hit the practice reopened and all 
their data, including their patients' electronic records were there, 
and it reappeared as if nothing happened.  The hurricanes also 
highlighted the need for interoperability within the EHRs.  In my 
hometown of Houston where we received 150,000 residents from 
New Orleans, it was so chaotic to try to have people come in and 
get them rediagnosed if they did not have their medication.  You 
did not know what dosage.  But the VA stood out.  If we received a 
veteran from Louisiana the VA medical professionals at Houston's 
VA medical hospital were able to access the records for these 
evacuees who had typically received care at the VA hospital in 
Louisiana.
	Mr. Chairman, that shows in the real world, particularly in an 
emergency situation disaster, how this can be done.  And I think 
we need to do it.  I know it is costly, but the further we move it 
along the better it will be, not only for I think the physicians who 
practice for the sanctity of their records along with our privacy 
concerns, but also for the delivery of medicine to our constituents.  
Thank you.
	MR. DEAL.  I thank the gentleman.  Ms. Baldwin, you are 
recognized for an opening statement.
	MS. BALDWIN.  Thank you, Mr. Chairman.  I am happy that we 
are taking this time to focus on healthcare IT.  Like other Members 
who have spoken already this morning, I want to add my voice of 
support for implementation of healthcare IT.  It is the healthcare 
topic that policy makers love to love these days.  And it is easy to 
understand why healthcare IT is so popular.  The potential for 
improving patient care, making better use of scarce resources, and 
collecting data for research is huge.  Imagine the opportunities for 
medical collaboration that healthcare IT could provide for a rural 
doctor who needs to consult with a specialist who is hundreds, 
perhaps even thousands, of miles away or imagine the immensely 
powerful research data that could be de-identified and then 
analyzed to track the spread of Avian flu or widespread negative 
side effects of a popular drug.  So I am encouraged that we are 
taking up this important topic and I hope that we will be able to 
have some constructive discussions on issues involving advancing 
healthcare IT.
	But I also think we need to be very up front and clear about the 
issues involved and the potential pitfalls.  From a provider 
standpoint there are many barriers to the adoption of healthcare IT.  
These barriers may be financial, technical, cultural, or legal, and 
these are all worthy of serious consideration discussing only the 
inter-operability or the interconnectivity issue could take us hours 
to fully understand it, perhaps years to reach agreement on.  From 
the patient perspective, while patients tend to have enormous 
potential gains from increased access to and frankly ownership of 
their own health records, there are also potential pitfalls, 
specifically surrounding how to craft a healthcare IT system that 
insures patient privacy protections are not sacrificed in the name of 
increased efficiency.
	Lastly, I think we need to be very cognizant of avoiding the 
situation where we have healthcare IT haves and have nots.  
Healthcare IT systems are expensive, and those who spend the 
money to put healthcare IT systems into place are not always the 
same people who benefit from these systems.  So we need to keep 
moving forward keeping this in mind and looking for ways to 
bring responsible privacy protecting healthcare IT systems to all 
Americans.  Thank you, Mr. Chairman, for holding this hearing.
	[Additional statement submitted for the record follow:]



PREPARED STATEMENT OF THE HON JOE BARTON, CHAIRMAN, 
COMMITTEE ON ENERGY AND COMMERCE

	Thank you, Chairman Deal, for holding this important hearing.  
Medical records haven't changed much since doctors and paper 
found each other.  I suppose the filing cabinet was regarded as a 
giant advance in technology.  But masses of fragile paper stuffed 
into large pieces of furniture are an anachronism here at the dawn 
of the information age.  
	We're here today to discuss the next great advance.  Electronic 
health records will mean more than convenience for doctors' 
assistants.  They will mean faster, better, less expensive care, with 
fewer of the medical errors that harm patients instead of help them. 
I want to applaud President Bush and Secretary Leavitt for their 
leadership on this issue.  I also want to recognize the many 
activities at HHS and in the private sector that will help speed the 
adoption of health information technology.   Several Members 
have legislative proposals to help promote electronic health records 
and promote smarter information systems.  We will review these 
ideas and see if there are areas where the Federal government can 
be helpful.  
        This isn't about the government deciding what's best for you, 
and then forcing it down the private sector's throat.  The private 
sector will also play an important role in the development of 
smarter information systems.  Any investment of time, resources, 
or money needs to provide a return on investment in health care 
quality and costs.  When the utility is there, the investments will 
follow.   It is very likely some elements of electronic health 
records will be in more standard use in the near future.  I am 
optimistic, for example, about greater near-term adoption of e-
prescribing and electronic reporting of laboratory results.  Other 
elements may take longer.  
        As we review our current regulatory programs, we need to 
make sure that regulations promote improved coordination of care.  
This may mean looking at things like government payment policies 
and Stark and Anti-kickback provisions.  The government may be 
able to assist the private sector in encouraging the harmonization 
of interoperability standards.  No one should, however, see this as 
an easy task.
        I look forward to hearing from today's witnesses and to try to 
identify legislative provisions that are clearly helpful, mindful of 
the appropriately limited role of the Federal government in 
choosing among innovations in technology.

PREPARED STATEMENT OF THE HON. JOHN D. DINGELL, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF MICHIGAN

        Mr. Chairman, thank you for holding this hearing on Health 
Information Technology.  Electronic medical records, electronic 
prescribing, decision support services, and the ability for systems 
to exchange information make it easier for physicians to do their 
job and patients to have more coordinated care.  But this 
technology creates new challenges for keeping an individual's 
information private and protected from disclosure.  And is it 
necessary to compromise other patient protections in order to 
encourage the use of health information technology?
        First, over the past week, one of the biggest security breaches 
occurred when pin numbers for many top banks in the world were 
compromised.  Yet loss of money does not compare to the 
irreparable damage that can result from sensitive health 
information, such as mental illness records, HIV/AIDs status, or 
genetic medical histories, being compromised. 
        In order to successfully implement electronic health records, 
patient concerns need to be addressed at every level.  Patients are 
worried about the privacy and security of their health information, 
whether they have the right to decide to keep sensitive information 
out of the network, having access to their own records, and having 
control over how the information is used.  Providers and health 
plans say they want to expand health information technology to get 
better quality care and to coordinate care for patients.  But without 
including patients in the process of developing a national health 
information infrastructure and addressing their needs, we will not 
succeed in having a system that patients feel comfortable taking 
part in and using.
        Second, do patient protections need to be sacrificed?  
Representative Nancy Johnson and Subcommittee Chairman Deal 
have introduced a health information technology bill that creates 
an exemption from Federal fraud and abuse laws.  This broad 
exemption would allow hospitals and health plans to give away 
free health information technology and services to physicians.  
Could this lead to biased decision-making by physicians about 
where to send patients who need hospital care?  Do we really need 
to weaken the laws that protect vulnerable patients against abusive 
activities at a time when they need health care?   
        Finally, I note that a serious commitment to health information 
technology means putting funding behind our proposals, making 
available grants, loan programs, or incentive payments through 
Medicare and Medicaid.  Without funding, we are merely 
providing lip service to this very important effort.  
        I look forward to the testimony the witnesses will present 
today.  Thank you.

PREPARED STATEMENT OF THE HON. TOM ALLEN, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF MAINE

        Mr. Chairman, thank you for calling this hearing today to 
examine the current state of health information technology.  
Advances in HIT has shown great promise in improving the quality 
of health care, lowering costs, and reducing medical errors. 
Maine has been at the forefront of adopting HIT.  It is one of 
the first states to implement a statewide electronic health record-
sharing system.  
        In January 2006, the board of directors of the "Maine Health 
Information Network Technology System" formalized a not-for-
profit organization to implement an "Interoperable Health 
Information Network," which is slated to be in place by 2010.  This 
electronic medical records system will bring critical medical data 
to physicians and other health care providers across the state and 
provide immediate and universal access to key medical 
information.  
        Having a state-wide electronic medical records system in place 
will ensure better, safer and more cost-effective care.  
        As we focus our attention on efforts to bolster the adoption of 
HIT nationwide and consider specific legislative proposals, I urge 
my colleagues to first "do no harm."   We need to ensure that 
current patient privacy standards are not eroded.  Consumers need 
to know that the confidentiality and security of their medical 
records will be guaranteed.  

PREPARED STATEMENT OF THE HON. TIM MURPHY, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF 
PENNSYLVANIA

        Thank you Mr. Chairman.
	As a psychologist, I have experienced a great deal of success in 
bringing people together. However, perhaps my greatest 
achievement was hosting a press conference when Senator Hillary 
Rodham Clinton (D-NY) and former Speaker Newt Gingrich (R-
GA) stood side by side to save tens of thousand of lives and 
hundred of billions of dollars.  In May of last year, Senator Clinton 
and former Speaker Gingrich attended a kick-off ceremony to 
discuss my introduction of the first health information technology 
(Health IT) legislation of its kind aimed at dramatically 
transforming the way health care is delivered in this country.  The 
21st Century Health Information Act (H.R. 2234) promotes the 
move towards secure, confidential electronic health records and 
interoperable regional health information networks. 
	I was pleased to work with my colleagues including Energy 
and Commerce Health Subcommittee Chairman Deal (R-GA), 
Ways and Means Health Subcommittee Chair Nancy Johnson (R-
CT) and U.S. Department of Health and Human Service Secretary 
Michael Leavitt on legislative proposals to ensure that our 18th 
century paper file system catches up with our 21st century medical 
care.  Many of the provisions from my legislation including a Stark 
exemption to allow hospitals to buy this lifesaving technology for 
their doctors was incorporated into H.R. 4157, the Health 
Information Technology Promotion Act and I am proud to 
cosponsor this legislation before the Subcommittee today.
	Health IT is not computers, wires, hardware, software, and 
PDAs, it is fewer errors, less infections and mistakes, lower cost, 
better quality and a higher standard of care. It's as simple as that. 
        Today, voluminous paper medical records are frequently 
scattered between multiple hospitals and doctors' offices resulting 
in the likelihood that important records could be lost or not 
retrieved when doctors need to be making informed decisions.  
One study found that one in seven medical records was missing 
vital patient information.  The paper-based, often incomplete, 
medical record-keeping system used by most health care providers 
leads to redundant tests, medical errors, and misdiagnoses.  All 
told, the RAND Corporation reported these critical errors add $162 
billion in health care costs per year. Electronic medical records 
(EMRs) and electronic prescribing can reduce costly medical and 
medication errors, while quickly and securely being able to provide 
a patient's medical records and tests at a moments notice.
        It is my hope that this hearing will focus on continued concerns 
over protecting patient privacy, interoperable standards to avoid a 
'Tower of Babel' where health systems can not speak to each other 
and leveraging technology to improve the efficiency, quality and 
safety of the health care system.  Every day that we delay 
implementation is costing lives and money. 
	Thank you, Mr. Chairman for allowing me to participate in 
today's hearing, I look forward to working with you to transform 
health care for the 21st Century.

PREPARED STATEMENT OF THE HON. FRED UPTON, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF MICHIGAN

        Mr. Chairman, I am encouraged that we are taking this big step 
forward today to examine and evaluate what needs to be done 
legislatively to foster the rapid development and dissemination of 
health information technology, including electronic medical 
records, and to do this in a way that will not impede further 
technological advances.  We've got some tough nuts to crack.  
Protecting patient privacy, modifying anti-kickback laws to allow 
the development of HIT networks, and modernizing our coding 
systems are just three areas that come to mind immediately.
	As an original cosponsor of H.R. 4157, the Health Information 
Technology Promotion Act, that you and Mrs., Johnson 
introduced, I think the bill gives us a solid starting point for 
progress toward a 21st Century health care delivery system-a 
system of efficient, coordinated, cost-effective and high-quality 
care.  While we are second to none in the world when it comes to 
medical innovation, we have a system that is fragmented, 
vulnerable, inefficient, and fraught with preventable medical 
errors. We've got some catching up to do, to say the least.  
	Perhaps nothing offers a more compelling example of the 
pressing need for the widespread use of electronic medical records 
and health information technology than the aftermath of Hurricane 
Katrina.  Hundreds of thousands of residents were displaced from 
their homes, many fleeing with only the clothes on their backs, and 
living in shelters and temporary housing across the country.  
Neither the evacuees nor their new health care providers had 
access to their paper medical records, many of which were 
destroyed.  At least 40 percent of evacuees were taking 
prescription medications before the storm, and many more needed 
medications after it.  Because our nation's pharmacies have been in 
the forefront of electronic medical records and health information 
technology, five days into the disaster, a website, 
KatrinaHealth.org, was in the works, and shortly, doctors and 
pharmacists across the country could go online and find out what 
medications many of the evacuees they were seeing were taking 
and how that might affect any new medications they were thinking 
of prescribing.   
	Meanwhile, back in the Gulf, hospital roofs were dotted with 
what sodden paper records may have survived, weighted down 
with stones, and drying out in the sun.  

	MR. DEAL.  I thank the gentlelady.  And, Mr. Gonzalez, a 
member of the full committee, we welcome him to the dais as well.  
Thank you for being here.  It is my pleasure now to introduce our 
distinguished panel, and we are just about to be interrupted with 
these votes but I will try to get your introductions in before that 
time.  First of all, Mr. Ivo Nelson, Healthcare Industry Leader with 
IBM; Dr. William Braithwaite, who is the Chief Clinical Officer of 
eHealth Initiative and Foundation for eHealth Initiative; Mr. Alan 
Mertz, the President of American Clinical Laboratory Association; 
Mr. Bill Vaughan, Senior Policy Analyst at Consumers Union; Mr. 
Mark Neaman, President and CEO, Evanston Northwestern 
Healthcare; Mr. James C. Pyles, Attorney and member of a firm 
here in Washington, D.C.; and Dr. Don Detmer, President and 
Chief Executive Officer of American Medical Informatics 
Association in Maryland.
	Gentlemen, we are pleased to have you here, and how about 
that for timing.  We will let the buzzer ring for its required period 
of time here, and we have five more buzzers to go and they will 
start in just a second.  But, Mr. Nelson, we will at least try to get 
your opening statement in.  Let us wait for these bells to ring 
again.  Mr. Nelson, you may proceed.

STATEMENTS OF IVO NELSON, HEALTHCARE INDUSTRY LEADER, GLOBAL AND AMERICAS, 
IBM; WILLIAM BRAITHWAITE, M.D., Ph.D., CHIEF CLINICAL OFFICER, eHEALTH 
INITIATIVE AND FOUNDATION FOR eHEALTH INITIATIVE; ALAN MERTZ, PRESIDENT, 
AMERICAN CLINICAL LABORATORY ASSOCIATION; BILL VAUGHAN, SENIOR POLICY 
ANALYST, CONSUMERS UNION; MARK NEAMAN, PRESIDENT AND CEO, EVANSTON 
NORTHWESTERN HEALTHCARE; JAMES C. PYLES, ATTORNEY MEMBER, POWERS, PYLES, 
SUTTER AND VERVILLE, P.C.; AND DON E. DETMER, PRESIDENT AND CHIEF EXECUTIVE 
OFFICER, AMERICAN MEDICAL INFORMATICS ASSOCIATION

        MR. NELSON.  Thank you, Chairman Deal, and members of the 
subcommittee.  My name is Ivo Nelson.  I am actually here from 
Texas so I feel quite at home with the people that are here today.  I 
do lead the IBM Healthcare Business Consulting Services Group.  
IBM appreciates this opportunity to testify in support of legislative 
proposals to promote electronic health records in a smarter health 
information system.  Today, there is growing consensus that a 
more intelligent, innovative healthcare system is within reach 
through better use of information technology.  The IBM 
Corporation is fully committed to helping a smarter health system 
emerge as a model of 21st Century American innovation.
	One of IBM's core values is creating innovation that matters to 
the company and to the world.  Today, almost everyone agrees that 
dramatically improving healthcare is the innovation that matters.  
To that end, we are collaborating with other large employers, 
agencies, providers, and standards bodies to transform healthcare.  
Today, it is a fragmented paper-based problem.  Soon it will 
become a highly connected system for fluid exchange of digital 
health information and innovative new services.  As a company, 
we are striving to do for healthcare what the ATM system, which 
we helped to invent, did to launch the global infrastructure for 
electronic financial transactions or what the Internet browser did to 
catapult the Web from an academic network into the platform for 
innovation it is today.
	With respect to pending legislation proposals, IBM supports 
provisions that serve three objectives: drive adoption of open 
standards by the Federal government in private industry; commit 
initial seed funding and make early policy choices; and create 
incentives in Medicaid and Medicare to reward quality of care.  
These three areas are keys, we believe, to a smarter system of 
health.  This new model of care will unlock the value of health 
information and help healthcare become properly organized around 
its core constituents, patients.
	Let me expand briefly on the three topics I have outlined.  
Standards interoperability are the front and center in a project 
called the Nationwide Health Information Network or NHIN.  IBM 
is one of four companies developing prototype architectures 
through a contract awarded in 2005 by the Office of the National 
Coordinator of Health IT at the Department of Health and Human 
Services.  The NHIN project can be thought of as a foundation for 
a medical Internet and digital infrastructure for healthcare.  It was 
also structured with the ingenious requirement the four contractors 
must make their respective efforts interoperate with each other via 
open standards.
	The success of the Internet itself is overwhelmingly due to 
open standards and protocol such as HTML, XML, IP, and many 
others.  Some healthcare standards have had long use within care 
settings and new standards are emerging.  What is needed today is 
to expand the use of these standards across multiple care settings 
and across all of government healthcare.  Federal adoption of an 
open standard for these core elements of medical is critical.  For 
example, Federal agencies mandate reporting of extensive amounts 
of clinical information, yet do not allow information to be 
submitted via standardized electronic formats.  I have actually 
attached the FDA drug adverse event reporting requirement, 
MEDRA, for you to take a look at.
	While this example is drawn from the FDA, each of the 
agencies has comparable examples of reporting that does not 
utilize health information technology built on standards.  Turning 
to the government's role as an early funder and policy maker, 
history demonstrates that a new innovation often proceeds slowly 
at first before a catalystic inflection point causes it to accelerate.  
The Internet remained an obscure academic network for decades 
before browsers drove its explosive growth.  With nearly half of 
healthcare spending in the U.S. originating with the government, 
the public sector can have a decisive role in sparking a smarter 
health system for all Americans.  Committing initial seed funding 
in making early policy choices will set the stage for growth of 
health information exchange.  The funding for Dr. Brailer's office, 
the national coordinator, and projects like NHIN and PHRS are 
good examples of catalyzing funding.  Efforts to resolve privacy 
issues are another.
	IBM hopes to play a complimentary leadership role as an 
innovation partner for the business of healthcare and as a large 
employer providing healthcare to more than half a million IBMers 
and their families.  Finally, establishing electronic health records 
for millions of citizens will require a range of incentives to 
accelerate adoption especially among physicians and providers.  
The benefits of a smarter health system will enable a historic shift 
in medicine when designed to reward outcomes and improve 
quality of care rather than today's fee for service model.  Health IT 
is needed for this shift in reimbursement because it can ease the 
burden of measuring and reporting performance.
	Creating powerful incentives is necessary if we are to 
transform healthcare, and this committee can start by 
implementing pay-for-performance model in Medicaid.  To 
summarize the three points I leave you with are the Federal 
government can advance a smarter health system by widely 
deploying standards.  You can accelerate the transformation of 
healthcare through bold seed funding and active leadership in 
policy areas such as privacy.  Strong incentives are needed to drive 
adoption of electronic health records and rewarding the quality of 
care in medicine, and Medicaid is one of the most powerful tools 
available.
	Mr. Chairman and members of the subcommittee, thank you 
for the opportunity to testify today, and I look forward to 
answering any questions you may have.  I spend most of my time 
in the field with hospitals and payers so I have got a very 
pragmatic view, I think, of the industry we are all operating in.  
Thank you.
	[The prepared statement of Ivo Nelson follows:]

PREPARED STATEMENT OF IVO NELSON, HEALTHCARE INDUSTRY 
LEADER, GLOBAL AND AMERICAS, IBM

        Chairman Deal and members of the Health Subcommittee of 
Energy and Commerce.  My name is Ivo Nelson and and I lead 
IBM's Healthcare Business Consulting Services.  IBM appreciates 
the opportunity to testify in support of legislative proposals to 
promote electronic health records (EHRs) in a smarter health 
information system.  
        Today, there is growing consensus that a more intelligent, 
innovative healthcare system is within reach. Through better use of 
information technology, experts agree that healthcare quality can 
be improved and costs restrained, while protecting the privacy of 
patients and the security of their health data. 
        The IBM Corporation is fully committed to helping a smarter 
health information system emerge as a model of 21st century 
American innovation.  We are focusing our software, services and 
expertise and combination of business and technology experience 
to support  the transformation of healthcare from its fragmented, 
paper-based current state into a coherent, interconnected system.  
The objective is to enable the fast and fluid exchange of digital 
health information, applications and services that will revolutionize 
all facets of healthcare. 
        Healthcare is closely aligned with one of the three core values 
around which IBM organizes and manages our global enterprise: 
creating "innovation that matters, to the company and the world."
        Today, almost everyone agrees that dramatically improving 
healthcare is the innovation that matters. To that end, IBM is 
collaborating with other large employers, agencies, providers and 
standards bodies on a host of efforts to spur the transition to digital 
healthcare. As a company we are trying to do for healthcare what 
the ATM system (which IBM helped invent) did to launch a global 
infrastructure for electronic financial transactions, or what the 
Internet browser did to catapult the World Wide Web from an 
academic network into the platform for innovation that it functions 
as today.
        IBM supports legislative provisions that:

	 Drive adoption of open standards by the federal 
government and private industry;
	 Commit initial seed funding and make early policy choices 
that will set the stage for growth of health information 
exchange; and 
	 Create incentives in Medicaid and Medicare to reward 
quality of care, including those that can be measured and 
rationalized through the use of health information 
technology (Health IT).

        These three areas - open standards, seed funding and policy 
commitment that catalyze change, and new incentives to reward 
the quality of healthcare - are the keys we believe, the keys that 
will open up a smarter information system for healthcare. Not only 
will this new model of care unlock the value of health information 
in a networked world, it will help healthcare evolve into a system 
properly organized around its core constituents-patients-and 
begin to make costs and quality more transparent to all. 
        In 2004, the President launched an initiative to make electronic 
health records (EHRs) available to most Americans within the next 
10 years.  In 2005, the Senate passed legislative reforms to 
Medicare reimbursement and Health IT legislation that drives 
toward these goals.  We encourage similar action by your 
committee and the House in 2006.
        Today, I would like to talk about the steps that this committee 
could take to improve healthcare, first through better use of open 
technology standards. Where possible, I will use examples of our 
own conduct and efforts at IBM.

I. Driving Standards Adoption
        Achieving the vision of a nationwide health information 
exchange first requires interoperability: the ability for disparate 
health information systems to be able to talk to each other and 
share data in a safe and secure manner. Interoperability and 
standards are often mistakenly lumped together. Standards are 
much narrower and specify technical details. Interoperability, on 
the other hand, is a much broader concept that involves both 
atechnical and business context. 
        The success of the Internet itself is overwhelmingly due to the 
implementation of open standards, protocols, languages and 
architectures such as HTML, XML, HTTP, PDF and many others. 
In fact, almost all digital dataflow today depends on an open 
standard for packets of digital information called IP, or Internet 
Protocol.
        Open standards have been profoundly embraced by most 
technology companies, as well as governments and the public 
sector around the world for many years, and for many reasons. 
Chief among them is that open standards work to ensure 
compatibility and interoperability that benefits all participants. 
Broadly speaking, standards have long proven their value in 
business and society in everything from measurements of weight 
and size to transformative technologies such as wireless networks. 
        "Open" standards are those that are freely available to all, and 
are created by an open decision-making process. In our world of 
networked information, they speed innovation, integration and 
collaboration in countless dimensions, including supply chain 
management, consumer electronics and many forms of 
communications.
        Why is better use of standards so important?  In short, better 
use  will facilitate the easier exchange of health information, 
thereby helping lower costs (e.g. transaction costs), provide better 
information to physicians and caregivers at the point of care and 
improve patient safety and clinical quality.
        Until we have unambiguous, clinically-relevant coding of chief 
complaints, prescriptions, laboratory and imaging orders and 
results, we hobble our ability to learn from this vast corpus of 
information.  Outcomes analysis, long-term effects, and the 
identification and encouragement of best practices and quality-of-
care are all dependent on capturing this information at the source. 
Open standards are nothing less than the means to advance the 
industry towards richer, more evidence-based medicine and a 
smarter health system.
        In many cases, the standards have had long use within care 
settings and are simply being pressed into use for broader networks 
that extend across multiple care settings.  Standards are used in all 
phases of patient care and cover everything from messaging and 
content, to measurement and communication. In some cases, these 
protocols have already achieved wide adoption, such as the Digital 
Imaging and Communications in Medicine (DICOM) format. 
More recently, the National Council for Prescription Drug 
Programs, Inc. (NCPDP) telecommunication standard was named 
the official format for pharmacy claims under the Health Insurance 
Portability and Accountability Act (HIPAA). 

IBM's Standards Efforts in Healthcare
        IBM has worked with providers, hardware and software 
vendors to develop and adopt standardized ways of describing 
health data, transmitting it to other computers, and requesting 
processing related to that data from other computers.  As specific 
needs for collaboration across networks become clear, new 
standards are developed and adopted.  For example, one of the 
earlier standards, DICOM, was developed so that x-rays and other 
medical images could be shared.
        IBM is a member of many key healthcare standards bodies 
including HL7, and was a founding member of the Eclipse 
Organization a leading open source community. Most recently, 
IBM made its entire patent portfolio available, royalty-free, to 
standards bodies working on open, interoperable infrastructure for 
healthcare and education.

        Integrating the Healthcare Enterprise  IBM's work on 
building a nationwide infrastructure for clinical information 
exchange (the NHIN prototype) has lead it to join an initiative 
called Integrating the Healthcare Enterprise (IHE).  Under the 
leadership of HIMSS and the Radiological Society of North 
America, IHE is an architectural framework for exchanging 
information across the enterprise that can incorporate established 
standards to allow different healthcare enterprises to use their own 
choice of hardware and software. In fact, our NHIN prototype is 
based on IHE's work, as well as the open-standards based 
Interoperable Healthcare Information Infrastructure (IHII) 
architecture developed by IBM Research.

What is Still Missing: Federal Transition to Broad Standard's 
Adoption
        Federal adoption of open standards for healthcare diagnoses, 
treatments and other core elements of medicine is critical to tip the 
use of these innovation drivers from desirable to necessary.  When 
the government has adopted standards, such as the use of 
International Classification of Diseases and Related Health 
Problems (ICD-9) system for billing purposes, its market power 
provides a sufficient voice to finalize consensus within healthcare. 
The government was a principle driver for the adoption of ICD-9, 
CPT/HCPCS, and DRG reporting.  



        However, beyond the initiatives cited here, the broader federal 
government has been somewhat slow to adopt and drive electronic 
healthcare standards, and often requests that health information be 
exchanged using phone, mail, or manual means that don't advance 
open electronic standards and data exchange.  As a result, 
healthcare care costs are higher and quality is lower than they 
would be if the federal government was more proactive about 
implementing electronic standards.  
        For example, federal agencies mandate reporting of extensive 
amounts of clinical information, yet don't require information to be 
submitted via standardized electronic formats.  I have attached 
FDA drug adverse event reporting requirement - MEDRA - and 
an illustration from the FDA website depicting their reporting 
process.   http://www.fda.gov/medwatch/  While this example is 
drawn from the FDA, each of the agencies has comparable 
examples of reporting that does not utilize health information 
technology built on standards.
        Agencies need the resources, guidance and clear leadership to 
move away from these manual reporting systems in favor of 
standards-based electronic reporting.  The Senate legislation 
includes provision to move the federal government towards 
standards adoption by establishing an additional requirement for 
standards in procurement, and requiring the option of standards 
based reporting to federal agencies.  The provision would build on 
the standards identified several years ago by Secretary Thompson, 
while allowing further standards to be adopted as they are 
identified.  It also allows the provider the choice of either 
continuing to report manually or in electronic standards.  

II. The Role of Initial Funding and Policy Leadership in 
Sparking Healthcare Transformation
        A smarter health system is clearly desirable - however, history 
demonstrates that innovation often proceeds slowly at first, before 
accelerating after a catalytic inflection point. The Internet, for 
example remained an obscure academic network for several 
decades before the Mosaic Web browser drove its explosive 
growth in the 1990s. The DVD player became the most rapidly 
adopted new technology only after manufacturers resolved two 
competing technology standards.  
        The government's role as an early funder and policy driver is 
vital during the initial phase of a major innovation such as the one 
dawning around digitally networked healthcare.   Initial funding is 
the seed that allows healthcare system participants to develop 
prototypes that translate concepts into implementations. The 
government also plays a key role as a consensus builder on policy 
issues, to the benefit of both citizens and businesses. As lessons are 
learned from prototypes and policy development, new business 
models emerge over time that can carry innovation forward.
        Meanwhile the nature of innovation itself is becoming more 
collaborative-between commercial enterprises as well as between 
the public and private sectors-government has a highly 
constructive role to play in sparking work that will unleash the 
ability of businesses to drive growth and productivity. A smarter 
healthcare system is just such entrepreneurial fire ready to be lit. 
        Finally, with nearly half of all healthcare spending in the U.S. 
originating with the federal government, the public sector can have 
a decisively influential role in helping engender a smarter health 
system for all Americans. IBM hopes to play a similar leadership 
role, both as large employer seeking to innovate how it delivers 
healthcare to its workforce, and as a business and innovation 
partner for many parts of the healthcare ecosystem.

Nationwide Health Information Network Architectural 
Prototypes.
        Funding included in President Bush's Health Information 
Technology Plan is an important source of prototype funding.  The 
President has requested $116 million for his health information 
initiative in FY 2007.  While this represents a small portion of the 
$5.5 billion that will be spent on health related information 
technology, it provides key seed money for prototypes and early 
learning.  
        The importance of standards and interoperability are front and 
center in a several projects pertaining to development of a 
Nationwide Health Information Network (NHIN). As you may 
know, IBM is one of four companies awarded a contract to develop 
NHIN architectural prototypes through a contract with the 
Department of Health and Human Services, Office of the National 
Coordinator for Health Information Technology.  The four 
architecture prototype contractors are not building the Network, 
per se, but each vendor is building a prototype architecture. 
        The goal of the Nationwide Health Information Network 
(NHIN) prototype is to demonstrate major concepts that build 
towards the ultimate goal of a smarter, more connected information 
infrastructure for healthcare, including the abilities: 

	 To enable secure electronic exchange of healthcare 
information between and within healthcare marketplaces 
that allows for the gathering of necessary public health data 
while preserving patient privacy. 
	 To demonstrate how various healthcare marketplaces can 
be part of this communications network in a manner that is 
cost-effective and not disruptive to their current models of 
doing business.

        These contracts complete the foundation for an interoperable, 
standards-based network for the secure exchange of health care 
information. HHS previously has awarded contracts to create 
processes to harmonize health information standards, develop 
criteria to certify and evaluate health IT products, and develop 
solutions to address variations in business policies and state laws 
that affect privacy and security practices that may pose challenges 
to the secure communication of health information.  
        IBM is following several key principles in developing a 
prototype architecture for the developing nationwide network.  
These principles are the result of IBM's experience in healthcare 
and other sectors.  They also arise from IBM's work with many 
broad-based organizations in this area such as the Healthcare 
Information & Management Systems Society (HIMSS), the 
eHealth Initiative, and other information technology vendors, and 
privacy and technical organizations with whom we collaborate 
with on a daily basis.
        The NHIN project promises to bring about a smarter health 
system by leveraging the expertise and market interests of the 
private sector. But it was also structured with an ingenious 
requirement: the four participating contractors, IBM included, 
must make their respective efforts interoperate across competing 
healthcare marketplaces via open standards. If the NHIN project 
can be thought of as the foundation of a "medical Internet" or 
digital infrastructure for healthcare, then the importance that the 
evolving nation-wide integrated system will be based on open 
standards is quite obvious. 



        In developing this prototype architecture for the evolving 
nationwide network, IBM is following several key principles that 
are the result of our experience in healthcare and other sectors.  
They also arise from IBM's work with many organizations in this 
area such as the Healthcare Information & Management Systems 
Society (HIMSS), the eHealth Initiative, and other information 
technology vendors, as well as privacy and technical organizations 
with whom we collaborate on a daily basis.
        The NHIN project promises to bring about a smarter health 
system by leveraging the expertise and market interests of the 
private sector. But it was also structured with an ingenious 
requirement: the four participating contractors, IBM included, 
must make their respective efforts interoperate across competing 
healthcare marketplaces via open standards. If the NHIN project 
can be thought of as the foundation of a "Medical Internet" or 
digital infrastructure for healthcare, then the importance that the 
evolving nation-wide integrated system will be based on open 
standards is quite obvious.  
        Through the NHIN, it is envisioned that healthcare consumers 
would be empowered to access their personal health records 
(PHRs)  using the same network that allows them to share their 
medical records with healthcare providers that they see in other 
communities. IBM's architectural prototype for the NHIN system 
would not be a single repository of everyone's medical records, but 
rather an index that points to information stored at the originating 
provider site.  IBM believes that independent healthcare 
consumers, providers, and communities (as well as regional health 
information organizations) will set the rules for who can see what 
information and for what information they need.  	
        Healthcare systems or RHIOs wish to retain control over their 
enterprise-wide data and will also set the business rules for how 
data will be exchanged.   The NHIN will be a practical, 
community-centric approach to exchanging healthcare information 
in a secure, standardized way between healthcare communities in 
the United States. 
 	At the conclusion of the NHIN prototype project, HHS will 
have four architectural prototypes to choose from or to incorporate 
into the adopted NHIN architecture and a dozen communities will 
have developed practical experience with information sharing.
        IBM's prototype architecture, along with the other vendors, is 
part of a broader effort  sponsored by the ONC including related 
efforts to advance the national health IT agenda.  IBM continues to 
participate in and monitor the other ONC-sponsored efforts by The 
American Health Information Community, the Healthcare 
Information Technology Standards Panel (HITSP), Certification 
Commission for Health Information Technology (CCHIT), and  
Health Information Security and Privacy Collaboration (HISPC).
        The ONC awarded contracts and named inter-related groups 
may supersede some of the functions and activities related in other 
aspects of this testimony as they evolve during the coming months.  
Through a series of contracts, public meetings and coordination 
activities, these named groups are collectively addressing standards 
harmonization, compliance certification, processes to develop 
solutions that address variations in business policies and state laws 
that affect privacy and security practices.  

Personal Health Records
        IBM can offer several examples to the Committee of our own 
funding and policy initiatives that may provide some guidance for 
similar efforts involving Medicaid. In 2005 IBM announced that it 
would provide personal health records (PHRs) to its entire U. S. 
workforce. To protect employees' privacy, the personal health 
record (PHR) system available to IBMers today is managed by an 
outside vendor and we have instituted contractual provisions and 
process controls in order to prevent inappropriate access to 
employee-specific data.    
        To establish their personal health record (PHR), our U.S.-based 
employees begin by entering basic information: medicines, 
allergies, major conditions, and details on their doctors and 
insurance coverage. Later this year, employees' personal health 
records (PHRs) will grow to automatically include medical and 
prescription drug claims history. 
        Even this basic information has real utility today. It can be 
emailed or faxed to a provider-and even sent from a Web-enabled 
mobile device-or simply stored or printed out for easy access in 
an emergency or when traveling. The ultimate goal is to enable all 
types of electronic health information, including one's lab results, 
prescription histories, medical images and more to flow into the 
record to form a comprehensive portrait of a patient.  Equipping 
and empowering patients with personal health records (PHRs) is 
only the start.  Enabling such data to flow electronically to doctors, 
hospitals and other providers authorized by the patient will allow 
healthcare to become a highly interoperable and innovative - 
something it is far from today.
	Early this week, CMS also issued an RFP on personal health 
records (PHRs) for Medicare beneficiaries.  Yesterday, IBM 
testified to the Federal Workforce Committee about legislation to 
extend interoperable Personal Health Records (PHRs) to all federal 
employees.  This Committee has the same ability to leverage 
existing claims data in state Medicaid programs.  IBM urges you to 
examine the role that our federal government can play in 
catalyzing interoperable personal health records (PHRs) by 
providing them to Medicaid beneficiaries.  
        Just as the value of a network rises exponentially with the 
number of devices connected to it-the so-called network effect-
the power of the personal health record (PHR) will rise 
dramatically the faster we can build a critical mass. What's more, 
with a large enough base of personal health records (PHRs), the 
private and public sectors will create strong incentives for 
physicians, hospitals, and other health system participants to begin 
to adopt the infrastructure for healthcare that will improve quality 
and reduce costs.  
        Interoperable personal health records (PHRs) will also drive 
two vital changes in the nature of healthcare itself.  First, they will 
increasingly make the patient the center-point around which 
healthcare organizes itself. And second, interoperable personal 
health records (PHRs) and their related systems will support 
greater transparency across healthcare, and in many dimensions, 
including price and quality.
        At IBM, the personal health records (PHRs) that we are 
providing to all of our employees in the U.S. are a prime example 
of this patient-centered approach.  When an IBMer first goes to the 
Web site for their personal health record, they are offered a 
financial incentive to complete an employee health risk appraisal, 
develop a personal preventive care action plan and identify quality 
hospitals in their area. The process surveys a range of issues 
including exercise level, family histories and cholesterol control, if 
applicable. Based on the results, an IBMer can subscribe to receive 
expert information, articles and advice on how to reducing their 
risks.  It identifies eligibility for additional benefits and services 
such as disease management and refers employees to those 
resources.  Decision support tools for drug comparison and 
interactions, hospital quality and Leapfrog results (from the 
Leapfrog Group's performance measurement system) provide 
individual support for optimizing benefits quality and costs.
        For IBM, the risk assessment tools and the personal health 
records (PHRs) we provide our workforce are an investment that 
we recoup through improvements in employee health and the 
significant cost savings that result. For individual employees, the 
incentives we provide-to take the assessment, or track their self-
paced exercise regimens -are essential to helping us capture these 
business benefits.

Consumer Centric Healthcare
        To put IBM's experience with personal health records (PHRs) 
in some context, I would first like to describe our broader efforts 
on improving employee health and reducing costs.  That backdrop 
is, in fact, how we progressed to offer personal health records 
(PHRs) for our employees.

        IBM provides health and health benefits of over 500,000 IBMers, 
retirees and dependents.  In total, the IBM Corporation spends over 
$1.7 billion on healthcare each year.  As a result of our consumer-
centric health programs for our employees, IBMers are healthier 
and have lower health expenses than others in our industry.  We 
have demonstrated that information-rich, patient-centric wellness 
programs aren't marginal benefits. They are very good business:

	 IBM's employee injury and illness rates are consistently 
lower than industry levels.  
	 We have documented significant decreases in the number 
of health risks among IBM employees as a result of 
participating in our wellness initiatives.  
	 IBM's disease management programs have demonstrated a 
9%-24% reduction in emergency room visits and a 13-37% 
reduction in hospital admissions resulting in an overall 16% 
reduction in medical and pharmacy costs adjusted for 
medical trend over a 2 year period.

        With the health improvements, we have seen cost benefits -- 
IBM healthcare premiums are 6% lower for family coverage and 
15% lower for single coverage than industry norms.  Our 
employees benefit from these lower-cost as well -- they pay 26 to 
60% less than industry norms.  And IBM healthcare premiums 
have been growing significantly more slowly than U.S. health 
insurance premiums. 



Critical Areas for Initial Policy Choices:
         Privacy in electronic healthcare is an area of policy 
development with deep importance, diverse viewpoints, and great 
need for government leadership, both in terms of driving standards 
and providing catalytic early funding.
According to a 2005 survey, two-thirds of all Americans report 
high levels of concern about the privacy of their personal health 
information, with ethnic and racial minorities and the chronically 
ill showing the greatest concern: 

	 Is of a racial/ethnic minority: 73%
	 Is not of a racial/ethic minority: 52%
	 Has been diagnosed with a disease: 67%
	 Has not been diagnosed with a disease: 63%

        One in four consumers reports being aware of incidents where 
the privacy of personal information was compromised. In addition, 
they believe, erroneously, that paper records are more secure than 
electronic ones (66% vs. 58%).  (California HealthCare 
Foundation)
        These attitudes about privacy are reflected in the requirements 
consumers believe are important for electronic health information 
exchange. Nine of ten consumers want a system that confirms the 
identity of anyone accessing it. Eight of ten want to personally 
review who has accessed their information, and to be asked before 
their information is shared. (Markle) Clearly, privacy issues, and 
the public's perceptions of those issues, must be addressed in order 
for the PHR to succeed.  
        The HIPAA Privacy Rule has provided the bedrock for patient 
privacy in the U.S. and has established a baseline for privacy and 
security requirements for electronic health information. Many 
states have gone further then HIPAA to ensure patient privacy and 
have adopted policies that further protect patient data when stored 
and moved in an electronic format. These variations in policies 
present challenges for widespread electronic health information 
exchange.  To assess these challenges, HHS awarded a contract 
devoted to privacy and security. The Health Information Security 
and Privacy Collaboration (HISPC), a new partnership consisting 
of a multi-disciplinary team of experts and the National 
Governor's Association (NGA), will work with approximately 40 
states or territorial governments to assess and develop plans to 
address variations in organization-level business policies and state 
laws that affect privacy and security practices and pose challenges 
to interoperable health information exchange. Overseeing the 
HISPC will be RTI International, a private, nonprofit corporation 
who has been selected as the HHS contract recipient.  
        While many see privacy as a potential barrier to health 
information exchange, most computer systems today include a 
variety of privacy protections.  Most people are familiar with 
identity-based limitations - personal IDs and passwords that must 
be entered in order to access a system.  With little effort, privacy 
controls can include roles as well as identity authentication so that 
a billing clerk or a doctor will have the appropriate level and 
access to a patient's personal health information.  Information 
technology can also provide tools to monitor who accesses data, 
create an audit trail for changes the data, and a watermarks to deter 
data theft and assert ownership of pirated copies. With paper 
records, there is no automated way to know, for example, if 
someone has accessed a record inappropriately, or even removed it 
or copied it.
        We have the technology today to protect patients' but if 
privacy policies are unclear, or built on concepts such as "intent" 
that are difficult to translate into computer rules, technology will 
be of little help in formalizing privacy.  Creating a smooth 
interface between privacy policy and technology will require a 
significant commitment of political will and resources. Here again, 
the government can play a pivotal role in stimulating and 
encouraging the development of privacy policies that will enable 
electronic healthcare to move forward faster.

III. Creating Incentives in Medicare and Medicaid to Reward 
Quality 
        Establishing a system of electronic health records (EHRs) for 
millions of citizens is a major societal shift, and will require a 
range of incentives to accelerate adoption among various 
constituencies.  Physicians and other healthcare providers will bear 
the direct costs of implementing electronic health records (EHRs), 
as well as the indirect cost to transform their established workflow 
processes to take advantage of these new technologies.
        The current healthcare system has well-known flaws in how 
treatments are reimbursed. The current model rewards the volume 
of services and not the quality of outcomes. This paradigm results 
in low quality and rising costs.  Those reimbursement flaws reduce 
the incentive for quality improvement tools such as interoperable 
electronic health records (EHRs). Reforms in reimbursement 
methodologies and additional sources of funding will have a 
dramatic impact on the adoption of the electronic health records 
(EHRs), and the multitude of systemic benefits they reap.
        The effectiveness of "carrots" for performance are why IBM 
supports incentives to providers to adopt electronic health records 
(EHRs) and other related health information technology 
applications (Computerized Patient Order Entry, e-prescribing, 
etc.).  
        In fact, IBM is already implementing a "pay-for-use" incentive 
plan to drive the use of electronic prescriptions.
        In New York's Hudson Valley, where many of our employees 
live, we are funding a program that rewards doctors each time they 
use a new system for writing prescriptions electronically.  Working 
with Dr. John Blair and Taconic Health Information Network and 
Community (THINC) regional health information organization, or 
RHIO, IBM has agreed to increase the reimbursement physicians 
receive if they submit prescriptions electronically.  We believe that 
the additional reimbursement we are offering will pay for itself by 
reducing medication errors and increasing the use of generic drugs.
        We urge this Committee to examine approaches to rewarding 
value through the Medicaid program.  This coming year, the 
federal government will provide over $300 billion through the 
Medicaid program.  It makes no sense to pay all those providers 
the same reimbursement rates, if the quality for some greatly 
exceeds - or severely lags behind - that of others.  But today, 
Medicaid is at best neutral, and at worst negative, toward quality. 
Medicaid pays for the delivery of a service, not for the 
achievement of better health.
        A number of pay-for-performance demonstration projects in 
Medicare are underway (see box, right). IBM would encourage the 
expansion of these pioneering efforts and application to the 
Medicaid program.



Barriers & Indicators for Success:
        Electronic health records (EHRs) and a digital infrastructure to 
support them will enable a historic shift in medicine: rewarding 
outcomes and improved quality of care rather than simply paying 
for procedures in today's fee-for-service model.  Health IT is 
invariably linked to this shift in reimbursement because it is 
needed to help document and measure performance.

        Health information technology is a key to successful pay-for-
performance for two reasons.  First, electronic reporting can reduce 
the significant burden that performance reporting places on 
providers.  Current performance measures often involve manual 
chart review and manual processing by skilled professionals.  
Electronic reporting can reduce the performance reporting burden 
and ease participation by providers in pay-for-performance 
programs.  
        Second, electronic reporting can align with the ongoing care 
process to actually improve the quality of care a patient receives, 
not just by documenting end results, but by alerting providers in 
realtime to any gaps or best practices that may have been 
overlooked.  As a result, performance measurement carried out 
electronically can move from a description of quality to an 
operational tool that improves care.  Those patients that do not 
receive appropriate care may be highlighted while they are 
interacting with providers rather than much later in reports that are 
submitted to reimbursers.  



        Naturally, the pay-for-performance model will require the 
support of doctors and the medical community.  Financial 
incentives under a pay-for-performance program must be:

	 Non-punitive (i.e. physicians who are unable to participate 
in the program should not be subject to negative updates);
	 Prioritized, so that physicians are rewarded for achieving 
improvements for the top 20 conditions identified in the 
Institute of Medicine's (IOM) "Crossing the Quality 
Chasm" report;
	 Considerate of the critical role of primary care physicians 
in achieving such improvements; and
	 Sufficient to offset physicians' investment in health 
information technology and other office redesign required 
to measure and report quality.

        We also advise that pay-for-performance programs be 
implemented along with reforms to change the way that physician 
services are valued and reimbursed, rather than grafted onto an 
underlying payment methodology that pays doctors for doing 
more, instead of doing better.
        Of course, one of the most important factors in making pay-
for-performance a success is the size of the incentive or bonus 
relative to a physician's or hospital's total revenues. While no 
formal studies have yet clearly documented this issue, empirical 
data suggest that physicians will respond to incentives only if they 
represent 5% or more of their total revenues.
        In conclusion, creating powerful incentives in the federal 
health programs is necessary if we are to drive improvements in 
healthcare through the intelligent application of technology.  
Incentives for quality will undoubtedly lead toward better use of 
health information technology to improve healthcare.  The 
information technology industry would like the opportunity to 
drive such a virtuous circle - incentives leading to better use of 
health IT which leads to improved quality and lower costs.  This 
Committee can start by implementing the pay-for-performance 
model in Medicaid.



Summary

 The federal government can advance a smarter health 
system by deeply adopting and supporting open standards.
 The federal government can accelerate the transformation 
of healthcare through judicious seed funding of prototypes 
and communities and active leadership in policy areas such 
as privacy and security.
 Strong incentives are needed to drive adoption of electronic 
health records (EHRs), and one of the most powerful levers 
would be to reward the quality of care in Medicare and 
Medicaid  via a "pay-for-performance" model.  

	MR. DEAL.  Thank you, Mr. Nelson.  And I again apologize but 
we are going to stand in recess pending these votes.  There will be 
ten votes, so we will probably be somewhere an hour or 
thereabouts before we will be able to get back, but hopefully we 
will have a little better attendance perhaps after those first series of 
votes.  Thank you, and we will stand in recess.
	[Recess.]
	MR. DEAL.  We will call the hearing back to order.  Thank you 
for being patient during the break.  Dr. Braithwaite, we will hear 
from you at this time.
MR. BRAITHWAITE.  Thank you, Mr. Chairman.  Chairman 
Deal and distinguished members of the subcommittee, I am 
honored to be here today.  My name is Bill Braithwaite, and I am 
testifying today on behalf of the eHealth Initiative and its 
foundation otherwise known as eHI.  I serve as the chief medical 
officer of both organizations, which are independent, national, 
non-profit organizations whose missions are the same: to improve 
the quality, safety, and efficiency of health and healthcare through 
information and information technology.  In addition to our main 
work with communities, we work actively with Congress and the 
Administration to support these goals and applaud their strong 
commitment.  eHI looks forward to working with you on potential 
legislation in this area.
	I would like to talk a little bit about the big picture.  The field 
of healthcare today is so vast and so complex that practicing 
medicine with an acceptable error rate is proving to be humanly 
impossible without the support of integrated information 
technology.  The number of deaths caused by medical errors in our 
healthcare system every year has been estimated to be around 
100,000 or higher if you include all the different aspects of 
healthcare.  I think we would all agree that this is not acceptable.  
In most cases the healthcare system is at fault.  We still practice 
medicine under the old paradigm where the doctor and the patient 
interact from memory to arrive at recommendations of healthcare 
decisions for the patient.
	The only way to significantly improve the quality, safety, and 
efficiency of our healthcare system is to bring the information 
system into the exam room, as it were, and to change the paradigm 
of clinical practice so that it routinely involves the doctor, the 
patient, and the computer working together to provide the best 
healthcare advice possible.  The way to implement this new 
approach is through direct interaction of clinicians and patients 
with a Clinical Decision Support System.  Such a system must be 
integrated into the clinical environment in a way that supports, 
rather than disrupts, the efficient flow of the process of healthcare.  
But since most of the data on which clinical decisions are made 
actually originate outside the exam room, the Clinical Decision 
Support System by itself cannot function without a way to access 
the sources of the clinical data, the laboratories, pharmacies, 
radiology centers, et cetera.  This is the impetus for eHI's emphasis 
on interoperable health information exchange initiatives.
	There are three critical prerequisites for successful 
implementation of health information exchange initiatives: 
incentives for implementation; assurances about privacy and 
security; and full interoperability between disparate clinical 
information systems.  Even though all three are crucial, I will 
restrict this testimony to interoperability, and you will hear about 
the others from others on the panel.
	There is still confusion in the healthcare industry about the 
meaning of the term interoperability.  The definitions in my written 
testimony on page 5 come from an analysis of over 100 such 
definitions done by the international standards developing 
organization, HL7.  Basically interoperability is the secure 
electronic communication of clinical data, like lab results from a 
computer in one institution in such a way that a computer in 
another institution can understand the precise meaning of what was 
said.  In this case computer understanding means that the 
information could be processed by the receiving computer to reach 
conclusions about what advice to give to optimize patient care.
	The terminology used to describe clinical concepts must be 
standardized, controlled, and coded in enough detail to 
differentiate between closely related conditions that might require 
different treatments.  For example, the synonyms were originally 
used to identify the condition at the local hospital.  At last count, 
for example, there were 17 different terms used in different parts of 
this country that all referred to the same concept of high blood 
pressure.  Larger categories of clinical concepts typically used for 
reimbursement transactions are not sufficiently detailed for this 
purpose.  Interoperability also implies that there is a standard 
mechanism that all participants can use to exchange the 
information securely.  Most of us use the World Wide Web every 
day and understand the power of having such a communications 
infrastructure available to all.  Healthcare, of course, requires iron 
clad security as part of its infrastructure, including features not 
required in the standard Internet such as authentication, 
authorization, auditing, encryption, and digital signatures.
	Successful implementation of electronic health information 
across institutions requires specificity, standards, and conformance 
testing of the results, features not currently found in most of the 
standards available today even after up to 20 years of development 
because of course the standards developing organizations have 
been focused on something else, the exchange of information 
within institutions between information systems.  The sometimes 
heard proclamation that health information exchange should wait 
until the standards are done is made by those who are not fully 
aware of the tasks involved.  Enormous progress has been made in 
the understanding, specification, and adoption of standards so far, 
but standards are not static.  They must evolve to meet the 
continuous advances in the delivery of healthcare and can never be 
done.  On the other hand, there are some low hanging fruit that we 
can address.  Given that the timeline for full interoperability 
between clinical information systems, in my opinion, is likely to be 
measured in decades, what can we do in the meantime to reap 
some of the value of the Health Information Exchanges that we can 
implement today?
	If we focus our resources on a few projects that can 
successfully reach interoperability in the short term, we can 
demonstrate immediate benefits for people who are working 
toward the same goal using consistent standards.  If you ask 
clinicians what information is most important when they are seeing 
a patient without a medical record as they had to do after Katrina, 
they quickly list medication history, allergies, lab results, problem 
list, and interpretive reports.  The patient, however, first wants to 
do without the need to fill out the same data multiple times on the 
medical clipboard at each provider that they go to.  So let us start 
with those needs in mind and solve some of the immediate 
problems.
	The industry has already made much progress on these 
particular needs because the demand is there, and the efforts under 
the contracts issued by HHS through the Office of the National 
Coordinator are focusing on the same situations in the context of 
prototypes for a nationwide health information infrastructure.  
Results from these funded efforts are expected by the end of this 
year.  In addition, the important private-public sector partnerships 
such as the Markle Foundation's Connecting for Health initiative, 
with additional support from the Robert Wood Johnson 
Foundation,  have provided a great deal of guidance on the 
technical aspects and the key principles and policies for 
information sharing.
	The standard for exchanging medication history and laboratory 
results is already being tested, although integration with lab test 
ordering is still being worked on.  One approach for interpretive 
reports, which is one of the sort of early wins that people are 
looking for, is an electronic standard message that contains both a 
human readable representation of the data, and a structured and 
coded form suitable for processing by a computer.  Thus, those 
source systems that are only capable of producing the human 
readable form, similar to a web page, can still participate in the 
electronic Health Information Exchange while those systems with 
more capability can include the data that is fully understood by a 
computer program in full interoperability.  This will allow a 
migration over time from a simple and easy to produce form of 
data that is still compatible with the more sophisticated forms in 
both directions of communication.
	MR. DEAL.  Could I ask you to summarize for us, please?
	MR. BRAITHWAITE.  Yes.  Vendors are reluctant to spend 
money implementing standards without customer willingness to 
pay for it.  Providers are reluctant to pay for such features if they 
cannot see immediate payback.  Therefore, purchasers have to be 
shown that the present and future value of standards-based systems 
and convinced to buy them whenever feasible.  In conclusion, I 
believe we can provide appropriate incentives to implementation, 
adequate assurances to providers and patients about the privacy 
and security of their information, and support for full 
interoperability of our healthcare information systems.  In doing so 
we will have set the stage for a high quality, safe, and efficient 
healthcare system for all Americans in their communities.  eHI will 
be there to help you if you can do this through legislation.  I would 
like to thank the committee for providing me the opportunity to 
share these insights on behalf of eHI and its foundation.
	[The prepared statement of William Braithwaite follows:]

PREPARED STATEMENT OF WILLIAM BRAITHWAITE, M.D., PH.D., 
CHIEF CLINICAL OFFICER, EHEALTH IMITATIVE AND FOUNDATION 
FOR EHEALTH IMITATIVE

Summary
        Health Information Exchange (HIE) initiatives are the 
underpinnings for a system to improve how healthcare is practiced.  
Recognizing that healthcare is local, the eHealth Initiative and its 
Foundation are supporting multi-stakeholder HIE collaboration at 
the state, regional and community levels through the Connecting 
Communities program.  Important knowledge related to every 
aspect of health information exchange is resulting from this work.  
[see http://toolkit.ehealthinitiative.org]  The current paradigm of 
clinical practice limits our ability to avoid errors and control costs.  
Only with clinical decision support systems (CDSS) integrated into 
the routine of clinical practice can the system support better 
healthcare decision making.  HIE is a necessary precursor to the 
operation of CDSS.  Requirements for HIE implementation include 
incentives to stakeholders, assurances regarding privacy and 
security, and health information system interoperability. 
        Interoperability is defined with three levels of standards 
required, from controlled clinical vocabularies, to standardized 
message structures and entity identification, to a secure 
communications infrastructure.  However, standards are not 
enough for interoperability.  The necessity for inter-institutional 
exchange of data is forcing a change in the character of standards 
from the traditional, flexible standards currently in use between 
systems in the same institution to more complete, rigorous, and 
tested implementation specifications integrated across standards 
for specific use cases.  Systemic barriers to the rapid deployment 
of this evolution must be addressed.
        This process is likely to take decades before full 
interoperability of clinical information systems is a reality.  There 
are some low hanging fruit that can be harvested in the near-term, 
however; medication history, lab results, and interpretive reports, 
for example.  There is an existing suite of standards that addresses 
these areas of interoperability but most of the standards are not 
rigorously defined for specific use cases and are inconsistently 
implemented by vendors.  While the HHS AHIC and ONC efforts 
to kick-start interoperable health information exchange is a good 
and positive process; it is the start of a very long road.  Sustained 
federal leadership is crucial to achieving these goals and to 
promoting a smarter healthcare system over time.

Introduction 
        Chairman Deal, Congressman Brown, distinguished members 
of the Subcommittee, I am honored to be here today.  My name is 
Bill Braithwaite and I am testifying today on behalf of the eHealth 
Initiative and its Foundation (eHI).  I serve as the Chief Medical 
Officer of both organizations, which are independent, national, 
non-profit organizations whose missions are the same: to improve 
the quality, safety, and efficiency of health and healthcare through 
information and information technology.  
        In addition to our main work with communities, we work 
actively with Congress and the Administration to support these 
goals and applaud their strong commitment.  eHI looks forward to 
working with you on potential legislation in this area. 

The big picture
        The field of healthcare is now so vast and complex that 
practicing medicine with an acceptable error rate is proving to be 
humanly impossible without the support of integrated information 
technology.  The number of deaths caused by medical errors in our 
healthcare system every year has been estimated to be 100,000 or 
higher.  I think we would all agree; that is totally unacceptable.  
And in most cases it is the system that is at fault: we still practice 
medicine under the old paradigm where the doctor and the patient 
interact from memory to arrive at healthcare decisions for the 
patient.  The only way to significantly improve the quality, safety, 
and efficiency of our healthcare system is to bring the information 
system into the exam room, as it were, and to change the paradigm 
of clinical practice so that it routinely involves the doctor, the 
patient, and the computer working together to provide the best 
healthcare advice possible.  The way to implement this new 
approach is through direct interaction with a Clinical Decision 
Support System (CDSS).  Such a system must be integrated into 
the clinical environment in a way that supports rather than disrupts 
the efficient flow of the process of healthcare.  Since most of the 
data on which clinical decisions are made actually originate 
outside the exam room, the CDSS by itself is not functional 
without a way to access the sources of the clinical data, the labs, 
pharmacies, radiology centers, etc.  This, then, is the impetus for 
eHI's emphasis on interoperable health information exchange 
initiatives.  
        Of course, none of these technological innovations will be 
implemented unless there are sufficient incentives to get these 
systems incorporated into healthcare practice under a sustainable 
business model.  The needed incentives can take many forms, 
including pay-for-performance programs that pay providers for 
higher quality care delivered, and they are discussed in detail in 
our paper entitled, "Parallel Pathways to Quality Healthcare".  In 
addition, none of the required information sharing will be allowed 
unless there are sufficient assurances to patients and providers 
alike that the shared information will be private and secure.  In the 
interest of time, I will leave these two critical prerequisites for 
others to discuss and refer you to the eHI website for further 
background material [see http://www.ehealthintitiative.org/].

Interoperability
        Since most data on which clinical decisions are based come 
from outside the exam room or other locations where clinical 
decisions are being made, interoperability for clinical data 
exchange is a basic and necessary requirement.  However, in the 
healthcare industry there has been some confusion about the 
meaning of the term, 'interoperability'.  The following definitions 
come from a meta-analysis of over 100 such definitions done by a 
technical committee of HL7, an international healthcare standards 
setting organization.
        Interoperability is the ability of two or more systems or 
components to exchange information and to use the 
information that has been exchanged accurately, securely, and 
verifiably, when and where needed.
        Healthcare interoperability also assures the clear and reliable 
communication of meaning by providing the correct context 
and exact meaning of the shared information as approved by 
designated communities of practice.  This adds value by 
allowing the information to be accurately linked to related 
information, further developed and applied by computer 
systems and by care providers for the real-time delivery of 
optimal patient care.
        It is important to understand all the implications of the term, 
'interoperability', at different levels of abstraction from binary bits 
of information flowing through a wire at the bottom to the transfer 
of clinical knowledge at the top.  At the highest levels, the context 
and the exact meaning of information must be preserved and made 
available for use.  In this case, 'use' means that the information can 
be processed by a computer to reach conclusions about what 
advice to give to a clinician to optimize patient care.  That means 
that the terminology used to describe clinical concepts must be 
standardized, controlled, and coded in enough detail to 
differentiate between closely related conditions that might require 
different treatments, for example.  Larger categories of clinical 
concepts typically used for reimbursement transactions are not 
sufficiently detailed for this purpose.  There are also a large 
number of clinical concepts which are referred to by different 
names in different geographic locations.  Where locally defined 
terms are used in lieu of terms from a national standard controlled 
terminology, then mechanisms must be in place to make the 
translation to the national standard, a process called 
'normalization', so that another location that uses its own local 
terms for a clinical concept can preserve the correct context and 
exact meaning.  As simple examples that require such 
standardization, there are 17 different terms that represent the same 
concept of high blood pressure and there are 27 different potential 
values for the concept of sex and many different ways to encode 
them.  
        At the lowest levels, interoperability implies that there is a 
standard mechanism that all participants can use to exchange the 
information securely.  Most of us use the world-wide-web every 
day and understand the power of having such a communications 
infrastructure available to all.  Healthcare, of course, requires such 
an infrastructure to include more security features than the 
standard internet connectivity we all use, including authentication, 
authorization, auditing, encryption, and digital signatures.
        In the middle levels are the standards for aggregating discrete 
data elements together into a meaningful message sent from one 
system to another in response to an event or 'trigger', standards for 
identifying the healthcare providers and the patients, and standards 
for a plethora of other elements that are unique and specific to the 
use case being implemented.
        Clearly, interoperability requires the consistent and rigorous 
integration of standards of many types and necessarily from many 
sources.  When the only electronic information exchange being 
considered was that between one system and the next operated by 
the same institution, it was easy for the technical team(s) to discuss 
all the specific technical decisions that have to be made before 
even a well defined standard can be used in a particular business 
use case.  Once the problem is expanded to include the exchange 
of information among many institutions that may not even be in 
the same region of the country, the required degree of specificity is 
sorely lacking in most of the consensus standards available today 
and the standards development and maintenance process is 
perceived to be slow and cumbersome.  
        It is also critical, with the increasing number of participants in 
inter-institutional health information exchanges, that the 
implementations of the standards be tested be conformant to those 
standards.  For example, HL7 standards for transmitting numeric 
lab results from a laboratory information system to a clinical 
information system or repository within an institution were some 
of the earliest implementations of HL7 standards.  [Note that HL7 
celebrated its 20th anniversary as a standards developing 
organization in 2006.]  However, there are still implementations 
today where a laboratory (part of a national reference laboratory 
company) transmits the numeric result of a test in the comment 
field of a "standard" HL7 message, instead of the result field.  This 
is accommodated in today's world by writing tailored interfaces 
for each data flow to bring them to a common implementation of a 
standard.  This is expensive in the short term and untenable in the 
long term.
        The full implementation of standards requires an effective 
processes for, and ongoing investment in, standards development, 
support and maintenance, migration, and integration.  A range of 
supporting tools need to be developed and implemented to assist 
organizations in migrating to standards, including implementation 
guides, conformance processes, and educational materials.  
Demonstration and implementation projects are critical to the 
migration toward an interoperable, electronic healthcare system, in 
that they test and evaluate feasibility, uncover additional barriers 
and workable solutions to overcome them, provide replicable 
practices and tools for others, confirm value for a wide range 
community stakeholders, and build awareness of the benefits.  
        The sometimes heard proclamation that, "HIE should wait until 
the standards are done," is made by those woefully ignorant of the 
tasks involved.  The many issues discussed above indicate the 
enormous progress that has been made in the understanding, 
specification, and adoption of standards.  Standards are not static, 
however, and they must evolve to meet the continuous advances in 
the delivery of healthcare and can never be 'done'.  To become and 
remain acceptable, the standards process requires some effort and 
participation by everyone concerned.

Low hanging fruit
        Given that the timeline for full interoperability between clinical 
information systems is likely to be measured in decades, what can 
we do in the meantime to reap some of the value of the HIE that 
we can implement today?  If you ask clinicians what the most 
important information is when they are seeing a patient without a 
medical record, they quickly iterate medication history, allergies, 
lab results, problem list, and interpretive reports (e.g., radiology, 
pathology, and operative reports that are already in electronic form 
through dictation).  The wish list from the patient, however, starts 
with the data they now have to fill out multiple times on the 
medical clipboard.  Great progress has already been made on many 
of these and the efforts under the contracts issued by HHS through 
the Office of the National Coordinator of Health Information 
Technology (ONC) [see http://www.hhs.gov/healthit/] are focusing 
on these early wins as well as prototypes for the nationwide 
infrastructure.  Results from these funded efforts are expected by 
the end of this year.  In addition, important public-private sector 
partnerships, such as the Markle Foundation's Connecting for 
Health initiative [see http://www.connectingforhealth.org], with 
additional support from the Robert Wood Johnson Foundation, 
have provided a great deal of guidance on the technical aspects of 
health information exchange as well as key principles and policies 
for information sharing.
        Although medication history is not directly involved in most 
ePrescribing initiatives, it is closely related and likely to evolve 
quickly based on existing standards as ePrescribing 
implementations proceed.  Laboratory results are being exchanged 
in some environments today and standards for exchanging most 
types of results already exist.  Full integration with lab test 
ordering is still being worked on.  One approach for interpretive 
reports that looks promising is the use of a standard electronic 
message that contains both a human readable representation of the 
data and a structured and coded form suitable for processing by a 
computer.  Thus, those source systems that are only capable of 
producing the human readable form (similar to a web page) can 
still participate in the HIE while those systems with more 
capability can include data that is fully understood by a computer 
program.  This will allow a migration over time from a simple and 
easy to produce form of data that is still compatible with the more 
sophisticated forms in both directions.
        It should be absolutely clear from this discussion and these 
examples, however, that we are still many years away from the 
fully interoperable health information exchange environment of 
our vision and there are several intractable barriers to more rapid 
progress of which we should be aware.
        The business case for a vendor to incur the costs of switching 
to a standard is often muddled at best: short-term narrow objectives 
are the enemy of long-term, broad interoperability goals.  Even 
when a vendor understands that implementing standards is good 
for the product, the resources to do it are not always available.  
Purchasers have to be informed and insist on standards-based 
implementations whenever feasible.
        Existing standards must be 'constrained' (a term of art used by 
standards setting organizations) into rigorous implementation 
guides for each particular 'use case' (another term of art).  A use 
case is like the outline of a play that defines the goal, the actors, 
the roles they play, the trigger event(s) that cause them to interact, 
the data elements that they must exchange, etc.  Given a general 
use case, an implementation guide will allow an implementer to 
program an information system in a consistent way.  It may take 
several implementation guides based on several standards to 
implement a particular use case, and the combination of these is 
often called an 'integration profile'.
        There is a fairly well recognized first set of standards that are 
already being adopted for HIE.  These include: HL7 data 
interchange standards, the HL7 Reference Information Model, the 
DICOM standard for imaging, the NCPDP SCRIPT prescription 
drug information standard, the LOINC vocabulary for laboratory 
tests, the IEEE/CEN/ISO 1073 medical device communication 
standard, the ASC X12 administrative transaction standard, HL7 
Data Types, HL7 Clinical Document Architecture (CDA), and the 
HL7 Clinical Context Management Specification (CCOW).  Work 
remains to be done in a number of other domains, including 
standards related to terminology (and their uniform distribution 
within the National Library of Medicine's Unified Medical 
Language System (UMLS)), clinical templates, clinical guidelines, 
representation of business rules, representation of decision support 
rules, data elements, disease registries, tool sets, security, 
identifiers, and the electronic health record.  

Conclusion 
        In conclusion, I'd like to thank the Committee for providing 
me the opportunity to share my insights and expertise on behalf of 
eHI and its Foundation today. There is a long road ahead but it is 
filled with the promise of better health for all Americans in their 
own communities if we work together and get it right on 
interoperability.  Nothing could be more important and eHI will be 
there to help every step of the way. 

APPENDIX A
Health Information Exchange: The eHealth Initiative and 
Foundation's State, Regional and Community-Based Program 
Work  
        Recognizing that healthcare is local-and that to stimulate 
change in how healthcare is delivered, one must drive change both 
at the national level and local levels-eHI has been focusing its 
efforts on supporting multi-stakeholder collaboration at the state, 
regional and community levels, bringing its common principles, 
policies and standards developed nationally to those who are 
delivering healthcare in markets across the U.S. This work is being 
conducted through the direct funding of learning laboratories at the 
community level and advocacy and education for additional 
funding to support local efforts; the building of a coalition or 
"community" of over 2,000 stakeholders working on health 
information exchange within over 250 states, regions and 
communities across the U.S. to share insights and effect change;  
and the provision of direct technical assistance to leaders within 
states and regions who are developing strategies and plans to 
facilitate HIT adoption and health information exchange.
        The eHealth Initiative Foundation began its Connecting 
Communities program in FY 2003, through the leadership and 
foresight of Congressman C.W. Bill Young (R-FL).  Though a 
special appropriation administered by the Department of Health 
and Human Services' Office of the Secretary, and in years past by 
the Health Resources and Services Administration's Office of the 
Advancement for Telehealth (HRSA/OAT), Connecting 
Communities continues to provide seed funding and technical 
support to a set of "learning laboratories" led by multi-stakeholder 
collaboratives, who are experimenting with the development of 
models for sustainability for their health information exchange 
efforts.  This program will yield valuable lessons learned. Learning 
laboratories will inform the efforts of policy-makers, and national 
leaders both in the public and private sectors who must take 
actions to clear barriers to interoperability and health information 
mobility. 
        The 2006 Connecting Communities award program will 
provide learning laboratories for the development and 
implementation of sustainable business models for health 
information exchange and build healthcare purchaser and payer 
awareness of the value that health information exchange 
capabilities can provide in improving the quality, safety and 
efficiency of care to stimulate ongoing interest in supporting such 
activities at the state, regional and local levels. Successful 
awardees will have engaged the commitment of purchasers and 
payers representing at least 30 percent of covered lives within their 
markets, to participate in a pilot or implementation of an incentives 
program that will not only support quality goals, but also directly 
or indirectly, support the health information exchange capabilities 
which are necessary to achieve those quality goals. They will also 
have engaged the commitment of a large percentage of practicing 
clinicians--including small physician practices--who have 
committed to both utilizing the health information exchange 
capabilities, and participating in the incentives program. 
        The Connecting Communities program is also directly aiding in 
a task vital to our nation in the wake of Hurricane Katrina: helping 
to strengthen Gulf Coast healthcare services and regional 
electronic health information infrastructure in Alabama, Florida, 
Louisiana, Mississippi, and Texas by supporting public-private 
sector partnerships as well as assessment, planning, operational, 
and communications activities related to the development of health 
information networks within and across the Gulf States. Prior to 
Hurricane Katrina, work was being conducted by the Foundation 
for eHealth Initiative in the Gulf Coast state of Louisiana to assist 
in general health information technology policy efforts.  
        The program is also producing informative research and tools 
valuable to emerging health information exchanges and related 
policy formation. For example, the Connecting Communities 
Toolkit is a unique, multi-layered, one-stop resource offering 
structured, how-to synthesis of principles and tools designed to 
equip states, regions and local communities with the information 
and expertise to begin or advance local health information 
exchange initiatives and organizations.  It offers insight into areas 
crucial to start-up and successful survival such as organizational 
structure, value creation, financing, practice transformation, 
quality, information-sharing policies, technical aspects and public 
policy and advocacy. Importantly, it is a distillation of cumulative 
knowledge resulting from working with multiple stakeholders in 
different communities. Communities contribute toolkit resources 
themselves in the spirit of sharing insights with their peers.  Its 
release comes at a critical time as health information exchanges are 
coming into existence across America and seeking expert advice.
        Through eHI's activities on health information exchange, the 
organization has: become the hub of best practice development and 
sharing for driving transformation through health information 
exchange, providing a full range of tools and resources for states, 
regions and communities who are navigating the organizational, 
legal, financial, clinical and technical aspects of health information 
exchange.  It is also actively supporting stakeholders engaged in 
transformation and health information exchange efforts in more 
than 250 states, regions and communities across the U.S.
        In regards to states, the eHealth Initiative has or is in the 
process of actively supporting 13 states across the country in 
developing strategies, policies, and plans for improving health and 
healthcare through health information technology and exchange 
through its State Policy Summit Initiatives.  The goal of these 
initiatives is to help state public policy officials and key 
stakeholders in the healthcare and business communities develop 
state policy agendas and frameworks which support the rapid 
development and implementation of healthcare information 
technology and exchange.  Some of the states currently being 
supported by eHI include Arizona, Kansas, Minnesota, New 
Hampshire, New York, and Ohio.

	MR. DEAL.  Thank you.  Mr. Mertz.
        MR. MERTZ.  Thank you, Mr. Chairman.  I am Alan Mertz, 
President of the American Clinical Laboratory Association.  The 
ACLA represents the Nation's leading national, regional, and local 
laboratories.  Mr. Chairman, most patients are probably familiar 
with our members, mostly by the boxes they see out in front of the 
doctor's office that are Quest Diagnostics or LabCorp.  That is 
where the specimens are put in those boxes, and our members are 
the people who collect those specimens, transport them to a 
laboratory, do the testing overnight, and then report of those results 
usually back the next morning.  Some times millions every day, 
and testing is absolutely a critical part of our healthcare system.  It 
provides the physicians with the objective data they need to not 
only diagnose, but effectively treat and monitor disease.
	Our members also have, part of the reason we are here today, 
an extensive history of providing these doctors and hospitals with 
health information technology involved in streamlining laboratory 
test requisition, and also speeding the delivery of test results.  Let 
me give you just a little bit of background about laboratory testing 
and how important it is to the medical record, and then I will talk 
about some of the legislative proposals.  Laboratories and the 
information they provide are really the heart of the medical record.  
It is not well known to the layman that laboratory data actually 
represents 60 percent of the medical record, and while the 
diagnostic tests we do comprise only 1.6 percent of Medicare 
spending and about 5 percent of overall health spending, they 
influence 70 percent of clinical decision making.  Not only does 
this information improve outcomes and decrease costs, but 
laboratory data is becoming an even more essential building block 
for assessing quality care and it is playing an increasingly critical 
role for quality and pay-for-performance initiatives.
	The laboratories, Mr. Chairman, have made a tremendous 
investment in connecting to physician offices and hospitals, and it 
sort of served as the catalyst in the evolution of health IT.  Just let 
me give you one example of the penetration that they have had 
with the physician's offices.  Quest Diagnostics, our largest 
member, has business relationships with half of the physicians and 
hospitals in the United States, and this is just one laboratory 
company.  Quest Diagnostics receives 40 percent of its orders and 
sends 60 percent of its results via the Internet.  This is a critically 
important and highly valued function.  It is so important that since 
1995 our labs have had a limited exception under the Stark law so 
that they can provide these electronic connections and interfaces 
with physician offices.
	This has been a fundamental capability for laboratories to 
render services to providers.  It is a function that must be 
maintained in any changes that are made to Stark.  Congressman 
Brown made a point at the beginning about the IOM report on 
errors and duplication cost and electronic ordering and results with 
laboratories.  It is a critically important part of improving 
legibility, decreasing error rates, producing more timely results, 
and even monitoring duplicatation of testing.
	Let me talk just about three quick points about H.R. 4157.  We 
believe it has several needed improvements.  Number one, we 
believe that if it is enacted it would further prompt adoption of 
health IT.  We believe that any exemption in the law for Stark for 
IT should be carefully crafted to guard against abuses while still 
allowing the diffusion of IT, and we believe it strikes that balance.  
We also support the legislation's Federal preemption of State laws 
that contradict the Stark law exceptions and anti-kickback safe 
harbors.  Today there are several State laws that are complicated 
and have different requirements than the Federal Stark law, and we 
believe that the preemption provisions there are very important.
	H.R. 4157 also addresses the need for Federal preemption in 
State laws related to privacy.  We support this provision because of 
the patchwork of State laws as an impediment to health 
information exchange.  Let me give you one example.  LabCorp, 
another large national laboratory, has been invited to participate in 
regional Medicare chronic care or health support pilot programs.  
Chairman Deal, LabCorp has been invited to participate in an 
effort in your own State with CIGNA HealthCare in Georgia, as 
well as a program operating in central Florida operated by Green 
Ribbon Health.  These entities will offer self-care guidance and 
support to chronically ill Medicare beneficiaries to help them 
manage diabetes and chronic heart disease problems.
	LabCorp's role in the programs will be to transmit critical 
laboratory data to CIGNA and to Green Ribbon Health for those 
beneficiaries who voluntarily participate in the program.  However, 
the State laws in Florida and Georgia governing the release of lab 
results have prevented LabCorp from transmitting these results.  In 
essence, Florida and Georgia laws preclude providing test results 
to anyone other than the ordering physician, and there is no 
provision in the State laws that would allow even the patient to 
give their consent.  These laws would effectively bar any 
transmittal, and even the patient's consent does not allow us to 
transmit those results.
	Let me conclude also with the needed provisions regarding 
moving from ICD-9 diagnostic codes to ICD-10.  Under the 
Medicare program the laboratories are paid by including these 
ICD-9 codes on their claims to provide medical necessities.  These 
codes are provided by the physician to the laboratory, and are 
subsequently attached to the claim and submitted to CMS.  So we 
really have no control of what diagnosis codes are put into the 
claim, and if they are not done correctly, we are not paid.  So 
moving to the ICD-10 we want to be very careful about doing that 
because it is immensely more complicated.  ICD-9 provides about 
13,000 diagnosis codes.  Moving to the ICD-10 provides 120,000 
diagnosis codes, making it much more complicated.
	I have attached an example to my testimony of where today 
there is one ICD-9 code for a sports injury, it will be replaced by 
something like 39 different codes, diagnosis codes included.  You 
have to now tell whether you were struck by a baseball, golf ball, a 
baseball bat, and so forth, whereas you used to be able to just say 
this person was injured in the head by a ball.  So it is much more 
complicated.  What we are asking for here not to go ahead with 
this, but to give us a five-year transition period instead of two 
years, because of the complexity of this, and we have to train 
doctors as to how to do this, otherwise, we will not be paid.
	So in conclusion the ACLA supports the Health Information 
Technology Promotion Act's new anti-kickback safe harbors and 
Stark law exception, the bill's proposed preemption of State 
privacy laws like the example that I gave, and the replacement of 
the ICD-9 code but with a five-year transition period.  Thank you, 
Mr. Chairman.
	[The prepared statement of Alan Mertz follows:]

PREPARED STATEMENT OF ALAN MERTZ, PRESIDENT, AMERICAN 
CLINICAL LABORATORY ASSOCIATION

        Chairman Deal, Ranking Member Brown, and distinguished 
subcommittee members, thank you for the opportunity to testify 
today on behalf of the American Clinical Laboratory Association 
(ACLA) representing national, regional, and local laboratories.  
My name is Alan Mertz, President of ACLA, and I appreciate your 
interest in legislative proposals that will accelerate the widespread 
adoption of the electronic health record.   ACLA members have an 
extensive history of providing the nation's hospitals and physicians 
with leading-edge health information technology (IT) streamlining 
laboratory test requisition and speeding the delivery of test results.
        The Health Information Technology Promotion Act of 2005 
(HR 4157) proposes several needed improvements to facilitate the 
diffusion of health IT throughout the United States.  These changes 
will help promote better outcomes for patients. Among the 
improvements are new Anti-kickback Safe Harbors and Stark Law 
exceptions; a study of, and subsequent authority to preempt some 
state privacy laws; and the replacement of ICD-9 diagnosis codes 
with ICD-10 codes.
        Laboratories play a critical role in healthcare delivery by 
allowing for the rapid and timely utilization of health information 
by providers.  Laboratories and the medical information they 
provide are the heart of the medical record.  Laboratory data 
represent 60% of the medical record.  Diagnostic tests comprise 
only 5 % of total hospital costs and only 1.6% of Medicare costs, 
but they influence a much larger portion (as much as 60-70%) of 
clinical decision-making that improves care and decreases cost.  
Virtually every health care community (i.e. Regional Health 
Information Organizations or RHIOs) that is trying to develop an 
electronic health information infrastructure is looking to 
laboratories first.  A recent nationwide survey by the eHealth 
Initiative found that, of those who have electronic health 
information exchange efforts under way, 60% plan to exchange 
laboratory information within six months to support quality, safety 
and efficiency goals.  In a survey of hospitals, the number one IT 
function in the majority of hospitals today is the electronic order 
entry and review of results for diagnostic services.
        The reach of laboratories into physician offices and hospitals 
vis-ï¿½-vis the provision of this hardware and software has served as 
a 'catalyst' in the evolution of health IT.  For example, Quest 
Diagnostics Incorporated, a member of ACLA, has business 
relationships with approximately half of the physicians and 
hospitals in the U.S.  Quest Diagnostics Incorporated receives 40% 
of orders and sends 60% of its results via the internet.   Similar 
means of laboratory connectivity are offered by other ACLA's 
other members.
        The federal government, quality organizations, the Medicare 
Payment Advisory Commission (MedPAC) and others recognize 
that laboratory data are the essential building block for assessing 
quality care and will have a critical role in pay-for-quality 
initiatives.  Laboratories can and have been used to measure a 
provider's performance as a critical component of health care 
delivery; however, this contribution cannot be realized without 
incurring additional cost that must be recognized and reimbursed.  
In a detailed study of practice and laboratory connectivity, the 
eHealth Initiative recently recommended incentives that could be 
provided for including electronic laboratory data as part of pay-for-
performance reporting.  One example from the report would be to 
provide short term incentives, based on the volume of laboratory 
messages processed, up to a monthly dollar limit per clinician that 
would encourage implementation of interfaces.  Incentives such as 
these can be an important driver of adoption of new technologies.  
By providing incentives encouraging the transmission of 
laboratory test requisition and results reporting, the healthcare 
system will actually save money through reductions in duplicative 
testing, better coordinated care and decreases in morbidity and 
mortality.
        Because of the value that laboratories convey in the data they 
transmit, they have pioneered the provision of secure, streamlined 
IT solutions to order and transmit laboratory tests.  This is a 
critically important and highly valued function.  So important that 
since 1995 laboratories have had a limited exception under the 
Stark Law to provide "items, devices, or supplies that are used 
solely to.order or communicate the results of tests or procedures 
for such entity."   This is a fundamental capability for laboratories 
to render services to providers and a critically important function 
that must be maintained.  Clinicians place a high value on being 
able to order laboratory services and receive laboratory results 
electronically because it improves legibility, decreases error rates, 
produces more timely results (including STAT testing), and allows 
the monitoring of redundant or duplicative testing.  The result is 
improved clinical outcomes, and improved clinical care efficiency 
with the long-term benefit of reduced healthcare costs.
        We recognize physicians, hospitals and other providers 
routinely cite the fear of legal action/debarment from Medicare as 
one of the biggest deterrents towards adoption of health IT.  
Accordingly, HR 4157 establishes a new exemption for the 
provision of health IT and related training.  ACLA believes this 
legislative proposal, if enacted, would help to address some of 
these concerns and prompt further adoption of the health IT; 
however, ACLA believes such an exemption should be crafted 
carefully to diffuse the technology while guarding against abuses.  
By doing so, providers will continue to compete on the services 
they are providing and not, for instance, the size of a monitor.  
However, in any law or regulation laboratories must be among 
those entities permitted to offer these items or services because of 
the critical role laboratories have, and continue to play in 
facilitating health IT adoption in the health care community.  
ACLA was particularly perplexed with HHS' Office of the 
Inspector General's recent notice on the establishment of new 
Stark Law exceptions and Anti-Kickback Safe Harbors which 
proposes to exclude laboratories from the newly created 
exemptions.
        ACLA also supports the legislation's federal preemption of 
state laws that contradict the Stark Law exceptions and Anti-
Kickback Safe Harbors established under the bill.  Today, there are 
several states whose 'Stark' laws are complicated and have 
different requirements than the federal law.  Similar to the privacy 
issue (which I'll talk about shortly), the problem is not just that 
these state laws are more stringent, but that there are many 
different standards.  The differences in these state laws fall into 
several categories, e.g. the scope of the exceptions to the 
prohibition or the scope of what is considered a 'designated health 
service.'  By creating a federal preemption, Congress can help 
address the fear and confusion many providers continue to have as 
they contemplate adoption of various health IT solutions.
        Another of the much-needed changes that HR 4157 addresses 
is the need for federal preemption of state laws related to the 
security and confidentiality of health information.  HR 4157 
requires a study of: 1) the degree to which laws vary among the 
states; 2) between state laws and HIPAA; 3) how such variations 
adversely impact confidentiality and the electronic exchange of 
health information.  Upon enactment, Congress will have three 
years to pass legislation establishing uniform federal standards and 
preempting state laws with regard to confidentiality and privacy.  
If not, then the Secretary of HHS is permitted to adopt regulations 
based on the results of the study.
        ACLA supports this provision because the patchwork of state 
privacy laws is an impediment to health information exchange.  
For example, LabCorp, a large national laboratory, has been 
invited to participate in two of the eight regional Medicare Health 
Support pilot programs (previously known as the Chronic Care 
Improvement Program) authorized by section 721 of the Medicare 
Modernization Act.  Chairman Deal, LabCorp has been invited to 
participate in an effort with CIGNA HealthCare in your home state 
of Georgia as well as a program operating in central Florida being 
operated by Green Ribbon Health, LLC.  These entities will offer 
self-care guidance and support to chronically ill Medicare 
beneficiaries to help them manage their health, adhere to their 
physicians' plan of care, and ensure that they seek the medical care 
and Medicare-covered benefits that they need.  LabCorp's role in 
the pilot programs would be to transmit laboratory data to CIGNA 
HealthCare and Green Ribbon Health for those beneficiaries who 
voluntarily participate in the program.  This information would 
then be used to help monitor the conditions of participants and 
ultimately, improve their outcomes.
        Unfortunately, despite the well-intended efforts of these 
programs, more restrictive state laws in Florida and Georgia 
governing the release of lab results have prevented LabCorp from 
transmitting these important results to Green Ribbon Health or 
CIGNA HealthCare until its concerns about the application of 
those laws to these requests have been addressed.  More 
specifically, the Florida and Georgia laws preclude providing test 
results to anyone other than the ordering physician or provider (or 
to a person specifically authorized by the ordering physician).  In 
this case, had there been a federal preemption of state laws we 
would be talking about the successes/failures of these program and 
not 'red tape.'
        HR 4157 also addresses the needed replacement of the 
International Classification of Diseases, 9th edition, Clinical 
Modification (ICD-9-CM) diagnosis and procedure billing codes 
with ICD-10-CM/PCS codes.  ICD diagnosis codes are used by 
inpatient and outpatient providers for billing and reimbursement.  
Under the Medicare program, laboratories are paid by including 
ICD-9 codes on their claims to provide medical necessity.  These 
ICD-9 codes are provided by the physician to the laboratory and 
are subsequently attached to a claim and submitted to CMS.   
Today, as many laboratories will attest, problems persist with 
physicians not providing the appropriate ICD-9 codes in order for 
laboratories to get paid.  Currently, ICD-9 provides approximately 
13,000 diagnosis codes.  Take into account that ICD-10 provides 
120,000 diagnosis codes, and one can see the potential for massive 
delays in reimbursement for laboratories and many other providers 
and thus the need for an extended phase in of the new system.
        To give you an example of the difference between ICD-9 and 
ICD-10 consider how a physician would document an accidental 
sports injury.  Under ICD-9, a diagnosis of a sports injury caused 
by striking against or being struck requires a single code: E917.0, 
described as "Striking against or struck accidentally in sports 
without subsequent fall; includes kicked or stepped on during 
game (football, rugby), struck by hit or thrown ball, struck by 
hockey stick or puck.  Under ICD-10, a similar diagnosis requires 
one of 24 codes, meaning that the physician must document the 
causation (see attachment).
	ACLA recommends that the implementation period for the 
transition to ICD-10 be changed from a two-year phase in period to 
a five-year period.  Doing so would provide adequate time to 
reprogram all health care providers' and payers' computer systems 
to accommodate the new, longer ICD-10 codes.  In addition, 
considerable time and expense will also have to be spent on client 
education and testing of the new systems.  During this 'transition 
period' it should be permissible for providers to bill using either 
the ICD-9 or ICD-10 standards.
        In conclusion, ACLA supports the Health Information 
Technology Promotion Act's new Anti-kickback Safe Harbors and 
Stark Law exceptions, the bill's proposed preemption of some state 
privacy laws, and a replacement of the ICD-9 with ICD-10 with a 
five-year transition period.
        I'd like to end on this note.  It has been said that every effort in 
the health care public policy arena aims to improve three different 
aspects of health care: better, faster, and cheaper.  Nothing to date 
has been able to meet all three objectives - some systems provide 
two of the three but always at the expense of the third.  I believe 
health IT is the answer.  Health IT will make health care better by 
improving outcomes; faster, by facilitating not only the delivery of 
information but the coordination of care; and cheaper, by reducing 
the costs of doing business, be it a reduction in duplicative testing 
or by saving precious time previously spent on data entry.
        Mr. Chairman, thank you for the opportunity to share ACLA's 
perspective on ways to promote electronic health records and a 
smarter health information system.  We are ready to work with you 
on this important and vital legislation.  If you have questions or 
need any additional information, please do not hesitate to contact 
us.



	MR. DEAL.  Thank you.  Mr. Vaughan.
        MR. VAUGHAN.  Mr. Chairman, members of the committee, 
thank you for inviting us today.  Consumers Union is the 
independent, non-profit publisher of Consumer Reports, and we do 
not just test toasters, we work on health issues, and had a large 
article on this topic in the March issue.  We strongly support the 
movement toward electronic health records as a way to improve 
quality and moderate health costs.
	But we believe that the American public will not fully support 
or fully use or fully benefit from the great potential of such 
systems unless more is done soon to ensure the privacy of medical 
information.  As IBM's testimony just said, the privacy issues and 
the public's perceptions of those issues must be addressed in order 
for personal health records to succeed.  Patients need meaningful 
control over their medical records, the right to keep their records 
private, and they should not be forced to give up privacy as a 
condition of treatment.  We talk of consumer-directed healthcare, 
an ownership society, and personal empowerment.  Mr. Shadegg 
was talking about choice.  The right to privacy is the heart of all of 
that.
	There must be a strong enforcement of privacy laws, and if 
privacy is violated, people should be notified of that breach and 
given a private right of action, as Georgia is one of the States that 
allows that.  The State should have the right to enact privacy laws 
above and beyond HIPAA's terribly minimalist provisions in our 
opinion.  Dr. Detmer's testimony has a neat point about how 
complex that could be, particularly if you look at Virginia, 
Maryland, and D.C.  How would a computer keep track of all that?  
But rather than coming down to the Federal level, could we work 
with the governors and the State legislators to say what did the 
States feel they needed to do and see if there was a model law that 
we could come up to rather than come down.
	Privacy needs to be strengthened, not weakened, and we urge 
you to oppose legislation that would preempt stronger State laws or 
let HHS bureaucrats weaken the Fourth Amendment.  As we like 
to say, one size does not fit all, and this is the way we look at that.  
Attached are a set of consumer privacy principles on my statement 
that we hope you might look at as you consider legislation.  
Assuming we can get true privacy, we would like to see quick 
dissemination of good systems.  We recommend, however, against 
making broad exceptions to the anti-kickback and physician 
referral laws for donations.
	Given the Federal budget situation, it is very understandable if 
people would look for a sort of free way to promote dissemination, 
like suspending these anti-fraud laws.  We believe, however, that 
such action would have a very limited impact on the adoption of IT 
and would not be always good for consumers.  This approach may 
not be free.  It may have a cost.  Basically there are no free lunches 
in life.  I would bet you that Adam Smith would say most 
businesses do not give away something of value to another 
business unless they expect a return on the investment.
	When a hospital system offers an IT package to doctors, it 
hopes the ease of communication between them and the goodwill 
generated by the gift will encourage referrals, regardless of 
whether that facility is the best quality or value facility for the 
patient.  There is a parallel example in an area we know that causes 
higher and more costly utilization.  Why do pharmaceutical 
companies give away free drug samples?  It is because in our 
culture the act of giving a gift, even a trinket, conveys a 
psychological sense of obligation, I owe you one.  That is human 
nature.  In the case of free drugs, it leads to higher utilization and 
high costs products.
	So please be skeptical.  Companies, many for profit, who spend 
98 percent of the year telling Congress they are not paid enough by 
Medicare and Medicaid, they are all going broke, they have found 
some money that they now want to donate to a bunch of small 
businessmen making about $160,000 a year, who are very smart 
businessmen, but have not been smart enough to realize they need 
to move to IT.  It is kind of strange.  I think it would increase care 
coordination under the right situation, but please be careful in how 
you draft this.
	We think there are better ways to encourage more adoption of 
IT that do not weaken the anti-fraud laws.  For example, you might 
explore with CBO whether, as you fix the Medicare doctor 
payment system in a budget neutral, time-limited way you could 
voluntarily encourage physicians to install certified IT by adjusting 
the practice expense payment and then collect it back at the end of 
the five-year cycle.  It might be tough but worth talking to CBO 
about.  Representative Murphy's bill kind of gets into that a little 
bit in section 8.
	In conclusion, these anti-fraud laws are very delicate things, 
and we hope you will be careful, as I know you will be.  Thank 
you, sir.
	[The prepared statement of Bill Vaughan follows:]



PREPARED STATEMENT OF BILL VAUGHAN, SENIOR POLICY 
ANALYST, CONSUMER'S UNION

        Mr. Chairman, Members of the Committee:
        Thank you for inviting us to testify today. Consumers Union is 
the independent, non-profit publisher of Consumer Reports, and 
we work on a wide range of health issues, including prescription 
drug safety and effectiveness, health insurance and health care 
costs.

                           The Potential
        We strongly support the movement toward electronic systems 
of health records (EHR) and information exchange. By harnessing 
the power of modern information technology systems we can 
improve the quality of American health care and moderate health 
costs by: 
	 reducing errors, 
	 eliminating service duplication, 
	 promoting pay-for-performance, and 
	 providing the data necessary to evaluate the true 
comparative effectiveness of various treatments and drugs.
        As just one example of the tremendous improvements in 
quality and cost savings that are possible, Consumers Union has 
been conducting a national campaign to promote the disclosure of 
hospital infection rates (www.StopHospitalInfections.org). Each 
year, there are about 2 million patients who acquire infections in 
hospitals, and about 90,000 die. The increased cost to the health 
care sector is in the tens of billions of dollars. We have been 
working at the state level to pass laws to require hospitals to report 
their rate of infection in the belief that public disclosure will 
prompt hospitals to adopt effective methods to reduce their 
infection rates. Electronic medical records technology and the 
public disclosure of more types of de-identified patient care data 
will make it easier for consumers to reward those who provide 
quality. 

                 The Critical Need to Ensure Privacy
        While there can be important public and private benefits of 
creating an effective electronic medical records system, we believe 
(and polls demonstrate ) that the American public will not support, 
fully use, or benefit  from the great potential of such systems 
unless more is done-now--to ensure the privacy, security, and 
appropriate use of medical information. This requires enabling 
patients to decide when, with whom, and to what extent their 
medical information is shared.  As Dr. David Brailer, head of the 
Office of the National Coordinator for Health Information 
Technology, responded March 3 to a letter (see Attachment #1) 
from consumer groups, "we will achieve our goal of widespread 
[EHR] adoption only if patients are confident that their health 
information is private and secure."  Today, it is not private or 
secure.
        This concern should especially resonate with public officials 
such as you, who are so subject to prying eyes and gossiping 
tongues.  I think we all have to admit that there is no hack-proof 
database or system. Once our medical data is moving 
electronically, it is subject to threats from hackers, identity thieves 
and others. That is simply a fact of life, re-confirmed almost daily 
by new stories of financial and medical record data violations.  
Beyond the likely scenarios of security breaches, the value of 
electronic health information is such that many organizations will 
want to exploit secondary data sources for private financial gain, 
rarely (if ever) with patient knowledge, let alone consent.
        So what can we do to minimize concerns and improve privacy 
in electronic health records? 
        The American public needs to be given meaningful control 
over their medical records. That means they must have a right to 
keep their records private and that they cannot be forced to give up 
control of their most private medical information as a condition of 
treatment. 
        The penalties for violations of privacy are inadequate and have 
major gaps.   There must be strong enforcement of privacy and 
security laws, and if a person's privacy is compromised or 
violated, they should be notified of that breach and have a private 
right of action.
        The States should have the right to enact privacy laws above 
and beyond  HIPAA's absolutely minimal provisions and that right 
must not be pre-empted.  Privacy needs to be strengthened, not 
weakened, and we urge you to oppose legislation that would pre-
empt stronger State laws or delegate to the Secretary of HHS 
authority to pre-empt such laws. These State laws offer extra 
protection and peace of mind to patients with mental health, STD, 
cancer and other treatment issues. As 30 organizations in the 
Mental Health Liaison Group wrote Congress on November 15, 
2005, adding improved privacy protections to proposed EHR bills 
is essential in the mental health sector. 
        Some will say that it is too complex or too expensive to allow 
people to control their medical information. But that's why 
computers are so wonderful! They can be designed to deal with 
huge numbers of variables-like 50 state laws-- and to create 
special files where certain data (such as a mental health record) is 
only available to a designated provider on a "need to know basis." 
If we do not meaningfully address the privacy issue, polls show the 
public will not trust this system, many will go to a medical 
underground 'off-the-books' , and we will just increase public 
cynicism about big government and big business controlling our 
lives. In an age when the talk is of consumer driven health care, 
and ownership, and empowerment, forcing people to share their 
most secret personal medical information is not the path to take. 
        Attached are a set of consumer principles that was developed 
under the leadership of the National Partnership for Women & 
Families and that Consumers Union, AARP, and seventeen other 
groups are supporting.  We urge you to include these principles in 
whatever legislation you may develop. 



Oppose Incentives to Promote Technology Give-Aways that 
may Distort Health Care Delivery

        Assuming true privacy and increased security, we all would 
like to promote the fastest possible movement to EHRs and a 
'networked' health care system so as to benefit from the quality 
and cost savings potentials. We recommend, however, against 
making blanket exceptions to the anti-kickback and physician 
referral laws for donations of EHR systems. 
        Given the Federal budget situation, it is understandable that 
some are attracted by the idea that such blanket exceptions might 
be a 'free' ways to promote EHR technology dissemination. We 
believe, however, that such action would have a very limited 
impact on the adoption of  EHR systems and would not be good 
for consumers. This approach is not free-it has a cost, as we 
describe below.
        Most businesses don't give away something of value to another 
businessperson unless they expect a return on the investment. 
When a hospital system offers an IT package to a non-affiliated 
physician group, it hopes the ease of communication between them 
(and the goodwill generated by the gift) will encourage referrals to 
its facilities, regardless of whether that facility is the best quality or 
value facility for the patient. 
        There is a parallel example in an area we know causes higher 
and more costly utilization: Why do pharmaceutical companies 
give free drug samples (and pens and pads of paper, etc., etc.) to 
doctors? Because in our society and culture, the act of giving a gift, 
even a trinket, conveys a psychological sense of obligation-"I 
owe you one."  That is human nature. In the case of 'free' drugs, it 
leads to increased utilization of high cost products. That is what the 
anti-kickback and physician referral rules tried to deal with: the act 
of giving something of value creates "ties" that cause referrals and 
utilization to go up, without regard to need, cost, or quality.
        It is worth spending a minute more on the 'free' drug example. 
There has been a great deal of concern about the way drugs are 
promoted and the impact that has on costs and quality of care. The 
January 25, 2006 issue of JAMA (Vol. 295, No. 4, p. 429ff) carried 
an article by some of America's most distinguished physicians 
entitled, "Health Industry Practices That Create Conflicts of 
Interest: A Policy Proposal for Academic Medical Centers," that 
calls on the nation's teaching hospitals to lead an ethical revolution 
and reject all industry gifts, since those gifts distort the practice 
and integrity of medicine. As the doctors wrote:
        Social science research demonstrates that the impulse to 
reciprocate for even small gifts is a powerful influence on 
people's behavior. Individuals receiving gifts are often unable 
to remain objective: they reweigh information and choices in 
light of the gift. So too, those people who give or accept gifts 
with no explicit "strings attached" still carry an expectation of 
some kind of reciprocity. Indeed, researchers suggest that the 
expectation of reciprocity may be the primary motive for gift-
giving.

        Researchers have specifically studied industry gifts to 
physicians. Receiving gifts is associated with positive 
physician attitudes toward pharmaceutical representatives. 
Physicians who request additions to hospital drug formularies 
are far more likely to have accepted free meals or travel funds 
from drug manufacturers. The rate of drug prescriptions by 
physicians increases substantially after they see sales 
representatives, attend company-supported symposia, or 
accept samples. The systematic review of the medical 
literature on gifting by Wazana found that an overwhelming 
majority of interactions had negative results on clinical care. 
        If medical practice is distorted by the relatively small value of 
drug company gifts, imagine the consequences of large EHR 
technology "gifts"! 
        What if Congress proposed (though it would not take a law) 
that companies and providers could give money or equipment to a 
truly neutral charity in an area (for example, the Red Cross, the 
American Public Health Association, a State Medicaid Agency) 
that would then distribute the gift on some basis of need and there 
would be no tie between the donor and the recipient?  I think most 
potential donors would find lots of reasons why that wouldn't 
work. And that should tell you everything: the donor wants a "tie" 
with the recipient that will result in goodwill and increased 
referrals.  For consumers, the problem is that the "tie" and 
resulting increased referrals may not be the best for the patient 
because the donor may not be the best or lowest-cost provider in an 
area. And donors who have the resources to give may just increase 
their economic dominance in an area, thus reducing future 
competition and driving up costs. 

       Look for real solutions to speeding dissemination of IT
        There are better ways to encourage more adoption of EHRs. 
Once progress is made on technology and process standards and 
there is more agreement on the best hardware and software paths, 
Congress may want to promote the dissemination of such 
technology and pay for it in a way that does not distort practice 
patterns. You might explore with CBO whether, as you try to fix 
the Medicare physician payment system (SGR), a budget neutral, 
time-limited way to encourage physician installation of certified 
EHR could be possible. For example, would CBO score as neutral 
a system where on a voluntary basis, a physician could greatly 
increase their practice expense payments for several years so they 
could more easily finance the installation of a 'certified' EHR 
system. Then in the next several years they would repay that 
'advanced' amount through reduced practice expense payments, on 
the grounds that the installation of the equipment will reduce 
paperwork and clerical practice expense in future years. Another 
encouragement to take advantage of this opportunity would be a 
requirement that by a date certain all Medicare-Medicaid EHRs 
would have to be through certified systems.  
        Congress could also help providers in the future by using the 
certification process to obtain a discount price for EHR hardware 
and software. 
        In summary, we urge you to consider alternatives to 
encouraging the dissemination of this new generation of equipment 
in ways that do not weaken the nation's anti-fraud laws.
        If Congress feels compelled to proceed with anti-kickback and 
anti-referral law changes, we urge you to consider limited 
exceptions based on modifications to the Administration's October 
2005 proposed regulations.
        These draft regulations would permit exceptions-but not 
blanket exemptions--to the anti-kickback and physician referral 
laws for EHR donations. Consumers Union, the National 
Partnership for Women & Families, and five other national 
organizations filed formal comments expressing serious concern 
about the exceptions and urging major changes (see attachment 
#2). 
        For example, we recommend changing the regulations to: 
        --delay the effective date of the exceptions until the product 
certification process for ambulatory care that the 
Administration is now aggressively supporting is in place 
(otherwise you encourage donations that may lead to 
technological dead-ends and wasted time and effort-e.g., 
Beta v. VHS competing donations); 
        --limit the exception to donations to physicians or clinics 
that provide a certain level of uncompensated charity care 
or serve a significant number of Medicaid patients; or if 
that is not possible, require donors to offer the technology 
to all (their) physicians, not just those who provide high 
volumes of profitable business;
        --sunset the exemptions;
        --require recipients to copay a portion of the cost: totally 
free equipment is likely to sit in the closet. The equipment 
needs to be something that the recipient wants enough to 
put some of his own resources into.
        Thank you all for your time and attention. 

                              Attachment #1
           Health Information Technology - Consumer Principles
                               March 2006

        An interoperable system of electronic health information holds 
many potential benefits for consumers, including: better 
coordination of health care regardless of patient location, higher 
quality and more efficient care, increased system transparency, and 
patient access to information about providers that allows them to 
make better decisions. At the same time, such a system raises 
serious concerns among consumers about personal privacy, data 
security, and the potential misuse of their information. And while 
an interoperable system of electronic health information holds 
great promise, the many possible benefits will not be realized 
unless appropriate policy measures are established up front.
        Consumer protections and potential benefits from health 
information technology (HIT) should not be left to chance. The 
success of efforts to promote widespread adoption of HIT, 
including electronic connectivity and data exchange across health 
care institutions, ultimately will depend on the willingness of 
consumers to accept the technology. Given the pervasive concerns 
expressed by the public about unauthorized disclosure and use of 
their health information, it is critical to build a foundation of public 
trust. To that end, as efforts move forward to develop networks for 
the electronic exchange of information between institutions, there 
must be a clear, deliberate, and open forum for addressing and 
setting matters of policy. As organizations representing a broad 
and diverse set of consumer interests, we believe that the following 
set of principles should underpin such efforts.

Principles

Individuals should be able to access their personally identifiable 
health information conveniently and affordably.
	 Individuals should have a means of direct, secure access to 
their electronic health information that does not require 
physician or institutional mediation.
	 Individuals should have access to all electronic records 
pertaining to themselves (except in cases of danger to the 
patient or another person).
	 Individuals should be able to supplement, request 
correction of, and share their personally identifiable health 
information without unreasonable fees or burdensome 
processes.

Individuals should know how their personally identifiable health 
information may be used and who has access to it.

	 Individuals should receive easily understood information 
identifying the types of entities with access to their 
personal health information and all the ways it may be used 
or shared. The explanation should include any sharing for 
purposes other than the immediate care of the individual, 
and should explicitly identify intentions for data use such 
as public health protection, quality improvement, 
prevention of medical errors, medical research or 
commercial purposes.
	 Access to personal health information must be limited to 
authorized individuals or entities.
	 Tracking and audit trail systems should be in place that 
permit individuals to review which entities have entered, 
accessed, modified and/or transmitted any of their 
personally identifiable health information.

Individuals should have control over whether and how their 
personally identifiable health information is shared.

	 Individuals should be able to opt out of having their 
personally identifiable health information - in whole or in 
part - shared across an electronic health information 
network.
	 Individuals should be able to limit the extent to which their 
health information (with or without personal identifiers) is 
made available for commercial purposes.
	 Individuals should be able to designate someone else, such 
as a family member, caregiver or legal guardian, to have 
access to and exercise control over how records are shared, 
and also should be able to rescind this designation.

Systems for electronic health data exchange must protect the 
integrity, security, privacy and confidentiality of an individual's 
information.

	 Personally identifiable health information should be 
protected by reasonable safeguards against such risks as 
loss or unauthorized access, destruction, use, modification, 
or disclosure of data. These safeguards must be developed 
at the front end and must follow the information as it is 
accessed or transferred.
	 Individuals should be notified in a timely manner if their 
personally identifiable health information is subject to a 
security breach or privacy violation.
	 Meaningful legal and financial remedies should exist to 
address any security breaches or privacy violations.
	 Federal privacy standards that restrict the use and 
disclosure of personally identifiable health information 
should apply to all entities engaged in health information 
exchanges.

The governance and administration of electronic health 
information networks should be transparent, and publicly 
accountable.

	 Independent bodies, accountable to the public, should 
oversee electronic health information sharing.
	 Consumers should have equal footing with other 
stakeholders.

        Recognizing the potential of electronic patient data to support 
quality measurement, provider and institutional performance 
assessment, relative effectiveness and outcomes research, 
prescription drug monitoring, patient safety, public health, 
informed decisionmaking by patients and other public interest 
objectives, systems should be designed to fully leverage that 
potential, while protecting patient privacy.
        Implementation of any regional or national electronic health 
information network should be accompanied by a significant 
consumer education program so that people understand how the 
network will operate, what information will and will not be 
available on the network, the value of the network, its privacy and 
security protections, how to participate in it, and the rights, 
benefits and remedies afforded to them. These efforts should 
include outreach to those without health insurance coverage.

AARP
AFL-CIO
American Federation of State, County and Municipal Employees
American Federation of Teachers
Center for Medical Consumers
Communications Workers of America
Consumers Union
Department for Professional Employees, AFL-CIO
Childbirth Connection
Health Care for All
Health Privacy Project
International Association of Machinists and Aerospace Workers
International Union, United Auto Workers
March of Dimes
National Coalition for Cancer Survivorship
National Consumers League
National Partnership for Women & Families
Service Employees International Union
Title II Community AIDS National Network
United Steelworkers International Union (USW)


                             Attachment #2
        Comments of Groups on HHS Proposed Regulations on anti-
                    kickback and physician referral 

Comments on Office of the Inspector General Proposed Rule 
OIG-405-P

        As organizations representing a wide range of consumer 
interests, we are pleased to have the opportunity to comment on the 
proposed rule OIG-405-P that would add a new paragraph (x) to 
the existing safe harbor regulations at 42 CFR 1001.952. The 
proposed safe harbor would protect donation of specific items and 
services for prescribing drugs electronically. The preamble to the 
regulations also describes the scope of two planned additional safe 
harbors for electronic health records software and directly-related 
training services, but the Office has not proposed actual regulatory 
language for such a safe harbor.
        We recognize the potential of health information technology 
(HIT) to improve health care quality. Furthermore, we support 
efforts by the Department to promote the use of HIT by physicians 
and other health care providers, and are encouraged by the 
prospect of reduced errors and higher quality if e-prescribing is 
implemented. Below are our comments on the proposed safe 
harbor.

Pre-interoperability Electronic Health Records Safe Harbor
        The Office is considering the creation of a safe harbor for 
donations of electronic health record technology made prior to the 
adoption of product certification criteria by the Secretary. We 
oppose this provision and recommend it not be included in the 
final regulations.
        The Department is moving aggressively to put product 
certification criteria for ambulatory care in place in 2006. 
Promoting investment in this technology before DHHS adopts 
those criteria may seriously impede reaching the goal of a common 
platform - a goal which is part of the rationale for making this safe 
harbor. Furthermore, allowing the safe harbor to be in effect prior 
to certification could encourage providers and manufacturers to 
press for delay in adoption of the certification standards in order to 
avoid having to make new investments or to retain the market 
advantages they have created by installing their systems in 
physician offices.

Post-interoperability Electronic Health Records Safe Harbor
        In a parallel proposed rule, CMS-1303-P, the Department has 
included the actual text of a proposed regulation to provide an 
exception to the Stark statute for donations of electronic health 
records software if the donation is made after the product 
certification criteria are adopted and if the software is compliant 
with the certification requirements. We support the intent of this 
exception but have some concerns about some of the text; we have 
outlined our concerns in comments filed today on CMS-1303-P. 
The Office has asked for comments on its plans for a similar safe 
harbor, described in section II.B.2 of proposed OIG-405-P. Our 
comments on the potential safe harbor are similar to those 
expressed with regard to the Stark exception. For convenience, our 
views are set forth below in the context of the proposed CMS Stark 
exception text.
        Subsection 411.357(x)(4) [of CMS 1303-P] requires that 
neither the selection of the physician nor the amount or nature of 
the items and services donated can turn on the volume or value of 
referrals or other business generated between donor and recipient. 
The section then enumerates six specific criteria that a donor might 
use that would be deemed compliant with the exception 
requirements:
        1) total volume of prescriptions the recipient writes;
        2) size of the medical practice;
        3) number of hours the physician practices medicine;
        4) extent of use of automated technology in the recipient's 
                medical practice;
        5) if the donor is a hospital, whether the physician is on its staff; 
                or
        6) another method that "is based on any reasonable and 
                verifiable manner that is not directly related to the volume 
                or value of referrals or other business generated between the 
                parties."
        This section is the heart of the proposed rule. The widespread 
adoption of EHR and EP technology can bring great benefits to 
patients, providers and insurers. Health information technology can 
help reduce medical errors, encourage patient activation and 
adherence to recommended regimens, and provide tools to evaluate 
clinical effectiveness, population health status, and the quality of 
medical care. The drive to promote the wider use of EHR and EP 
technology should not, however, trump the consumer protection or 
program integrity brought by the antifraud and abuse prohibitions. 
Donors should not be allowed to selectively fund physicians based 
on the volume of their prescribing, size of practice, or whether they 
are likely to be high users of technology since these could be 
proxies for the generation of referrals and revenue. We therefore 
recommend the following changes:
        --Eliminate item #6, above. It is too open-ended and subjective 
and could become a major loophole.
        --Our preference would be to require that donors offer the 
technology to all their physicians. In the case of hospitals that 
would be all physicians with privileges; for MCOs, all 
physicians in the MCO network; for group practices, all 
physicians in the group. In the case of an MCO, where it might 
be impractical to include all network participants, donors could 
be permitted to give priority to those physicians or clinics that 
have a certain percentage of their patients in the MCO.  
Similarly, for hospitals the alternative might be all physicians 
with privileges of a general category such as: a) practice 
privileges, or b) admitting privileges.
        --Add a new exception that permits the donation to a physician 
or clinic that provides a certain level of uncompensated charity 
care or a combination of charity care and Medicaid patients. It 
is these providers - the community clinics, solo practitioners in 
rural communities or medically underserved areas - who are 
least likely to have the resources to make the health information 
technology investments on their own.
        In the preamble to the proposed regulations the Department 
asks for comments on a cap on the value of the EHR donation, 
either a maximum percentage of the value of the technology 
(which would require the physician to share the costs) or the lower 
of a fixed dollar amount or the percentage of value. We believe it 
would be hard to use a fixed dollar amount cap. The cost of 
technology will change over time and vary depending on the nature 
of the system. A cap on the percentage of the value of the 
technology being donated appears to be the more viable option. 
The physicians or clinics with high
Medicaid and/or charity care caseloads should be exempted from 
cost-sharing.
        Subsection 417.357(x)(9). This subsection requires that any 
donated EHR software contain electronic prescribing capability 
that complies with the electronic prescription drug program 
standards under Medicare Part D at the time the items and services 
are furnished. In the preamble the Department states that it "wants 
to ensure that integrated packages that could positively impact 
patient care are not excluded from the postinteroperability 
exception." We support the development of software in ways that 
promote avoidance of medical errors, improve quality of care, 
and/or enhance public health preparedness. It would be desirable 
that, as the Secretary adopts additional standards for EP, and for 
EMR systems, any donations qualifying for this exemption also 
have to comply with those standards without the necessity that the 
Department amend these regulations. We suggest the Department 
consider that possibility in shaping the final regulations.
        Sunset section 411.357(x) entirely at a designated date. The 
rationale for allowing an exception to antifraud prohibitions 
decreases with the passage of time. Physicians may not purchase 
EHR technology now, but in the future having such technology 
will be a standard and necessary part of medical practice. At that 
point there will be no need for third parties to donate such 
technology. Furthermore, if interoperability becomes the norm, 
incompatibility across a network of providers ceases to be an issue. 
We therefore strongly urge that this entire section authorizing the 
Stark law exception for EHR be eliminated not later than five years 
from the date of publication of the final regulations.  Alternatively, 
the sunset date could be delayed for up to two additional years if 
the Secretary makes an administrative finding that there is still a 
need for the exception to promote adoption of EHR technology.
        While we support some limited exceptions to the physician 
self-referral prohibition, and the creation of additional safe harbors 
under the Anti-Kickback statute, for donations of EP and EHR 
technology, we believe these exceptions will have only a modest 
impact on the expansion of their use. Of much more importance 
are the standards harmonization and product certification efforts 
the Department already has underway. Equally important will be 
direct funding of loans and grants to states and providers and 
financial incentives for the adoption of HIT being incorporated in 
federally supported health care programs, including Medicare, 
Medicaid, FEHBP, TriCare, and SCHIP.
        Thank you for considering our comments.

National Partnership for Women & Families
AFL-CIO
American Federation of State, Federal and Municipal Employees
Consumers Union
Department for Professional Employees, AFL-CIO
National Consumers League
Service Employees International Union

	MR. DEAL.  Thank you.  Mr. Neaman.
        MR. NEAMAN.  Chairman Deal and members of the 
subcommittee, good afternoon.  On behalf of the Healthcare 
Leadership Council, thank you for the opportunity to testify before 
you this afternoon on the importance of health information 
technology and some of the important steps that need to be taken to 
create a national health information network.  I am here this 
afternoon wearing two hats, first as the Chairman of the Healthcare 
Leadership Council, a coalition of many of the Nation's leading 
healthcare companies and organizations.  The HLC has a 
longstanding interest in this issue and shares the President's and 
this Congress' commitment to achieving widespread adoption of 
health information technology.
	I am also here today speaking as the President and Chief 
Executive Officer of Evanston Northwestern Healthcare, a large 
academic medical center in northern Illinois comprised of three 
hospitals, a 500-physician multi-specialty group practice, and a 
medical research institute that has over $100 million of NIH 
grants.  At our organization the dream of electronic medical 
records is no longer a dream.  It is a reality across all three of our 
hospitals and over 70 of our doctor offices and clinics.  We have 
had a full electronic medical record up and running for over two 
years, and I can tell you that it is powerful and transformational 
and really makes a difference in the quality of care and the 
reduction of medical errors, improvement of life for our nurses and 
our pharmacists and our staff, and improving the efficiency for all 
consumers.
	In 2003 we launched the EPIC comprehensive electronic 
medical records system that indeed provides all of our hospitals 
and physicians with a single, legible, unified source of clinical 
information.  The healthcare professionals at Evanston can tell you 
firsthand, and with great confidence, that health information 
technology can and must transform our Nation's healthcare system 
for the better.  We have been able to deliver medications to 
patients faster.  We have significantly reduced medical errors, and 
in one specific example when the manufacturer of Vioxx took the 
drug out of commission, we were able to communicate and 
identify over 2,000 patients on the drug, communicate with their 
physicians and the patients, and make changes to this drug in three 
hours.  That would be impossible to achieve with paper records.
	The task before us is to make sure that this capability is 
available to all patients in the United States through interoperable 
electronic health records, and today I would like to highlight three 
challenges that must be met in order to achieve this goal.  First, we 
have to have a multi-State interoperable health information system 
that must have uniform Federal standard governing patient privacy.  
Our current confidentiality framework rests upon literally 
thousands of State statutes, regulations, common law principles, 
and advisories.  Not only do States differ from each other on their 
privacy rules, but virtually no State requirement is identical to the 
Federal HIPAA privacy regulation.  This checkerboard of varying 
rules would definitely stand in the way of an interoperable multi-
State information network.
	To address this problem, we urge Congress to act on H.R. 
4157, the Health Information Technology Promotion Act of 2005, 
which is co-sponsored by several members of this subcommittee.  
This bill establishes a process to ensure a uniform national 
standards is achieved that preserves and protects the security and 
confidentiality of patient health information.  We believe this 
legislation is critical to achieving the Nation's HIT objectives.  
Another challenge we face concerns HIT financing.  Developing 
the EPIC system at Evanston Northwestern Healthcare required 
over $40 million of investment and our operating expenses initially 
went up by over $5 million per year to make sure that the system 
runs and runs well.
	Many healthcare providers, I would suggest most, do not have 
the capital on hand to make this kind of investment, not only in our 
hospitals but certainly in our physician offices.  We believe that is 
in the Nation's interest, given the importance of interoperable HIT 
to patient safety and the Nation's emergency preparedness to drive 
implementation through financial incentives and creative funding 
mechanisms, and we are prepared to work to help you shape such 
an initiative.  Finally, we believe that greater physician adoption is 
essential for electronic health records to occur in our hospitals and 
medical groups and to occur well.
	This will lead to greater integration of physician and hospital 
information systems that will result in better quality of care for 
patients and saved lives.  For this to happen though, Congress 
needs to provide exceptions to the current physician's self referral 
prohibitions and anti-kickback rules that were not intended to 
prohibit the kind of beneficial patient-centered actions we are 
discussing today.  Let me close, Mr. Chairman, by again thanking 
the subcommittee for spotlighting the vital importance of these 
issues.  We look forward to working with you in the months ahead 
to bring advances in technology closer to the patients and families 
that we are privileged to serve, and we would be very pleased to 
address your questions.  Thank you.
	[The prepared statement of Mark Neaman follows:]

PREPARED STATEMENT OF MARK NEAMAN, PRESIDENT AND CEO, 
EVANSTON NORTHWESTERN HEALTHCARE, ON BEHALF OF 
HEALTHCARE LEADERSHIP COUNCIL

        Chairman Deal and Members of the Subcommittee, I want to 
thank you on behalf of the members of the Healthcare Leadership 
Council (HLC) for the opportunity to testify on legislative 
proposals that will promote electronic health records and a smarter 
health information system.
        My name is Mark Neaman and I am president and CEO of 
Evanston Northwestern Healthcare of Evanston, Illinois.  We are 
an academic health center connected with Northwestern 
University, comprised of three hospitals, a 463-physician medical 
group, a home health services agency and a medical research 
institute.
        My interest in coming before you today is twofold.  First, I am 
chairman of the Healthcare Leadership Council (HLC), a not-for-
profit membership organization comprised of chief executives of 
the nation's leading health care companies and organizations.  
Fostering innovation and constantly improving the affordability 
and quality of American health care are the goals uniting HLC 
members.  Members of HLC - hospitals, health plans, 
pharmaceutical companies, medical device manufacturers, biotech 
firms, health product distributors, pharmacies and academic 
medical centers - envision a quality driven system built upon the 
strengths of the private sector.  
        More to the point, the Healthcare Leadership Council shares 
President Bush's goal that most Americans have electronic health 
records by 2014.  And we appreciate the bi-partisan commitment 
by Congress to encourage widespread adoption of health 
information technology. 
        I'm also here to share my own institution's experiences with 
health information technology.  In July of 2001, the Board of 
Directors of Evanston Northwestern Healthcare gave the go-ahead 
to design and implement a patient-centric electronic health record 
system, a system that we call EPIC.  Our goal was to utilize health 
information technology in a way that would improve clinical 
outcomes, enhance patient safety, provide greater patient 
satisfaction, and create a better working environment for our 
system's health care professionals.
        I can testify, from our own experience, that all of the 
discussion about the promise of health information technology is 
not hyperbole.  It is quite real.  Let me give you some examples.
EPIC was launched in our Medical Group offices in January 
2003 and then introduced incrementally in our hospitals over the 
next 12 months.  We now have, throughout our three hospitals and 
all of our physician offices, a single, unified source of clinical 
information.  With this accessible, comprehensive database, we 
have cut in half the amount of time it takes to deliver the first dose 
of an antibiotic to an inpatient, because of the speed with which we 
can check the possibility of conflicting medications or allergic 
reactions.  In one year, we reduced by 20 percent the number of 
reported medication errors.
        I think it would be useful for the committee to hear of a 
particular anecdotal benefit of the EPIC system.  When the drug 
Vioxx was pulled from usage by the drug's manufacturer, we were 
able to use the EPIC system to remove the drug from our hospitals 
and physician offices, block future orders, send notices to 
physicians regarding which of their patients were on the drug, and 
send electronic links to websites with information on Vioxx 
substitutes.  This process affected over 2,000 patients and was 
completed in just three hours.  To undertake this same task 
manually, utilizing paper records to try to find which patients were 
taking Vioxx, would have taken days if not weeks.
        It is important to note that Health Information Technology is 
not just limited to electronic medical records, it also includes 
integrated medication delivery systems that reduce bedside 
intravenous medication delivery errors and the resultant harm to 
the patient.  These state-of-the-art systems enable communication 
between doctors, patients, and pharmacies to ensure that the proper 
patient is receiving the proper drug in the proper dosage after the 
proper precautions were taken.
        The Healthcare Leadership Council has such a strong interest 
in this issue because we've seen firsthand what widespread 
adoption of HIT can mean for patients and health care providers.  
Several HLC member organizations have been among the earliest 
adopters and pioneers of health information technology.  We 
believe HIT has the power to transform our health care system and 
provide increased efficiencies in delivering health care; contribute 
to greater patient safety and better patient care; and achieve clinical 
and business process improvements.  
        Our interest in this issue is long-standing.  In the summer of 
2003, HLC established a Technical Advisory Board, comprised of 
clinicians and others with information technology expertise within 
HLC's member companies to provide information about their HIT 
implementation experiences.  
        Attached to my testimony is a copy of the White Paper that 
resulted from this effort.  The paper attempted to quantify key 
benefits of HIT along with barriers to HIT implementation.  The 
paper concluded with the following recommendations:
	 Standards to assure interoperability;
	 Financial incentives and funding mechanisms;
	 Liability protections to facilitate sharing of safety and 
quality data; and 
	 Stakeholder collaboration on best practices.
In looking at these recommendations, it is clear that there has 
been significant progress since 2004.  
        Last summer, the President signed into law the, "Patient Safety 
and Quality Improvement Act."  HLC advocated for this 
legislation as an important step toward fostering a culture of safety 
- through liability protections to allow voluntary information-
sharing and reporting.  I thank the Subcommittee members for all 
of your work to enact this important legislation.  
        In the area of standards, several public and private sector 
initiatives are making great strides to identify or develop health 
information interoperability standards that will enable disparate 
systems to "speak the same language."  And the work of the 
Certification Commission for Health Information Technology will 
complement these efforts by certifying that products are compliant 
with criteria for functionality, interoperability and security.  This 
will help reduce provider investment risks and improve user 
satisfaction.    
        As important as it is to applaud the progress that has been made, 
it is necessary to focus on the barriers that stand in the way of 
widespread HIT implementation.  We have some significant 
challenges ahead of us, and I'll begin by discussing patient privacy 
regulations and standards.
        Developing a multi-state, interoperable system depends on 
national technical standards as well as national uniform standards 
for confidentiality and security.  The Health Insurance Portability 
and Accountability Act (HIPAA) governs the privacy and security 
of medical information.  Though HIPAA established federal 
privacy and security standards, it permits significant state 
variations that create serious impediments to interoperable 
electronic health records, particularly when patient information 
must be sent across state lines.  
        We believe Congressional action to establish a uniform federal 
privacy standard is essential in order to ensure the viability of a 
national health information network.  
        Because the HIPAA Privacy Rule's preemption standard permits 
significant state variation, providers, clearinghouses and health 
plans are required to comply with the federal law as well as many 
state privacy restrictions that differ to some degree from the 
HIPAA privacy rule.  
        State health privacy protections vary widely and are found in 
thousands of statutes, regulations, common law principles and 
advisories.  Health information privacy protections can be found in 
a state's health code as well as its laws and regulations governing 
criminal procedure, social welfare, domestic relations, evidence, 
public health, revenue and taxation, human resources, consumer 
affairs, probate and many others.  Virtually no state requirement is 
identical to the federal rule.  
        HLC is not alone in calling for action in this area.  The 11 
member Commission on Systemic Interoperability, authorized by 
the Medicare Prescription Drug, Modernization, and Improvement 
Act to develop recommendations on HIT implementation and 
adoption, recommended that Congress authorize the Secretary of 
HHS to develop a uniform federal health information privacy 
standard for the nation, based on HIPAA and preempting state 
privacy laws, in order to enable data interoperability throughout 
the country.
        H.R. 4157, the "Health Information Technology Promotion Act 
of 2005," which several Members of the Subcommittee have 
cosponsored, anticipates and addresses this need.
        The bill sets forth a process by which the Secretary of HHS 
develops a uniform standard for privacy laws.  The bill does not 
simply adopt HIPAA "as is."  Rather, the legislation requires the 
Secretary to conduct a study of state and federal security and 
confidentiality laws to determine the degree of variance and how 
such variation adversely impacts the privacy and security of health 
information as well as the strengths and weaknesses of such laws.  
        The Secretary then submits a report to Congress including a 
determination as to whether state and federal security and 
confidentiality laws should be conformed to create a single set of 
national standards; and what such standards should be.  If the 
Secretary determines that a single federal standard is necessary and 
Congress does not act to create a standard in three years, the 
HIPAA privacy regulation, as modified by the Secretary based on 
the results of the study, will become the national standard.  We 
believe that this legislation is critical to achieve our critical HIT 
objectives.
        Since 1996, HLC has led the Confidentiality Coalition, a broad-
based group of organizations who support workable national 
uniform privacy standards.  The Confidentiality Coalition includes 
over 100 physician specialty and subspecialty groups, nurses, 
pharmacists, employers, hospitals, nursing homes, biotechnology 
researchers, health plans, pharmaceutical benefit management and 
pharmaceutical companies.
        Many organizations and companies that are members or 
supporters of the Confidentiality Coalition sent a letter to 
Chairman Deal in support of a national standard for privacy and 
the provisions of H.R. 4157 that lay the groundwork for 
developing such a standard.
        In discussing this issue, let me make one point abundantly clear.  
While we believe strongly in the need for a national privacy 
standard, HLC believes just as strongly that any regional or 
national system designed to facilitate the sharing of electronic 
health information must protect the confidentiality of patient 
information.  
        Health care providers and others involved in health care 
operations have appointed privacy officers, adopted compliance 
plans and conducted training with their employees to assure 
patients that they will protect their privacy in accordance with the 
HIPPA privacy rule.
        Addressing this issue appropriately will be essential to achieving 
the interoperability necessary to improve the quality and cost 
effectiveness of the health care system - while still assuring 
patients' confidence that their information will be kept private.   
        To further underscore the importance of this issue to HIT 
development, I have attached to my testimony a map developed by 
the Indiana Network for Patient Care.  Each dot represents a 
patient seen at an Indianapolis hospital during a six month period.  
While the dots are stacked very deep around Indianapolis as you 
would expect, patients served by the Indiana health providers 
during this period were also located in 48 of the 50 states.  Today's 
health care providers, meeting the needs of a mobile society, serve 
patients from multiple and far-flung jurisdictions.  Looking at this 
map it is easy to see why regional agreements will not be adequate 
to address the myriad regulations with which providers and others 
will need to comply to achieve "interoperability."  
        In addition to national privacy standards, the lack of funding or 
adequate resources - combined with the high costs of HIT systems 
- was repeatedly cited in our member study as a barrier to effective 
implementation of HIT systems.  There are significant front-end 
and ongoing maintenance and operational costs for HIT, including 
software, hardware, training, upgrades, and maintenance.  Systems 
are virtually unaffordable for those providers who do not have 
ready access to the operating capital needed for such an 
investment.
        Developing the EPIC system at Evanston Northwestern 
Healthcare required hard capital costs of $35 million.  This does 
not include an additional $7.5 million for consultants to write code 
for the system and undertake other essential tasks.  Furthermore, 
our annual operating costs are increased by $5.5 million to support 
additional IT staff, training and software maintenance agreements.
        In an age in which health care providers, in many cases, must 
deal with rising costs associated with uncompensated care, medical 
liability rates, homeland security needs and addressing staffing 
shortages, it is a simple fact that many providers do not have the 
financial wherewithal to invest in these new systems.
        HLC believes that the federal government should drive the 
nation's implementation of HIT through financial incentives and 
funding mechanisms to help providers defray the huge costs of 
acquiring and operating HIT.  Rapid implementation of 
interoperable HIT is also a critical component of the nation's 
emergency preparedness.  
        While the Agency for Healthcare Research and Quality (AHRQ) 
and Office of the National Coordinator for Health Information 
Technology (ONC) contracts and grants will support the 
development of a national information network and 
interoperability standards, we need to do more to get every 
provider using electronic health records now.
        HLC advocates the consideration and implementation of 
multiple HIT funding mechanisms.  However, we also recognize 
that current fiscal deficits and budget constraints will limit the 
ability of Congress to directly fund any new program or initiative.  
HLC is working with the chief financial officers of our member 
companies and organizations to develop workable, creative 
financing proposals for HIT.  We look forward to sharing those 
ideas with the subcommittee.
        There is one other critical issue I need to address today.  One 
way Congress can facilitate greater physician adoption of 
electronic health records is to allow hospitals and medical groups 
that have successfully implemented electronic health records to 
share their expertise and IT investment with physician offices.  
This will facilitate better integration of hospital and physician 
information systems to improve continuity of care, decrease 
duplicate tests and provide greater safety and quality of care to 
consumers.  By providing exceptions to the physician self-referral 
prohibition (Stark) and anti-kickback rules for HIT, Congress can 
accelerate physician use of electronic health records.
        Current law prohibits anyone who knowingly and willfully 
receives or pays anything of value to influence the referral of 
federal health care program business, including Medicare and 
Medicaid.  Physicians are also prohibited from ordering designated 
health services for Medicare patients from entities with which the 
physician has a financial relationship - including compensation 
arrangements.  The penalties for violating Stark and anti-kickback 
rules are significant.  The Stark law is a "strict liability" statute and 
no element of intent is required.  Violators are subject to 
significant civil monetary penalties and risk being excluded from 
participation in the Medicare and Medicaid programs.  The anti-
kickback law is a criminal statute that also provides significant 
penalties - including fines and imprisonment - for knowing and 
willful violations.  
        Though HHS has released proposed regulations that would 
provide limited exceptions to the Stark and anti-kickback rules for 
e-prescribing and electronic health records, industry analysis 
suggests that the exceptions will be of little value to hospitals and 
medical groups wanting to assist physicians with the adoption of 
HIT because they are too restrictive and contain overly 
burdensome requirements on donors and recipients of IT products.
        Due to the severe consequences of violating these laws, 
providers need a workable safe harbor for HIT.  Congress must 
provide a clear roadmap for hospitals, medical groups and others to 
provide HIT hardware, software, and related training maintenance 
and support services to physicians. 
        Pending legislation, such as H.R. 4157, establishes a safe harbor 
to the anti-kickback and physician self-referral rules for the 
provision of health information technology and related training 
services to health professionals.  
        Under the safe harbor, non-monetary remuneration in the form 
of HIT and training services is allowable if the remuneration is 
made without conditions that limit the use of HIT to services 
provided by physicians to individuals receiving services at the 
entity; restrict the use of HIT in conjunction with other HIT; or 
take into account the volume or value of referrals.  
We believe that enactment of this type of safeharbor will help 
spur adoption of electronic health records and provide immediate 
benefits to consumers in the form of improved quality of care and 
patient safety.  
        In conclusion, HLC believes that HIT legislation should 
especially focus on areas in which Congress and the President must 
act to remove barriers and facilitate successful implementation of 
HIT.  Therefore, HIT legislation should accelerate the adoption of 
health information technology and interoperable electronic health 
records by ensuring uniform IT standards including privacy and 
security and providing exceptions to Stark and anti-kickback rules 
to allow hospitals, medical groups and others to share their 
expertise and investment in electronic health records with 
physician offices.  HLC will continue to work with Congress to 
continue to explore other funding mechanisms to promote wide 
spread adoption of HIT.    
        The Healthcare Leadership Council appreciates the opportunity 
to testify on the development of health care information 
technology, and I will also be pleased to discuss in greater detail 
with the subcommittee our firsthand experiences with health 
information technology at Evanston Northwestern Healthcare.  
Any questions about my testimony or these issues can be addressed 
to me or to Ms. Theresa Doyle, Senior Vice President for Policy, 
Healthcare Leadership Council (telephone 202-452-8700, e-mail 
[email protected]). 

 

	MR. DEAL.  Thank you.  Mr. Pyles.
MR. PYLES.  Good afternoon, Mr. Chairman.  I am pleased to 
be here.  I am Jim Pyles, representing the American Psychoanalytic 
Association, and I would like to just associate my remarks a bit, I 
guess, with the remarks of Mr. Vaughan, who I think beautifully 
expressed the concerns of consumers, and those are largely the 
same concerns by our members because we found that 
psychotherapists are essentially the canaries in the coal mine when 
it comes to medical privacy.  When there is a threat to medical 
privacy you cannot provide effective psychotherapy.  It just does 
not happen.
	I have worked on this issue now for about 15 years, and I found 
that there is absolutely no end to the number of people who want to 
eliminate your medical privacy so they can help you.  So I would 
urge you to think carefully about that.  The fundamental question I 
think we have to ask ourselves as we look at a health IT system is 
are we going to compel Americans to disclose all of their most 
sensitive health information about themselves and their families 
into or from a national interoperable health information system 
without meaningful, informed patient consent, against their will, 
without adequate enforcement against unauthorized uses, 
disclosures, and just essentially disregarding their views.
	One of the things I have not heard much of in the testimony 
today is what do the patients want, and I will be addressing that.  I 
have learned in working on this issue that if you have no privacy, 
you have no liberty, and if you have no privacy, we do not have 
access to effective healthcare.  It just does not happen.  If 
Americans do not have a right to privacy to their innermost 
thoughts and their genetic makeup, what possible privacy could 
they have, what other things could be more private than that?  
What does meaningful consent and privacy mean?  According to 
HHS it means the ability of individuals to determine for 
themselves when, how, and to what extent information about them 
is communicated.  I think if you ask any person on the street they 
will have the same definition.
	Courts have said it really is essentially the right to control the 
disclosure of your information, at least in some routine 
circumstances.  Why is the right so important?  Again, HHS 
concluded that in short the entire health delivery system is built 
upon the willingness of individuals to share the most intimate 
details of their lives with their healthcare providers.  If that does 
not happen, an IT system is irrelevant, so that is the most 
significant concern when it comes to effective healthcare.  HHS 
also concluded that unless public fears are allayed, it will be unable 
to obtain the full benefits of an electronic health information 
system.  And yesterday former Speaker Newt Gingrich presented 
testimony before the Subcommittee on the Federal Work Gorce, 
and here is what he had to say about the patient's right to control 
their information:  "Individuals have the right to control and must 
have the ability to control who can access their personal 
information."  I could not agree with Mr. Gingrich more.
	We know that we have sources already of national privacy 
standards.  They appear in the Hippocratic Oath.  It dates back to 
the 5th Century B.C., which is administered by 98 percent of the 
medical schools in this country to their graduates.  We know that 
established standards for the ethical practice of medicine adopted 
by every segment of the medical profession to essentially assure 
the patients that their information will not be disclosed without 
their consent.  The AMA standard, for example, says, and I quote, 
"The physician should not reveal confidential communications or 
information without the express consent of the patient unless 
otherwise required to do so by law."  We also know that this right 
to privacy for personal information is a fundamental concept of our 
system of government.  It is embedded in the Fourteenth 
Amendment, the Fifth, the Fourth, and the First Amendments to 
the U.S. Constitution.  This is the informational branch of the right 
to privacy, not the decisional branch where there is so much 
controversy.  The Supreme Court is rock solid on protecting the 
right to informational privacy, and as I said, consent must be 
voluntary and it must be informed.
	We also know that this right to privacy is grounded in the 
physician-patient privilege recognized in most States, including 
your own.  The psychotherapist-patient privilege is recognized in 
all 50 States and the District of Columbia and in Federal common 
law.  The right to privacy is also reflected in the tort laws and the 
statutory laws of all 50 States, and the States of Tennessee and 
California have the right to privacy in their State constitutions.  We 
know also that the citizens of Georgia and the citizens of Ohio 
think pretty keenly about their right to privacy, and they have 
enacted a lot of laws to specifically protect it.
	And if you look at tab two, which I will not go into, it lists the 
privacy laws in the State of Georgia that could be preempted by a 
bill such as H.R. 4157.  Both of these States also recognize the 
private act of action which HIPAA does not.  There are many other 
States that recognize similar privacy protections in areas of mental 
health information, genetic testing information, cancer diagnosis 
and treatment information, HIV/AIDS, drug and alcohol abuse 
diagnosis and treatment, birth defects, and many of these States 
give a private right of action.  So I would urge you to be very 
careful about any bill that would preempt these laws the citizens of 
these States have said they need and want.
	There are many other privacy protections under State law.  
Twenty-nine States now have breach protection or breach 
notification laws.  I mentioned private rights of action are there.  
Let us look for a moment at the right of privacy under HIPAA.  
The HIPAA privacy rule really should be named a HIPAA 
disclosure rule because it provides regulatory permission for all 
covered entities and business associates to use and disclose 
identifiable health information for all routine purposes defined as 
treatment, payment, and healthcare operations, without notice to 
the patient, without the patient's consent over the individual's 
objection, even if the individual pays privately, and even 
retroactive to the beginning of time, even information that was 
created prior to the compliance date.
	Treatment, payment and healthcare operations, the reason for 
which this information can be disclosed without permission is a 
lengthy list.  If you look at tab four you will see that list of 
purposes.  HHS responded to many of the concerns that consumers 
had in adopting that regulation by saying it was only a floor, that 
still practitioners could still obtain consent, that more stringent 
laws remain in effect, and that ethical standards retain their vitality.  
I would urge you that with any law that you are thinking of today 
you preserve those protections.  What does the public want and 
expect?  If you look at HHS' findings they have found that the 
public has a common belief and strong expectation that their 
identifiable information will not be disclosed without their consent.  
Sixty-five percent of Americans would not disclose sensitive 
information and necessary information to their physicians and 
providers if they thought it would go into the electronic record.
	Seventy-five percent are concerned about the loss of medical 
privacy due to the use of electronic information, and we know that 
this concern translates into adverse effects on healthcare.  Six 
hundred thousand people a year according to HHS, 600,000 people 
a year, do not seek early diagnosis and treatment for cancer, 2 
million more annually do not seek needed treatment for mental 
illness.  Thousands do not seek treatment for sexually transmitted 
diseases.  One in six Americans takes evasive actions to avoid 
privacy violations, including providing inaccurate information, 
changing physicians or avoiding healthcare altogether, and 87 
percent of physicians report withholding information from a 
patient's medical record due to privacy concerns.
	So we would urge you to start this process with strong privacy 
protections.  Also, we know that an IT system poses a greater 
threat to health information privacy.  The President's Information 
Technology Advisory Committee concluded that the Nation's 
electronic information systems are highly vulnerable to corruption 
by hackers and others, that the threat is growing by over 20 percent 
annually, and the increasing vulnerabilities cannot be addressed by 
current technology.  
	MR. DEAL.  May I ask you to summarize rather quickly, 
please?
	MR. PYLES.  I will.  In conclusion, I would just like to say that 
the the right course of action for Congress to take, I believe, is 
ground any health IT system in strong privacy protections reflected 
in the history of the Nation in its medical and professional 
standards, the law of psychotherapy patient privilege, and the 
constitutional common law provide for meaningful, informed 
patient consent, provide a private right of action, and prompt 
notification for any breaches.  Lastly, I would just mention the 
concern for the loss of medical privacy should be a particular 
concern for Members of this body because under the Supreme 
Court's decision in 2001, Bartnicki v. Vopper, the court held that 
information about a public official or a public event which is 
obtained, even if it is obtained unlawfully, can be published by the 
press and the press has a First Amendment right to do it, and 
Congress cannot prevent that publication.
	So we know these electronic information systems cannot be 
rendered secure.  It is very likely that elections in the future are 
going to turn on what is in a politician's medical record as well as 
his talents he brings to the table.  Thanks very much.
	[The prepared statement of James C. Pyles follows:]



PREPARED STATEMENT OF JAMES C. PYLES, ATTORNEY MEMBER, 
POWES, PYLES, SUTTER AND VERVILLE, P.C.
 
 

	MR. DEAL.  Thank you.  Dr. Detmer.
        MR. DETMER.  Good afternoon, Chairman Deal, members of 
the Health Subcommittee.  I am Don Detmer, President and CEO 
of the American Medical Informatics Association, whose 3,500 
members include physicians, nurses, other health professionals, 
computer and information scientists and managers, biomedical 
engineers, academic researchers, and educators.  Over the years 
AMIA's members have been the pioneers of information 
knowledge relating to healthcare.  In the early days of HIPAA 
rulemaking from 1996 to 1998, I served as the Chairman of the 
National Committee on Vital and Health Statistics, and I also was a 
member of the IOM committees that produced the Errors report 
and the Chasm report.  More recently, I was one of the Speakers 
appointments to the Commission on Systemic Interoperability.
	It is a pleasure to appear before you today.  I would like to 
briefly summarize a few key points, and my written testimony 
expands on those to some extent.  The need for Federal leadership.  
Today, too few individuals have access to electronic health record 
systems and there is little interconnectedness of the systems that 
exist.  And yet, significant improvements in healthcare safety and 
quality cannot be achieved without robust secure electronic record 
systems that can be securely communicated across a national 
information network as we heard from Mr. Neaman.  Without 
Federal leadership our national goal of safe, efficient, effective, 
equitable, timely, and patient-centered care will remain unfulfilled 
dream because the necessary integrated health information systems 
will not be there.
	My comments will touch on a few points that are needed to 
move our national vision forward at this time.  First, the Office of 
the National Coordinator for Health Information Technology, 
ONC, led by Dr. David Brailer, is doing an excellent job.  H.R. 
4157, the Health Information Technology Promotion Act would 
establish the ONC in statute and AMIA applauds this.  Second, the 
Department of Health and Human Services should be given 
explicit responsibility and sufficient ongoing resources for the 
National Library of Medicine to assure that the ongoing 
maintenance and open dissemination of agreed health information 
standards can be pursued as Dr. Braithwaite mentioned.
	Similarly, we are pleased that H.R. 4157 provides explicit and 
reasonable rulemaking procedures for the Department to undertake 
long overdue upgrades of data vocabularies and classification 
systems, the U.S. thus showing the world and shaping global 
vocabularies and classifications as a source of primary data in 
electronic health records, including contemporary disease 
classifications and coding systems, specifically ICD-10, for a host 
of legitimate purposes that go well beyond reimbursement.  Today 
they just do not accurately reflect modern medical practice, nor do 
they help the needs of medical researchers.
	HIPAA.  From my perspective as a physician, the privacy rule 
has been largely successful in clarifying the individual rights of all 
patients in relation to their health data on a national basis in 
establishing the responsibilities and legal obligations of all 
providers to whom patients interact.  It is now time to take a 
rigorous look at lessons learned.  Some argue that States must have 
the capacity to enact more stringent requirements for privacy.  In 
the name of better health and healthcare, I must respectfully 
disagree.  In fact, I do not see how, in practical terms, we can get 
to widespread adoption of electronic health records without 
establishing meaningful floor to ceiling standards that preempt 
idiosyncratic State approaches.  Speaking realistically, only 
through Federal and State leadership can we truly connect our 
Nation for healthcare purposes.
	As a matter of record, AMIA has supported the need for 
appropriate Federal protection of genetic data.  H.R. 4157 calls for 
a study of the impact of varying State statutes on the rights and 
protections afforded to patients and importantly on the impact of 
the requirements on the quality, cost, and effectiveness of 
healthcare.  The study of HIPAA privacy and security standards 
represents an absolute minimum.  Two other items will be valuable 
to add to the study.  First, in addition to the effects on care, the 
study should examine effects on legitimate biomedical research.  
And, second, our Nation genuinely needs a consistent way to 
reliably and accurately authenticate the identity.  Both safety and 
privacy are compromised when the right health information for one 
patient gets associated with or sent to the wrong patient.
	Addressing disincentives to HIT dissemination.  Reasonable 
safe harbors to permit dissemination of health information 
technologies and services intended to improve healthcare quality, 
efficiency, and access would encourage the deployment of 
essential health information systems.  And I am very pleased that 
provisions to that effect are included in Chairman Deal's bill.  
Educating the workforce.  Ultimately health IT comes down to 
healthcare workers and patients being sufficiently skilled to take 
real advantages of the opportunities for improved care, efficiency, 
and access that health information technologies and the 
interconnected national health information infrastructure can 
provide.
	In November 2005, AHIMA, the American Health Information 
Management Association, and AMIA, my organization, convened 
a workforce summit to develop initial strategies to address 
challenges relating to effective implementation of electronic health 
records and personal health records.  The resulting white paper, I 
guess you might call it line paper, Building the Workforce for 
Health Information Transformation, presents nine targeted 
recommendations that key stakeholders, including government, can 
use to support the existing workforce and ensure that sufficient 
number of well-qualified health information specialists are 
available to achieve the necessary health transformation through 
IT.
	We commend this report to you, and AMIA and AHIMA stand 
ready to help address this challenge.  I firmly believe that the 
development and deployment of an interoperable, interconnected 
national health information system is not purely a healthcare issue.  
It is a matter of national security.  Whether we face, God forbid, 
another Hurricane Katrina or an outbreak of avian flu in humans or 
another episode of bioterrorism, we simply must have a reliable 
health information and communication system for our people's 
well-being.  Our Nation's safety depends on it.  Thank you again 
for the opportunity to testify, and I look forward to responding to 
questions.
	[The prepared statement of Don E. Detmer follows:]

PREPARED STATEMENT OF DR. DON E. DETMER, PRESIDENT AND 
CHIEF EXECUTIVE OFFICER, AMERICAN MEDICAL INFORMATICS 
ASSOCIATION

        Good morning.  Chairman Deal, Ranking Member Brown, 
members of the Health subcommittee: thank you for the 
opportunity to appear before you today.  My name is Don Detmer.  
I am President and CEO of the American Medical Informatics 
Association, whose 3200 members include physicians, nurses, 
computer and information scientists and managers, biomedical 
engineers, academic researchers and educators.  Over the years 
AMIA has provided many of the thought leaders who have 
pioneered the innovative use of information technologies in 
healthcare.  In addition to my role with AMIA, I am a Professor of 
Medical Education in the Department of Public Health Sciences at 
the University of Virginia.  I practiced as a vascular surgeon for 
twenty-five years.
        From 1996 to 1998 I had the privilege of serving as Chairman 
of the National Committee on Vital and Health Statistics, whose 
mission, broadly, is to advise the Department of Health and Human 
Services on shaping a national information strategy to improve the 
nation's health.  My tenure at NCVHS coincided with the 
expansion of the Committee's charge enacted in the Health 
Insurance Portability and Accountability Act of 1996, which gave 
the Committee significant responsibilities in regard to 
administrative simplification and privacy.  More recently, I was a 
member of the Commission on Systemic Interoperability, which 
was created by the Medicare Modernization Act, and which made 
a series of recommendations concerning the adoption and 
implementation of health information technology in an October 
2005 report to Congress entitled, Ending the Document Game: 
Connecting and Transforming Your Healthcare Through 
Information Technology.  
As you consider, and I hope pass, legislation that aims to 
facilitate movement toward a 'smarter' health care system through 
the promotion of widespread adoption of electronic health records 
(EHRs) and personal health records (PHRs), let me comment today 
on three important issues: 

	 first, there is a critical need for ongoing Federal 
leadership in encouraging and shaping a national health information 
system that benefits all stakeholders, especially patients; 
	 second, we should focus on "lessons learned" from the 
rollout of HIPAA standards to date and identify issues to be 
considered as additional health information standards and 
initiatives are developed and disseminated; 
	 and, third, we should address some current disincentives - 
both real and perceived - that slow the implementation of 
health information technologies in our healthcare system, 
the most information-intensive enterprise in our economy.

The Continuing Need for Federal Leadership
        While it is the undoubted world leader in high technology 
clinical care and biomedical research, the US healthcare system is 
an incredibly fragmented mix of very large and very small players 
- a conglomeration of 21st century medical science and cottage-
industry business practices, and too often characterized by uneven 
access, delivery and outcomes.  Significant improvements in 
healthcare safety and quality will not be achieved for Americans 
without robust, secure electronic health records within a national 
health information infrastructure (NHII).  Market forces alone have 
not driven the necessary integration of the interests and needs of 
disparate participants: hospitals - physicians and other providers - 
payers - employers - researchers - educators - and, most 
important, patients.  As a result, too few individuals have access to 
electronic health record systems today and there is little 
interconnectedness of the systems that exist.  Without Federal 
leadership to encourage the deployment of interconnected, 
interoperable health information systems, our progress toward 
integrated and quality-based care delivery will continue to be 
lurching and inconsistent. 
        AMIA has been encouraged by Congressional attention to 
health information issues as evidenced by the introduction of HR 
4157, the Health Information Technology Promotion Act, and HR 
2234, the 21st Century Health Information Act, as well as the 
passage by the Senate late last year of S 1418, the Wired for Health 
Care Quality Act. And, we have been pleased to provide input to 
several legislative proposals to make personal health records 
(PHRs) available to Federal Employee Health Benefit Plan 
(FEHBP) beneficiaries.  These bills are important not only for their 
specific provisions, some of which I will focus on today, but also 
because they convey an important message to the public - that 
their elected representatives recognize the critical importance of 
improving the health care system in ways that will empower 
consumers, while also improving the quality, safety, cost-
effectiveness and accessibility of healthcare.  
        Over the last two plus years, the Office of the National 
Coordinator for Health Information Technology (ONC), which is 
headed by Dr. David Brailer, a Fellow of AMIA's College of 
Medical Informatics, has done an excellent job in communicating a 
vision to support widespread adoption of interoperable electronic 
health records within the next 10 years.  AMIA is pleased that 
among the projects currently funded by the ONC are contracts for 
an Internet-based national health information network and for the 
development of processes for the harmonization of the various 
health information standards that are emerging.  AMIA itself has a 
contract with the ONC to create a plan for a national framework 
for clinical decision support.  In regard to interoperability 
standards and the development of processes to certify health 
information technologies that can actually 'talk' to each other and 
will allow the seamless integration of information systems to 
facilitate quality care, AMIA is also very supportive of the work of 
the public-private American Health Information Community 
(AHIC). 
        We believe strongly that HHS should be given explicit 
responsibility for ensuring the ongoing maintenance and 
dissemination of health information standards, with authorization 
for licensing and/or other types of support.  To give you a 
successful example of Federal leadership, I would point to 
Secretary Tommy Thompson's drive to complete the licensure and 
distribution of SNOMED-CT, a vital 'dictionary' of medical 
terminology, by the National Library of Medicine in 2004.  AMIA 
firmly believes that the Department should draw heavily on the 
resources and expertise of the NLM, and we support additional 
funding for the Library to ensure that approved vocabulary and 
other data content standards are maintained, coordinated and 
updated regularly to permit appropriate alignment and uniformity 
of the sets of standards that underlie genuinely workable EHRs and 
PHRs. Just like the NLM's PubMed, these standards should be 
openly available on the internet.
        Importantly, HR 4157, the Health Information Technology 
Promotion Act, introduced by Chairman Deal and Representative 
Nancy Johnson, provides explicit and reasonable rulemaking 
procedures by which HHS can undertake long overdue upgrades to 
data vocabularies and classification systems.  Simply, if we are 
going to facilitate development of an interoperative nationwide 
network of electronic health records (EHRs), we must address the 
issue of interoperative data.  This means that we must have 
standard vocabularies as the source of our primary data in the 
electronic health record, and use contemporary disease 
classifications and coding systems, (ICD-10), not only for 
traditional reimbursement purposes but to permit meaningful and 
accurate secondary uses of data for quality, biosurveillance, and 
public health monitoring, health research, injury prevention and 
policy making.  As a physician and a health informatician, I find it 
unacceptable that the US remains one of a true handful of countries 
in the world to use a 30-year old classification system for 
diagnoses and inpatient procedures.  If we are serious about 
deploying electronic health record systems for the benefit of 
individual patients and the nation as a whole, we must attend to the 
need to improve data standards and speed our capacity to update 
those standards.  At the end of the day, our data systems and 
standards should primarily foster better care, not better 
reimbursement.
 	HR 4157 establishes the Office of the National Coordinator for 
Health Information Technology in statute, and I believe this step is 
a crucial one in clarifying Federal leadership.  As part of our 
support for the Office of the National Coordinator, AMIA will 
continue to urge the appropriators on both sides of the Hill to 
provide for adequate funding of the ONC. 

Examining HIPAA Lessons Learned So Far
        As we move to develop an interconnected, interoperable health 
information system that will facilitate quality, access and patient-
centeredness on a national and international basis, it is prudent to 
identify lessons we have learned so far from the administrative 
simplification provisions of HIPAA.  Though the road was often 
difficult, if not actually painful, we have made a great deal of 
progress in establishing the rights of individuals to expect that their 
health information will be used appropriately and their privacy and 
confidentiality protected, and in imposing meaningful and 
reasonable obligations on health care providers, plans and payers, 
and others to comply with consistent Federal standards for the use, 
disclosure and transmission of health information.  
        Where once some people in the healthcare system may have 
treated individual health information too cavalierly on at least 
some occasions, from my perspective it is manifestly clear that 
since the Privacy Rule took effect in 2003, doctors, hospitals, 
pharmacies, health plans and others have made really extraordinary 
efforts to inform individuals of their rights and to establish policies 
and procedures that protect sensitive health information.  Today 
every individual has a Federal right to access his or her medical 
record and to expect that the healthcare system will keep that 
record secure and confidential.  And these norms are national - no 
longer are your rights, or the legal responsibilities of those 
healthcare providers you deal with, defined by the unique features 
of the State in which you live.  Even if HIPAA may have 'backed' 
the nation into reasonable privacy and confidentiality protections, 
the roll-out has proved, on the whole, successful.              
        Notwithstanding what I think have been extremely good faith 
efforts to ensure that personal data is adequately protected, I do not 
discount that some people - for instance, those with concerns 
about the security of especially sensitive information, such as HIV 
status or relating to mental health treatment - have continued 
concerns about health privacy.  To my knowledge there have not 
been reports of any large-scale violations of the framework set in 
place by the HIPAA Privacy Rule.  That is, individually 
identifiable health information is used and disclosed only for 
"treatment, payment and health care operations" or as otherwise 
specifically authorized by the individual.  Does the Privacy Rule 
protect against patently unethical or extraordinarily careless acts - 
like the leaking of a celebrity's medical record to a tabloid 
magazine or the disposal of old medical records in a dumpster or a 
straightforward instance of identity theft?  Of course not - but we 
cannot expect even the most carefully crafted information 
standards to prevent all illegal behavior.  In such instances, active 
pursuit and strong penalties are needed when intrusions and 
misuses are identified, as a lesson to dissuade others from similar 
illegal behavior.
        Some argue that the States must have the capacity to enact 
'more stringent' standards for health information - as is true under 
the current Privacy Rule - for all health information standards, 
including those that are absolutely necessary for the development 
of an interconnected, interoperable national health information 
system.  In the name of better healthcare, I must respectfully 
disagree.  About half of all Americans live near State lines and 
multiple State approaches complicate the efficient and seamless 
transmission of crucial health information.  For example, it is 
hardly unusual for an individual to work in the District, live in 
Maryland, and receive health care in Virginia, with payments made 
by an insurer located in still another state.  If we are to ensure real-
time availability of accurate and complete clinical information at 
the point of care, we simply cannot have the standards for the use, 
disclosure and transmission of the patient's health information 
subject to idiosyncratic requirements of individual States. 
        Personally, I don't see how we can get to the common 
standards and interoperability that underlie the widespread 
adoption of electronic health records without Federal preemption 
of conflicting State laws.  But rather than simply assert that 
proposition, let me note that, in relation to the Privacy Rule, since 
1999 AMIA has called for a study of the impact of the lack of 
Federal preemption and the impact of varying State statutes on the 
rights and protections afforded to individuals and upon the quality, 
cost and effectiveness of health care.  Thus, I am very pleased that 
HR 4157 calls upon the Secretary to undertake such a study in 
relation to standards that have been adopted subsequent to HIPAA.  
This is a prudent approach; however, if the study shows that 
varying State laws and requirements have a negative impact on 
health care delivery, quality and access, and that HIPAA has 
established meaningful privacy and security protections, it makes 
sense to move forward without delay on Federal preemption for all 
adopted HIPAA standards.
        As you may recall, the original HIPAA legislation called for 
the development of a unique personal healthcare identifier for 
individuals.  All other developed economies in the world have 
already or are currently implementing such identifiers to assure 
proper authentication of people seeking care services.  Whether we 
do so with via a voluntary opt-out approach or through the use of 
reliable identification algorithms, the United States needs a 
uniform approach to authenticating one's identity, and having the 
benefit of a unique identifier to help increase the ease and accuracy 
of this authentication is not trivial.  Indeed, I fear that short of such 
a move, we will be left behind the other nations with whom we 
should be seeking secure ways to collaborate on global standards.  
This topic was a key recommendation from the Commission on 
Systemic Interoperability, and I would strongly recommend that 
consideration of the issues involved in the reliable authentication 
of individuals be included in the Secretarial study called for in HR 
4157.
  
Disincentives That Have Slowed Implementation of Information 
Technologies
        From 1999 through 2003 I had the privilege to serve as the 
Gillings Professor of Health Management at Cambridge University 
in England and to consult to the National IT programme of the 
National Health Service.  As you may know, the British 
government is investing billions of pounds to implement a fully 
functional, patient-friendly, electronic health record and system.  
While this task might appear to be easier in some aspects because 
of Britain's single-payer system, of particular note to me was the 
observation that, even before the government's new investment, 
well over 80 percent of England's primary care physicians were 
facilitating patient care electronically.  Today they are moving 
forward with booking appointments, writing prescriptions, making 
electronic referrals, recording clinical notes and tracking treatment 
compliance.  By contrast, it is estimated that fewer than 20 percent 
of US primary care physicians utilize electronic health records.
        Interestingly, England's primary care practices were 'wired' 
initially not because of government investment, but because the 
British pharmaceutical industry years ago offered to supply the 
necessary hardware and software to primary care doctors in return 
for access to anonymized prescribing information.  In the United 
States I think such an arrangement would be seen as unseemly at 
best, and illegal at worst; certainly in the U.K. there were those 
who held the same view.  While the British are neither less ethical 
nor more permissive of the misuse of identifiable health 
information than are Americans, in this country hospitals, 
physicians and other providers are incredibly reluctant to pursue 
any innovative financing for health IT, including networks that can 
securely link together a region's providers, because of their 
concerns about the Stark self-referral prohibitions and other fraud 
and abuse standards.  
        Whether these concerns are reasonable, today we have hospital 
lawyers who absolutely insist that it is simply not acceptable for 
any third party to furnish any information technologies - whether 
hardware, software, training or other services - to any provider at 
less than a full, fair market price.  Yet, the aims of HIT 
dissemination are to improve the availability of accurate and 
timely health information in order to improve the quality of care, 
and I am aware of no evidence that such dissemination by a 
hospital, for instance, could actually serve to drive 'new' referrals 
or business into that hospital.  While some healthcare systems and 
providers are moving forward under the current standards, the 
general consensus in the healthcare community is that the Stark 
provisions, while quite important in many respects, are 
significantly constraining progress on the roll-out of electronic 
health record systems.  
        It is in the interest of all stakeholders, particularly patients, that 
functional electronic health records and an interoperable health 
information system be deployed as promptly as possible.  But the 
entities that are one key to making crucial progress with that 
deployment, the small and rural physician practices that still 
provide a majority of health care services in this country, are those 
that are least able to afford the capital investment for the purchase 
and hassle of implementing state-of-the art IT systems.  Especially 
because most of the 'savings' of health IT accrue to other system 
participants, including employers, health plans and patients, 
financial outlays necessary for the purchase of the very building 
blocks of an NHII should reasonably come from a wide variety of 
sources, including government outlays and pay-for-performance 
programs.  Actually, pay-for-performance programs represent a 
clear argument for payers to provide some of the financing for 
health IT - because in order to pay-for-performance you have to be 
able to track performance and quality in the delivery of care, and to 
do that efficiently you need sophisticated information capabilities 
embedded in the healthcare system.  Reasonable safe harbors for 
dissemination of health information technologies and services 
intended to improve healthcare quality, efficiency and access 
would encourage deployment of essential health information 
systems, and I am very pleased that provisions to that effect are 
included in Chairman Deal's bill. 

Educating the Healthcare Workforce
        There is no question that momentum for bringing healthcare 
into the information century is building, but this won't happen 
purely through a widespread distribution of hardware and software 
and standards and certifications.  Ultimately, IT comes down to 
healthcare workers and patients being sufficiently skilled to take 
real advantage of the opportunities for improved care and 
efficiency and access that health information technologies and an 
interconnected national health information infrastructure can 
provide.  Assuring these skills throughout the workforce will 
necessitate sufficient numbers of well educated health 
informaticians.  Because the field is advancing so rapidly, we are 
seriously undersupplied to meet this challenge.  
        Last year to help address this challenge, AMIA announced its 
10 by 10 program, which aims to realize a goal of training 10,000 
health care professionals, especially in applied clinical informatics 
by the year 2010; we just passed our first 100 graduates of a 
largely web-based course developed by William Hersh and his 
colleagues at the Oregon Health and Science University.  Other 
universities intend to participate as well.  Our program uses 
classes, tutorials, web-based and in-person sessions to equip health 
care professionals to use health information and health information 
technologies to benefit patient care and to advance medical 
knowledge.  In fact, we know from the research of AMIA 
members that well-trained health providers combined with robust 
IT systems can produce safer, higher quality care delivery.  
        With the supply of physicians essentially constant and the 
nursing workforce aging along with the baby boomers, we will 
only be able to address the increasing demands for care of a 
growing and aging population by developing a better trained 
workforce, especially more nurses skilled in the use of information 
and information systems.  Increased Federal support for education 
and training will be needed to address this workforce reality - and 
in November 2005 AMIA, in conjunction with our colleagues of 
the American Health Information Management Association 
(AHIMA), convened a workforce summit, which included broad 
representation of stakeholders across the healthcare enterprise, to 
develop initial strategies to address challenges related to effective 
implementation of EHRs and PHRs.  The resulting white paper, 
Building the Workforce for Health Information Transformation 
presents nine targeted recommendations that the industry - 
including employers, employees, vendors, the government and 
professional organizations - can use to prepare the existing 
workforce to use technology tools and to ensure that we have a 
sufficient number of well-qualified health information specialists 
to achieve the promise of health IT transformation. 

A Few Conclusions
        In terms of the development and implementation of integrated 
health information systems with sophisticated capabilities, we have 
seen a great deal of progress in the last few years.  Within the 
Veteran's Administration, for instance, the case for improved 
safety and higher quality through the proper use of IT systems - 
including electronic records, decision-support programs, and 
process tracking and change analyses - has been largely made.  We 
have seen the creation of the Office of the National Coordinator for 
Information Technology and a Commission to Certify Health 
Information Technology.  The Commission on Systemic 
Interoperability mandated by the MMA has provided an important 
set of recommendations to Congress, and Secretary Leavitt has 
pressed the American Health Information Community (AHIC) to 
take on a range of public-private initiatives to develop information 
standards, certify new technologies, and provide long-term 
planning and governance for the electronic health environment.  
        Someday we may look back at this moment and say, "The rest 
is history" - but not just yet.  Additional legislation and Federal 
support, and the development of accepted, enterprise-wide 
standards will be required if true interoperability and 
connectedness are to occur.  Clearly, HR 4157 does not try to 
address all of the issues involved in creating an NHII to improve 
healthcare quality, access and patient-centeredness.  But it does 
forthrightly address some key 'sticking points' that are keeping the 
nation from moving forward as quickly as we should and among 
them are first, establishment of the Office of the National 
Coordinator in statute; second, addressing the impact on patient's 
rights and on healthcare quality and safety of varying and 
conflicting State and Federal information standards; and, third, 
reducing some current disincentives to the adoption of available 
health information technologies.  AMIA looks forward to prompt 
consideration of the legislation and to supporting its 
implementation.  
        Finally, let's not forget that an interoperable, interconnected 
national information system is not only a healthcare issue; it is a 
matter of national security.  When I testified to the House Ways 
and Means Committee on July 25, 2005, I stated that it wasn't 
clear what would bring this reality to the American public.  I 
mentioned an outbreak of avian flu in a US population center or an 
episode of bioterrorism or the occurrence of transmissible disease 
in our food supply chain. Instead, a few months later Hurricane 
Katrina drove home my point.  In the first weeks and months after 
this national disaster, two contrasting points were made abundantly 
clear.  First, public health and individual patient care of thousands 
of Americans was jeopardized as paper medical records were 
destroyed by mud.  Second, the electronic medication and health 
records of veterans were available wherever and whenever their 
availability was authorized, offering immediate help to hundreds.  
People's lives do hang in this balance.
        We must have a reliable, ubiquitous electronic health 
information system for our nation.  It is crucial for personal health, 
public health and the economic interests of our country.  While 
widespread dissemination of electronic health record systems and 
the development of a functional NHII will facilitate broad 
improvements in health care quality, access and affordability, it 
will also assist in protecting our security and I would urge your 
leadership in facilitating this development with all due speed.
        Thank you for the opportunity to appear before you today.  I 
will be happy to answer any questions.

	MR. DEAL.  Thank you very much.  Thanks to all of you.  
There were some very interesting comments.  I think with maybe 
one exception, Mr. Pyles being the exception, most of you have 
agreed we need to do something in this area.  Mr. Vaughan has his 
reservations about it.  I understand the privacy issue, and I 
certainly agree with it.  Hearing some of the testimony sort of 
reminds me of the old joke about the fellow who went to his 
doctor, and the doctor asked him, what is wrong with you, and he 
says that is what I am paying you to figure out.  We all want to 
protect our privacy but there has to be some degree of sharing of 
that.  Now I think that the question of preemption of State law is 
one of the more significant issues that we have to deal with here.
	I understand too that there are some very pragmatic problems 
when you allow States to have their own set of rules.  My 
congressional district borders three States, and the Chattanooga 
area is to the immediate north of my district.  We have doctors who 
have patients that go to the hospitals in Chattanooga.  Other parts 
of my State, of course, Augusta, which is on the South Carolina 
border, Columbus, which is on the Alabama border, if we do not 
have some degree of uniformity of those kinds of regulations 
statutorily, how do we avoid, if nothing else, those cross-State 
dealings back and forth of the hospitals and doctors who may be in 
different States, how do we avoid those kind of problems where 
one State's rules may be different from the other State's rules?  Is 
that a problem or is that not a problem?  Mr. Pyles.
	MR. PYLES.  I would be glad to address that, and I also want to 
say that I do not disagree that something needs to be done in this 
area.  I think something needs to be done particularly with respect 
to HIPAA because you have got HIPAA authorizing disclosure for 
treatment and payment of healthcare operations in your State and 
most others and standards of medical ethics prohibiting it, so it 
causes confusion in the consumer community.  They do not know 
if they have a right to privacy or not, and this leads to confusion in 
the practitioner community.  I think a good argument can be made 
for having greater uniformity and therefore understandability in the 
privacy standards across the country.
	MR. DEAL.  Should we not be able to all agree on what those 
would be?
	MR. PYLES.  I would agree with that, and that is why I cited the 
standards of medical ethics which apply across the country that 
contain a consistent privacy standard that has been applied for 
years, cited the constitutional common law that applies in every 
State, the psychotherapist-patient privilege, and the patient 
physician privilege which again applies under the State.  What we 
are suggesting is let us look at the common standards we now have 
that apply across the country and all three of the States your district 
borders on.  Every doctor in those States is subject to standards of 
medical ethics, everyone is subject to the constitutional common 
law and physician-patient privilege.  We have national standards 
for privacy.  We just do not have them in Federal law.
	MR. DEAL.  Mr. Vaughan, you made reference to a possible 
model law.  Is there one that has been proposed by the National 
Association of State Legislators, for example?
	MR. VAUGHAN.  Not to my knowledge.  I am just reading 
Don's testimony.  This is a problem and how do we deal with it.  
And it strikes me that under your leadership you could call for the 
NGA and the National Conference of State Legislators to come 
together and to really identify where the differences are and where 
the commonality is, and like when you make a change in long-term 
care insurance you give the NAIC a couple years to come up with 
a model, Reagan stuff, and then it goes into effect.  You could set 
up a structure that kind of brings the States together and say what 
is really important to us and let us try to talk a common language 
and not this tower of babble, and you have a couple years to do it.
	It is such detailed work.  You do not want this all on your desk, 
I would think.  Get these groups together and see where the 
commonality lies, and let us try to bring this up for the American 
public rather than down to a minimum.
	MR. DEAL.  Mr. Mertz.
	MR. MERTZ.  Mr. Chairman, I just wanted to comment on that.  
We think that the HIPAA standard does create some uniformity.  
The weakness of it is that it does not preempt these literally 
thousands of conflicting State rules that are creating an obstacle.  
And the examples I gave you were various States that actually bar 
the laboratories from providing lab results.  If you set up regional 
organizations or web-based electronic health records, under the 
State laws that exist today, we could not transmit laboratory results 
which make up 60 percent of someone's medical record.  That 
medical record that is on the web would be missing 60 percent of 
the data that a physician needs.  And so we think that the HIPAA 
standard is a very good one and very protective and sets the 
standard.
	We believe that preemption is necessary.  You are only doing a 
study which I think would hopefully identify these conflicting 
State laws to have the States go back and try to undo the laws.  I 
was involved in doing a study of State laws.  There are thousands 
and thousands and thousands of rules that would take 100 years for 
the States to unravel all of those.  That is why we need one good 
strong Federal standard.
	MR. DEAL.  My time is expired.  Mr. Waxman.
	MR. WAXMAN.  Thank you, Mr. Chairman.  Following along 
the same inquiry, I am concerned about creating a national health 
information infrastructure without strong privacy protections for 
patients.  HIT will allow providers to not only keep their patients' 
healthcare records electronically, but share them with others more 
easily.  I do not presume that any of you would be comfortable 
letting an employer or a health plan know if you were genetically 
predisposed to mental illness or have the public know your 
grandchild had been exposed to AIDS or allow a co-worker to 
learn that your husband or wife has a fertility problem.  These 
clearly are very private matters.
	With the expansion of the use of electronic medical records 
comes an increase in the potential for breaches of privacy and the 
pirating of sensitive personal medical information by unauthorized 
parties.  HIPAA, the Health Insurance Portability Accountability 
Act, set minimum Federal standards for use in disclosure of 
personal information.  However, when HIPAA was passed, 
Congress was unable to come to agreement in certain areas so 
States were allowed to enact additional consumer protections.  
Similarly, Congress has been unable to come to agreement and 
pass a Federal genetic non-discrimination law prohibiting 
employers from learning about and using genetic information 
about their employees in the work place.  Still, there are some HIT 
proponents who would be comfortable with HIPAA as a Federal 
privacy standard that would also preempt all State privacy and 
security laws such as State genetic non-discrimination laws.  So 
Mr. Pyles, could you comment on what would have to be included 
in a Federal privacy law for it to be protective, especially if it were 
to supersede State laws?
	MR. PYLES.  Thank you.  I will be glad to do that.  First and 
foremost, I think we would want to see a law grounded in the 
principles, as I said, of standards of medical ethics, otherwise, we 
would have Congress perhaps authorizing the unethical practice of 
medicine, which I do not think any physician would want to see 
happen or any practitioner.  It ought to be granted, and the right to 
privacy reflected in our founding principles of the Constitution, 
and again those are remarkably similar.  There was a comment 
about thousands of State laws.  In fact, there are core concepts in 
those laws that are remarkably similar.  As I said, every State 
protects mental health information, recognizes a psychotherapist-
patient privilege, but beyond that we would need things that 
HIPAA does not provide.  Things like breach notice requirements 
where patients whose privacy has been breached will be notified 
and the Secretary will be notified so that we can see a list of 
companies that do not do a very good job of protecting medical 
privacy.  That could probably be the best enforcement measure we 
could have.
	There should be a private right of action that nearly every State 
recognizes because we know that HHS has done a very poor job.  
There are over 17,000 privacy complaints that have been filed 
since April 14, 2003, the implementation date of HIPAA, and only 
one enforcement action.  So we think that there should be an 
opportunity for patients to establish electronic black boxes.  We do 
not think IT and privacy are incompatible.  We think you can 
actually enhance privacy through the use of health IT, but you need 
to establish the principles at the beginning.  You cannot retrofit an 
IT system for privacy.
	MR. WAXMAN.  Some States know the ways personal health 
information can be used without consent.  Many States have more 
protective laws about specific types of sensitive information, 
HIV/AIDS, mental health records, genetic tests and more.  And 
many States have more meaningful consent requirements.  These 
are the kinds of things you think ought to be in a Federal law if we 
are going to have preemption.
	MR. PYLES.  I would agree.  I would support perhaps a study 
done by the Secretary as H.R. 4157 provides.  But it would have to 
be a study that is first and foremost directed to identify the 
commonalities that we see across the country in medical ethics and 
State laws, in constitutional law.  We should build on the 
foundations we have and that we've formed in this country.  We 
should not assume that we have to operate with a blank slate.
	MR. WAXMAN.  The Federal law only directly applies to 
providers, health plans, and health clearinghouses.  Many States' 
privacy laws directly apply to a broader range of individuals and 
entities like those that transcribe records or those that copy or 
transport files.  Do you think that ought to be a Federal law?
	MR. PYLES.  Absolutely, Mr. Congressman.  Oddly enough, 
HIPAA does not apply to hackers unless they happen to be 
providers or insurers or healthcare clearinghouses.  We would 
think that as with many State laws, Congress should provide for 
privacy protections that run with the information and should apply 
to whoever handles the information.  It is the same to the patient 
whether a private individual breaches their privacy or an insurer.
	MR. WAXMAN.  Thank you very much, Mr. Chairman.
	MR. DEAL.  Thank you.  I hope we will have a second round 
too.  If we do not have more Members show up, we may have a 
chance to go around again.  Dr. Burgess.
	MR. BURGESS.  Thank you, Mr. Chairman.  I forget who it was 
in their opening statement that referenced the disasters down on the 
Gulf Coast, which there is no place clearer that we do need to fix 
this problem.  The records room at LSU, you walk through there, 
the place is ruined and will be ruined for the rest of our natural 
lifetimes. Contrast that with the parking lot at the arena at Dallas, 
Texas where you had 400 private doctors show up to triage people 
after they got off the buses from the Superdome.  And I do not 
remember the drugstore precisely, I think it was Walgreen's, set up 
one of their remote computer terminals there.  They did not have 
medical records, but at least they had pharmaceutical information 
on a lot of the people that got off the buses, and it made piecing 
together the medical story a lot more straightforward, so the value 
was proven to me that day, but it a difficult climb.
	And, Mr. Nelson, I just wondered if you had a thought as to 
how much, looking forward, how much is this likely to cost?  If we 
just look at the Federal government component of healthcare, 
Medicare, Medicaid, VA, Federal prison system, Indian Health 
Service, Federal qualified health centers, about 50 percent of the 
healthcare expenditures are accounted for by the Federal 
government.  Do you have an idea as to what it is going to cost 
Secretary Levitt when he says he is going to build this platform?
	MR. NELSON.  I cannot give you a specific number.  I can say 
that some of the building blocks that have been put in place, I think 
by Dr. Brailer if you take the proposal, for example, it essentially 
was a lot like what a venture capitalist would do when they are 
trying to infuse an investment and then get a return on that 
investment.  Although that may have been about a $20 million 
investment on his part spread out across four major corporations, I 
could tell you for a company like IBM we are taking that and we 
are starting to build on it.  At the end of the day, I suspect that we 
will probably invest 10 to 20 times that amount into helping to fix 
the healthcare problems as a part of our replicating the opportunity 
that he has provided us across this country.
	So, you know, I applaud that immensely without necessarily 
having a number that the actual Federal government itself has to 
invest.  I think private enterprise is going to go a long ways in 
helping solve the problem.
	MR. BURGESS.  When I think back to my days in practice, it is 
a big expense for a single physician's office to do this.  If a 
hospital puts in an expensive system they of course have borne the 
cost of that, then to bring individual doctors offices on board 
would be a relatively inexpensive process because most of the 
software expense has already been handled.  But if the doctors 
offices then have to individually go out and contract with the 
software licenses and what have you it does become a good deal 
more expensive.  So, Mr. Neaman, I wonder if there are any 
thoughts you have of how we might reform some of the Stark laws 
to allow this to be a more facile process.
	MR. NEAMAN.  Thank you.  Your comments are absolutely on 
track in terms of the relative cost and the ability of extending from 
the hospital systems to doctor offices.  In our own experience for 
our three hospitals, again we invested a little bit over $40 million 
to get the system up and running.  In our experience it takes on an 
incremental basis of approximately $50,000 per physician to 
incrementally bring additional doctors up on the system, so it is a 
rather large expense.  It is also a time consuming expense.  We are 
inhibited by Stark and the anti-kickback provisions from extending 
our system to other physicians who are in independent or private 
practice, and that is a big hurdle to overcome, not a risk that we 
want to take given the penalties that are involved with those 
statutes.  So it would be a relatively easy thing to extend the 
systems and the software to other physicians if we are permitted to 
do it under the Stark regulations.
	MR. NELSON.  If I could comment on that, please.
	MR. BURGESS.  Yes, please.
	MR. NELSON.  The $50,000 is certainly a substantial amount of 
money.  To put that in perspective, our data shows that that will 
represent the cost.  The actual market pricing and what physicians 
are willing to bear, the costs that they are actually willing to pay, is 
probably more than $300 to $400 per doctor per month range, so 
there is a bit of a gap there between what the cost is and what the 
delivery is.  Of course, with the Internet and hosting services they 
do not necessarily have to go out and buy complete systems.  The 
average size of a physician's group is like 2.5 or less, so they are 
small groups.  They do not have the capital to be able to spend the 
money, and so we are going to have to come up with alternate 
solutions that are very cost effective to make that work.
	MR. MERTZ.  Congressman, can I make a quick comment on 
that?  We represent the labs and you were not in the room at the 
time.
	MR. BURGESS.  Let me make one other point because I am 
about to run out of time.  If we get a second round, I will be happy 
to come back to you.  From the physician's perspective too it is 
also a question of time for us to do electronic prescribing or even 
electronic medical records.  The average physician has to see 
between 30 and 50 patients a day in order to pay the overhead and 
take something home, and if you add a minute and a half to two 
minutes to every transaction in order to be up to date with 
electronic medical records or prescribing that is two hours, and 
how are we going to compensate the physician for that time?
	MR. NELSON.  We are actually doing this right now in 
Westchester County up north of New York City.  There are 60,000 
IBM employees.  The HR department of IBM actually provided an 
incentive to the physicians to the tune of 50 cents per member per 
month to actually use the system, so they get paid in order to get 
the cost benefits, and what not on a minimum level of adoption.  
The ROI on that was less than two years.  We are seeing a much 
higher level of adoption than what we expected, you know, but it is 
a great model, I think, that we could use across other endeavors 
like this.  And I agree 100 percent with your comments on time 
and doctors.
	MR. BURGESS.  But there the insurance plan bore some of that 
expense to incentivize the doctors to practice.
	MR. NELSON.  And we need to keep in mind that a great deal of 
benefit that comes from these systems goes back to the employer 
and to the payer.
	MR. BURGESS.  Sure.  Thank you, Mr. Chairman.
	MR. DEAL.  Ms. Capps.
	MS. CAPPS.  Thank you, Mr. Chairman.  I have about four or 
five questions I want to try to get into the brief time so I am maybe 
asking for brief responses.  Mr. Nelson, I will start with you.  We 
have been hearing from others on the panel about the complexity 
of multiple State privacy laws.  I wanted to know technologically 
do we have--can you speak to the capability of technology to 
accommodate different State privacy laws?
	MR. NELSON.  I do not think it is a technical problem at all.
	MS. CAPPS.  Okay.
	MR. NELSON.  The technology can handle it and we have 
experience with ATMs, the banking industries, all of which have 
their own unique regulatory issues.  
	MS. CAPPS.  So that is not the issue.  But then let me ask about 
privacy, and I guess I will address you, Mr. Pyles, but I do not care 
who jumps in.  Under current legislative proposals do patients have 
to consent to having anonymous information shared with 
researchers?  Do they have to give their approval?
	MR. PYLES.  I am sorry.  Could you restate the question?
	MS. CAPPS.  Under current legislative proposals, or at least 
some of them, do patients have to consent like give some 
significant assent either in writing to having anonymous 
information shared with researchers?
	MR. PYLES.  Well, I do not know about pending legislation.  If 
it is de-identified information then it certainly could be disclosed 
under HIPAA.
	MS. CAPPS.  Without them even knowing if it is anonymous.
	MR. PYLES.  Without them knowing, that is correct.  Yes.  And 
under the proposed legislation, I cannot think of any of the 
proposed legislation that addresses that issue.
	MS. CAPPS.  The way it is now then, who is responsible for 
determining whether this is legitimate, you know, if lines have 
been crossed if there has been boundaries, and in proposed 
legislation?
	MR. PYLES.  Well, under HIPAA it is very, very difficult to 
know that their information has been disclosed and therefore, since 
they get no consent or opportunity, so that in effect is no notice, I 
am stunned that there are 17,000 complaints that HHS has received 
because I do not know how those patients would have known.  So 
there must be many thousands, tens of thousands more breaches of 
privacy that are out there that people would object to if they just 
knew about it, but they probably do not.
	MS. CAPPS.  And they do not know about it.  In some of the 
proposed legislation, is this dealt with?
	MR. PYLES.  No, that is one of the things most disturbing about 
all of the legislative proposals I see.  It seems that privacy is 
always the last issue to be discussed, if it is discussed at all.  A 
number of the proposals do not mention anything about privacy at 
all.
	MS. CAPPS.  They do not mention privacy at all.
	MR. PYLES.  Correct.
	MS. CAPPS.  Well, that is certainly something I would hope, 
given the questions today that certainly is on our minds, and we 
reflect our constituents so I am hopeful that this will be interjected 
into any kind of studies.  Mr. Chairman, I would hope that that 
would be the case.  I am wondering now with the little more time 
that I have if you, Mr. Pyles, or anyone could comment on some of 
the shortcomings in Federal law currently with regard to 
enforcement of Federal uses of personal health information. You 
touched on it a bit.  The disparity is, are there States that do a 
better job, for example?
	MR. PYLES.  Well, States can do a better job but even with the 
authorization for disclosures, without consent under HIPAA, it also 
means that patients often cannot even assert the rights they have 
under State law because many States prohibit the disclosure of 
many types of information.  But HIPAA allows the disclosure, and 
if a practitioner follows HIPAA then not even a patient would 
know enough to assert their State rights.  Plus HIPAA requires a 
notice of privacy practices to be given to every individual.  The 
notice compels the practitioner to describe the disclosures that are 
made under HIPAA, authorized under HIPAA, even if that is not 
their practice.
	So they are all supposed to include a notice of rights the 
patients would have under State laws, but I have seen very few 
notices that include any reference to State rights.
	MS. CAPPS.  But Mr. Nelson, if we can use him as the standard, 
says there is no barrier in the technology for allowing--
	MR. PYLES.  I have total confidence in Mr. Nelson.  If 
Congress said that a national privacy standard had to reflect the 
right to privacy under medical ethics, constitutional law, and law 
of privilege, that tomorrow morning Mr. Nelson would have a 
product on the street that did just that, and also accounted for 
variations in the State laws.
	MS. CAPPS.  And accounting for the variations in State laws, so 
there is nothing that should stand in the way of this being pursued 
in the interest of consumers or patients.
	MR. PYLES.  Well, I am not the--
	MR. MERTZ.  Could I comment?
	MS. CAPPS.  I would love to hear--
	MR. MERTZ.  I am with American Clinical Labs.  What is a 
technological barrier, the example I gave there is definitely a 
barrier in State laws.  I gave the example of in Florida and 
Georgia, the laws do not allow the laboratories to transmit results 
to an electronic health record.  If there is a disease management 
program that has been mandated under Medicare, we cannot 
transmit because they forbid us transmitting lab results to anybody 
except the ordering physician, even with the patient's consent.  We 
cannot provide lab results for disease management, for an 
electronic health record.
	So with all due respect, maybe you could build a computer that 
could do it but we cannot transmit the results, so that is a State 
barrier that is absolutely insurmountable for us with these 
programs.
	MR. DEAL.  That would be a very remarkable State law that did 
not allow a disclosure with patient consent.  	
MR. MERTZ.  Well, it is not remarkable in Georgia and Florida.
	MR. DEAL.  Well, I know one thing.  The citizens of Georgia 
care a lot about their privacy judging from the laws you have on 
the books.
	MR. MERTZ.  Well, it is not remarkable there because there are 
dozens of States that have those laws, so it is not unusual at all, 
Mr. Chairman.
	MR. DETMER.  I do think that one of the really strong points is 
that you do mandate a study and I think there will be things we will 
learn from that, and I think that is why in fact I really am so 
supportive of that part of the legislation.
	MS. CAPPS.  Mr. Chairman, this has been a good hearing.
	MR. DEAL.  Thank you very much.  Mr. Green.
	MR. GREEN.  Thank you, Mr. Chairman.  Having served years 
in the legislature before, I tell people I lost my mind and came to 
Congress.  I am surprised a lot of States have it where they prohibit 
the individual patient from receiving that information.  I assume it 
is not just Georgia and Florida.  It must be a number of States.
	MR. MERTZ.  Well, it is unusual and it is one of those areas 
where the State law actually prohibits the patient from having 
access to their own records, which we find kind of odd.  Again, we 
are the labs.  We do the testing, and our business is really to get the 
data back to the physician.  But, you know, Congressman, there are 
so many important things.  Diabetes management, they need to get 
hemoglobin H1C tests every six months.  We have almost 10,000 
people die a year just because they are not tested for their 
hemoglobin regularly.  So these programs are so important to save 
people's lives, or cholesterol, people with heart disease.  It is 
essential that these programs be able to manage their disease, and 
so that is why, while we are very careful, we do not want to give 
results out to everybody.  Genetic tests, we are the people who do 
the genetic tests.  We certainly do not want to send those out to 
anybody who does not have an absolute need for disease 
management, hemoglobin, diabetes, asthma, heart disease, yes, 
those are important tests but we will be careful about it.
	MR. GREEN.  Mr. Vaughan, do you have a response to that?
	MR. VAUGHAN.  We are very much for consumers being able 
to have access to their medical records and if there is an error in 
there and it asks for an edit and a correction, yes, this is the kind of 
thing that we need to work out.
	MR. GREEN.  Can you tell me, does Texas have that 
prohibition?
	MR. MERTZ.  I have not looked at Texas specifically.  I know 
that Georgia, Florida, New York, California do have them.  I 
would have to get back to you on Texas.
	MR. GREEN.  We can check because--
	MR. MERTZ.  Generally what the State laws say is that the 
ordering physician or his or her designee may get the lab results, 
and unfortunately it has been interpreted to mean the designee is 
only someone in the doctor's office can get the results so generally, 
almost in every State, we cannot report to a RIO or to a disease 
management organization, so I think Texas would be the same.
	MR. GREEN.  I will have to talk to my legislators because that 
is a concern because I think the patient ought to make that decision 
anyway.  Mr. Vaughan, you give some examples of your concern 
about the abuses under the Stark and anti-kickback laws, and Dr. 
Burgess talked about, and the panel all morning has talked about 
some of the things we have to do to be able to protect that.  How 
are physicians' choices influencing the patients affected now on 
some of the examples?
	MR. VAUGHAN.  Well, the law was designed to deal with the 
fact, and started with labs, that doctors who invested in a lab 
everybody who walked in, you know, maybe just, gee, am I 
pregnant, would get a full lab workup.  There was just 
documentation by GAO and OIG of tremendous over-utilization, 
and then we found the same things in X-rays and MRI machines 
and so forth, and so it spread to try to get a bright line because the 
anti-kickback laws, you have to prove intent.  This was meant to be 
a bright line to say, gee, people who make these investments or get 
remuneration tend to, whether they are aware of it or not, start 
over-ordering and start doing more of a particular service, and it 
was driving up cost something awful.
	The worry is that if stuff is provided free or at a reduced rate to 
a doctor it makes you a good friend of that person who gave it to 
you, and you tend to gravitate that way.  Maybe that is not the best 
place to send your patient, and so that is what we are trying to be 
careful about, opening that door to over-utilization or 
misapplication of medicine.  It is important to coordinate care, 
goodness, yes, but how about making that part of pay-for-
performance or finding other ways to coordinate the care.
	MR. GREEN.  One of the suggestions I know--in fact, we are 
having enough trouble dealing with our lobbying reform, much 
less looking too much at the physicians situation, but on the 
electronic records technology that is something that has obviously 
a greater good.  Not that a doctor having immediate access to the 
test, but if we are looking at the good as a whole, is there a way 
that we can draft something if we are trying to actually have that 
that maybe we would not run afoul of those whether it is IBM or 
whoever is selling this equipment that they do not all decide that is 
the one.
	I know one of the suggestions I heard is that, for example, for 
the greater good we might want to have some non-profit or maybe 
the medical society in a given community or a State saying this is 
the depository, this is the information, and anyone who is a 
member, for example, could then access that without someone 
feeling like maybe they are utilizing that.
	MR. VAUGHAN.  I mean a way to deal that you would not have 
to change any laws or get any IG opinions is if people have some 
money and they want to encourage the spread of this technology to 
doctors in a State who maybe do not have the resources or behind 
the eight ball on it, give it to a foundation, Robert Wood Johnson 
or some State foundation and they would give out the money.  I 
think you will find a lot of opposition or objections to that idea, 
and that should tell you something.  The people who want to give 
this hardware and software, they want a tie with that doctor.  They 
want a tie that binds so that that doctor will send patients to that 
hospital.  Coordinating care with the patients is great, but if that 
hospital that gives the data or the software, is it the best place for 
that patient.
	MR. GREEN.  I see I am out of time.  Mr. Chairman, if you 
would allow me just to ask if anyone else on the panel would like 
to respond.
	MR. DETMER.  Yes.  I just wanted to weigh in on this.  Right 
now our biggest challenge in the U.S. is particularly the small 
provider office. That is really our biggest challenge.  The hospitals, 
frankly, are getting there and they are building their systems.  The 
thing is our country is a very complex, large place, and I think 
some of these issues are working, do work, can work, and will 
work in some settings, but in other settings that opportunity and 
that kind of option is just maybe going to be very hard to put in 
play.  I think what we are really advocating for, if we can get the 
regulations right, security and those kinds of design features.  Then 
our feeling is to have this connectivity means that actually a doctor 
in West Bicycle, Texas can easily get a consultation with the Mayo 
Clinic electronically, as easy as they can actually with the provider 
that maybe gave them that connection.
	In actual fact I think it is that kind of connectivity that really 
has significant offsets in terms of these arrangements.  So I would 
like to think you could craft it.  I certainly hope you could craft it 
because I think we need it.
	MR. GREEN.  Thank you, Mr. Chairman.
	MR. DEAL.  Thank you.  I believe we will start a second round.  
Is that okay with you all?  Okay.  Let me start it off.  I am going to 
try to simplify because I think of it in rather simplistic terms, in 
terms of the problems that I see are encountered.  First of all, with 
regard to a hospital sharing its software with physicians, virtually 
all of my physicians practice in only one hospital.  It does not 
make a whole lot of sense to me that they should not have some 
way when the patient goes to the hospital instead of asking the 
patient when he comes back to the doctor's office, well, what did 
they tell you.  It sort of reminds me of a story of one of my clients.  
I asked him one time, I said, well, what did the doctor tell you?  He 
said I have no idea.  I do not even think he spoke English.
	We have got to have a better way of transmitting information 
that helps the patient.  The one situation, the hospital sharing what 
their tests were, what their findings were back with the treating 
physician, he needs to know that.  Also, let us suppose there is a 
consult with a specialist in the same community who does 
something.  He prescribes some medication.  Instead of the patient 
then going back to his primary doctor and being asked, well, what 
did he give you?  Well, I do not really know.  What did he tell 
you?  I am not really sure.  I did not understand all that.  There has 
to be a better way of doing this.  Now there are several things that 
pop out to me as major problems of what I am talking about.  We 
have alluded to them in some of your testimony.
	One is the coding and whether we are talking about the ICD-9 
versus the ICD-10.  Mr. Mertz alluded to some of the potential 
problems with the additional codings that are there.  Let us talk 
about that for just a minute.  How many of you believe we should 
go to a broader coding such as the ICD-10?  Would anybody care 
to comment?  Dr. Detmer.
	MR. DETMER.  Yes.  Actually I am actually a fellow of the 
American College of Sports Medicine, and you held up your sheet 
talking about some of these sports issues.  I practiced surgery, 
vascular surgery, as well as sports medicine for about 25 years, and 
for 15 years I published a fair amount of work that was 
internationally verified as being valid.  To this day, the coding 
words or the diagnosis I made in athletes, sometimes Olympic 
athletes, still does not exist in ICD-9, as well as being able to for 
payment purposes, I would have to find a code that is sort of 
related to the leg.  In actual fact, what works for billing does not 
capture what you really need to really try to do research as well as 
even just talk about.  For example, asthma today does not have a 
lot of the codes in 9 that really are in 10.  So there is a set of these.
	We do not know how slippery this all is because it is very hard 
to track down.  But suffice it to say there has been a lot of progress 
in medicine in 23 years, and that is how old that coding system is.  
So, yes, it does create problems.  We not only need to worry about 
10, but that is why I talked about the National Library of Medicine.  
We need to put in this process that can keep that going over time 
so that we do not have these very tough dislocations every ten or 
so years.  We really need to put in process something that will 
catch us up but then hopefully keep us up.
	MR. DEAL.  Mr. Mertz.
	MR. MERTZ.  Yes.  Just briefly on that.  ACLA labs, we 
support moving to the ICD-10, but I would just remind you, first of 
all, you are going from 12,000 or 13,000 codes to 120,000 codes, 
so it is ten times as complex.  You may recall that we are just now 
after four or five years finally adjusting to the HIPAA transaction 
codes, the new claim standards that took us years to get that.  That 
was much less complicated than moving to this.  We almost had a 
train wreck where providers were not going to get paid by payers 
because of the complexity of it.  So we just want to make sure as 
we move to this, two years is not enough.  We need at least five 
years to train the people on new systems.
	We have to train all of the doctors who submit the diagnosis to 
us.  They are going to have to put eight or ten times as much 
information on the form that the doctor sends to the lab.  If every T 
is not crossed and every I is not dotted, we do not get paid.  We 
perform the test.  We do no get paid, and the system will really 
shut down.  So I would just urge some caution in having a long 
enough transition period so that we can go there.
	MR. DEAL.  Yes, Dr. Braithwaite.
	MR. BRAITHWAITE.  Mr. Chairman, I think that many of the 
systems that are in electronic health record systems today are based 
on these coding systems.  We get paid for practicing medicine 
when we submit a certain code.  The problem is that those codes 
are very broad, they are very general, and they do not really reflect, 
this is what Dr. Detmer said, what is actually done to the patient. If 
we cannot come up with a coding system that is detailed enough so 
that what we record in our electronic health systems actually 
represents what is done to the patient, then we cannot even look 
forward to that vision I put forward about how we can practice 
medicine better in the future by actually having computers help us 
to interpret what those codes mean with respect to the rest of the 
data about that patient, not necessarily ICD-10, SNOMED CT is a 
national coding system for example that has that level of clinical 
information.
	As we implement electronic health record systems we now 
have computers to help us to come up with the right code.  It does 
not have to be done manually out of a book with pen and paper as 
it is done now in most places for ICD.  So I think there is a good 
balance.
	MR. DETMER.  You also mentioned the importance of the 
patient being in play here, and if you have terminology where the 
patient can see some of these codes that do not really reflect 
particularly what happened you really help bring that patient into 
that care environment.
	MR. DEAL.  Very good points.  Ms. Capps.
	MS. CAPPS.  Thank you again, and you are talking about 
barriers of some kind and maybe we need to pursue that line of 
questioning that you started, Mr. Chairman, but I want to see about 
HIT implementation, what barriers there might be there.  And I 
will continue with you, Dr. Braithwaite.  Everyone seems to agree 
that adoption of electronic health records and a move toward 
interoperability would allow different providers, health plans, labs, 
and others to talk to each other, and that that is a good thing.  It 
would improve quality, save resources, eliminate harmful errors.
	Yet, a recent Rand study found only about 20 to 25 percent of 
hospitals and 15 to 20 percent of physicians offices have an HIT 
system.  Talk a little bit more, I know we brought this up, but focus 
in on barriers to implementation.  And if we design some 
legislation, we are going to hopefully have a study, but what 
should we do or could we do that might help get past some of those 
barriers?  And anyone else can jump in as well.
	MR. BRAITHWAITE.  Well, as I mentioned, one of the major 
barriers is the incentive system.  We are reimbursed in the system 
for piece work.  We are not reimbursed for the health of the 
patient.  And so coming up with several different mechanisms to 
incent the appropriate implementation of health information 
technology in the clinical practice would be appropriate.  I think in 
surveys that we have done, people have problems with up front 
funding as has been discussed.  The capitalization of this in 
practices that do not really have that much capital is difficult.  
Coming up with the changes in the reimbursement policies so that, 
for example, a pay-for-performance program under Medicare that 
actually paid for improved outcomes of the patient based on the 
data that is produced from an electronic health system would in 
fact encourage the physicians to get information technology in 
their clinics and provide higher quality care, as long as the result 
was not that their incomes actually went down because of these 
strange reimbursement policies that come out sometimes.
	I think in aligning incentives so that the people who purchase 
the systems and the people who benefit from them are 
appropriately aligned with the implementation of health 
information technology.
	MR. MERTZ.  May I address that?  As I mentioned in my 
statement, some of our national labs, they are connected with about 
50 percent of the physician offices, and the figure that was given is 
right.  It costs $30,000 to $50,000 to create this conductivity with 
the physician office.  It is not just the hardware and the software 
but the training, marrying all the different systems.  It is extremely 
complicated.  Half of the offices that we do not have relationships 
with tend to be the smaller practices where they do not have the 
resources to do it.
	The labs, we have been the ones who invested millions and 
millions of dollars.  We pay for this conductivity.  But you get to a 
small physician office, and they do not have the volume of lab tests 
to make it economical for the labs to make a $50,000 investment 
so that they can order the results of their tests and get the results 
electronically.  So that is, I think, one of the key areas where help 
is needed to provide incentives and resources.  We get paid for 
doing the test.  We do not get paid for spending $50,000 to hook 
them up electronically.  So that is where we need some help.
	MR. NEAMAN.  If I could just comment from the perspective of 
somebody that has done it and been there, I think half of the issues 
relate to financing, where are you going to find the money to do it.
	MS. CAPPS.  Right.
	MR. NEAMAN.  The other half relates to the huge behavioral 
changes for electronic medical records, and the hospitals and the 
doctor's offices--
	MS. CAPPS.  Behavior changes by whom, everybody?
	MR. NEAMAN.  Every clinician, every nurse, every physician, 
every technologist under an electronic medical records system 
must change the way they practice.  It is no longer writing things 
out by hand or trying to decipher the physician's handwriting.  
Everything changes, and for the most part it changes for the better.
	MS. CAPPS.  Several of you have mentioned incentives.  
Voluntary, is that sufficient?  If we are the ones who would design 
legislation, is it significant enough for our national interest to 
mandate some things, or are we even to the point of talking about 
that?
	MR. NEAMAN.  I think, from the providers' side, the hospitals 
and the physicians lack trust.  If there is going to be anywhere near 
the sufficient level of funding to bring doctor offices or hospitals 
up when we are facing another $36 billion of Medicare cuts.
	MS. CAPPS.  I hear you on that one.
	MR. NEAMAN.  I think it is going to have to be again some kind 
of opportunity included in the private sector to invest monies to 
make this a real reality, unless the Congress wants to take on a 
project like rebuilding the Federal highway system of hundreds of 
billions of dollars to really make this a reality in the near future.
	MR. DETMER.  I think I would like to comment on that, I think 
that puts tension in this, as it is not like there is an EHR system.
	MS. CAPPS.  Right.
	MR. DETMER.  In fact, there have been some very good studies 
done that show that if you go for EHR light, in other words, the 
cheapest kind of way to just get something in, you do not have the 
decision support infrastructure where you really get your quality, 
safety, and your ROI pay back.  By one calculus of that, if you are 
willing and can find the scratch to pay four times more you will get 
12 times back.  So it is not like it is just sort of the thing to do.  
And so education and change management is a major piece of this.  
The other thing that I want to echo, again, that I mentioned earlier 
in my testimony has to do with authentication.
	It was interesting, the day that the commission report on 
systemic interoperability was put out, and I was on that 
commission, we happened to have our annual meeting.  The same 
afternoon we had a presentation of some of the folks that were on 
the commission and talking about it.  A woman in the audience 
said I have a problem for you.  She says I am Mary Smith.  I have 
a problem with authentication.
	MS. CAPPS.  Great.
	MR. DETMER.  She says I get other people's bank statements 
when I do on line banking.  I need some unique way both for my 
protection as well as for everybody else's to identify who that is.  
This issue of being able to have at least a national way of uniquely 
identifying folks is really something that is a barrier that, again I 
think is a Federal issue if we are going to address it.  Thank you.
	MS. CAPPS.  And I know I have overstayed my time but this is 
our last round.  I started out by talking as a nurse about patient 
safety and the benefits of IT.  Somewhere in our study, I would 
hope we could find some way of demonstrating that in the long run 
the initial outlays will be significant of resources.  There ought to 
be a pay back to society at least for mortality rates dropping, and I 
would--we get to that as IT--can the study even demonstrate some 
things?
	MR. NEAMAN.  In our studies, we can tell you that right now.  
It does not take a long term.  We have shown in our studies in our 
hospitals, our doctor offices, there is a payback, economic, clinical, 
saving lives.  It works.  It absolutely works.
	MS. CAPPS.  And is there demonstration of that already?
	MR. NEAMAN.  In our system, yes.
	MR. DETMER.  Speaking of the nurse and the education 
challenge, the strategy we really need is educating nurses in 
particular.
	MS. CAPPS.  I do not believe we will end up doing all of this, 
not all of it, but a fair amount of it at least in the--
	MR. NEAMAN.  If I might, just get a lot of great benefit out of it 
too.
	MS. CAPPS.  I should say.
	MR. NEAMAN.  Better care.  In our studies we saved 20 percent 
of the nurse's time instead of babysitting the chart and trying to 
decipher the doctor's handwriting.
	MS. CAPPS.  And you are all talking about it in acute care 
probably, but look at long-term care and who delivers that care and 
who has to take a huge chunk out of every hour of patient care to 
documenting.
	MR. NEAMAN.  Absolutely.
	MR. DEAL.  Let me go to Dr. Burgess next.
	MS. CAPPS.  It is tough for the doctors, isn't it?  Thank you.
	MR. DEAL.  Dr. Burgess.
	MR. BURGESS.  You know, I think back over 25 years of 
medical practice, the two things that came out of Washington that 
destroyed a better part of the joy of life were the Stark laws and 
HIPAA, and I cannot help but feel we are today with the grand 
daddy of them all, and I do worry about what the world will look 
like so it is terribly important for us to get that right.  So with that 
sort of onus, Mr. Mertz, I interrupted you before.  Let me let you 
finish what you were trying to tell me about the Stark laws.
	MR. MERTZ.  Well, actually the point I was trying to make, I 
eventually made which was that it is a sizable investment, $50,000 
or so, to set up that conductivity between the labs and the 
physician offices.  So it is going to take a lot of money and the labs 
have made that investment.  I just want to reiterate, we very much 
support the Stark law in many ways because it does not allow the 
abuses that happened many, many years ago.  We are able to only 
provide the equipment that is needed just very narrowly to ordering 
tests and reporting results.
	But we see the need to expand it a little bit to allow more 
investment and IT.  We just want to make sure that we are still 
included in an exemption, but that it is done carefully.  So I 
appreciate the opportunity to finish up.  Thank you.
	MR. BURGESS.  And, Mr. Vaughan, on that, does it ever 
increase the cost of care to not share information?
	MR. VAUGHAN.  Sure.
	MR. BURGESS.  I can tell you in my hometown of Denton, 
Texas that I encounter that situation every day where they've got 
two hospitals that are competing, and not only do they not 
communicate with each other, they are forbidden from 
communicating with each other.  So a CAT scan in one hospital on 
a Friday night means you get a CAT scan in the next hospital if 
you go into the other emergency room on the next Friday night 
because you did not like the care you got across town.  It is a 
system that creates more expenditure, I believe, by not 
communicating.
	MR. VAUGHAN.  Absolutely.  This is where so much of the 
savings will be, but how you can get this information, the software, 
the hardware, into doctors offices, how can we do it where it does 
not lead to some distortions that we might not even see for a while 
where one hospital that has got good cash flow in a year, the other 
one has been doing charity care, might be a little starved.  This one 
donates some stuff.  Just consciously or unconsciously doctors will 
say I like those guys.  They have been helping me.  They have 
been helping my office.  I move my patients there and they may 
not have the best department and everything.
	So you get those goofy, almost unconscious distortions, can't 
we pay for this up front?  I know with the Federal budget situation, 
you know, get a life.  There is no cash lying around.
	MR. BURGESS.  Mr. Neaman has found the savings for us in the 
Medicare, is that what you just told us a minute ago?
	MR. NEAMAN.  In our system, yes.
	MR. BURGESS.  So how much money are you going to save us?  
If the Chairman and I are successful in getting this done and your 
company is the one that gets the contract, are we going to save that 
$34 billion in Medicare this year that we can then turn back over?
	MR. NEAMAN.  I can only comment on our system and what we 
have actually found.  The point being is that the systems that we 
have experienced really do save lives and they do less testing, not 
more testing, and they protect patients from abuses of testing.  We 
have even shown in our studies that the efficiency improves so 
much that we were able to save cost-wise $17 million a year in our 
system by doing things right the first time, not having to do them 
time and time and time again, so there is a small incremental 
savings once you get the system up and running.
	Again, all the other benefits are tremendous.  I think Mr. 
Vaughan's examples might be a little confused with what the real 
issues are here.  In the examples of over-testing, such as too many 
lab tests or too many X-rays when a physician owns that 
equipment, that is not what we are talking about here.  If you want 
to preclude that, then do not let physicians own MRI machines, a 
whole other issue.  	
MR. BURGESS.  It is not a good idea, by the way, but continue.
	MR. NEAMAN.  I was not advocating it as a principle, 
particularly my orthopedic surgeons would let me know about that.  
But what we are talking about here is the sharing of data, and 
shouldn't we be focused on the patient here, to share that data 
between our hospitals and our physicians.  Doesn't the American 
public expect our hospitals and doctors to work together around a 
central point of data?  The answer is quite clear in our experience.  
Absolutely yes.
	MR. BURGESS.  Mr. Pyles.
	MR. PYLES.  I have been wanting to get this in.  You asked a 
question in your last round, and I think it touches on what you are 
asking now.  How much you save I think is going to depend on 
how much you need.  The numbers I have seen on the cost of 
wiring the country for health IT are $176 billion initially as start 
up-front costs and $46 billion annually.  Now keep in mind you are 
going to have to replace that information system.  They have a life 
span of about, as I understand it, three to four years, so you are 
going to be continually replacing them.
	It is not to say you should not do it, but when you are talking 
about a solo practitioner in Shady Side, Maryland where my family 
physician is, that is a big chunk.  His share of that is a big chunk.  
He was chosen actually as one of 200 physicians in Maryland to 
use an electronic information system by Blue Cross.  He has found 
that it is out of order.  He carried around a little box that he is 
supposed to input information in.  He cannot communicate with 
the system, at least a minimum of three times a day, and the 
information he gets back is often times so garbled he cannot 
understand it.  So he is a little frustrated.  I have heard healthcare is 
the last area where we do not have IT.  It may not be such a bad 
thing because we are dealing with people's lives, and we would not 
impose a drug or a procedure on the public unless it was proven 
safe and effective for patient use.  So I would just urge you to be 
careful.
	As a lawyer, one of the questions I have always had too is what 
is the standard of care for an electronic health information system?   
When you go into the hospital and a patient has a seizure you 
punch the screen to get the patient's current status and what they 
are on, and it says access denied and you prescribe something and 
the patient dies.  What is the standard of liability there?  A judge is 
going to have to figure that out.  Were you negligent?  Was the 
hospital negligent?  Was it expected for the system to be down 
once a week, once a month, once a year?  My computer is down a 
minimum of twice a week.  Maybe these systems are more reliable 
but that is a whole area that is completely unexplored as far as I 
can tell.  I do not see any standard of care like a Xerox standard.  
Xerox will tell you the copier machine will never be down more 
than four hours.
	MR. BURGESS.  Can Dr. Detmer respond, Mr. Chairman?
	MR. DEAL.  Sure.
	MR. DETMER.  I agree with him on one point, and I disagree 
with him on another.  I agree with him that IT is not some kind of 
magic.  It has got to be done right for it to work, and we have heard 
from some places that are doing it right, and, boy, it does work.  
That is why this education issue is also a huge piece of this, 
because if you just try to do it, I am not sure in fact you will ever 
see a ROI.
	On the other hand, if you do it right I think we now do have 
enough body of evidence to be able to speak to safety, efficiency, 
cost effectiveness, patient centeredness, timeliness.  As prices 
drop, you do start improving equity as well, and that is a U.S. 
problem.
	MR. DEAL.  Why don't we let Mr. Nelson defend his industry?
	MR. NELSON.  I think the comment that I would make is we've 
got to keep in mind that the bulk of the healthcare dollar really 
goes to chronic disease, and there are not a lot of them.  
Interesting, you know, there is various data out there to support 
this, but the average patient when we get down to actually looking 
at it on a by patient basis, they have on average between five and 
ten physicians if you have a chronic disease.  Those doctors do not 
talk to each other.  So it is real obvious that the only way that we 
are going to actually make that work and reduce the redundant 
tests and improve the quality of medical errors and all that is if we 
give smart people information so that they can make smart 
decisions, but allow those smart people and physicians, I think as 
Dr. Burgess mentioned earlier, it has got to be in a way so that the 
physician is not penalized in the process.
	We got 16 percent of the gross national product right now 
going to healthcare which is far over any other country in the 
world.  Any other outcomes are not even in the top ten right now, 
you know.  I think it is a shifting of the dollar that we are talking 
about.  Medicare and Medicaid employers and payers are the ones 
that are the biggest beneficiaries of these systems, and we shift the 
dollars to some extent from there to the primary care physician, 
which are the guys who really I think are in control of the 
healthcare system today.
	MR. DEAL.  Well, thank you. 
	MR. BURGESS.  Mr. Chairman, could I ask a question?
	MR. DEAL.  Sure.
	MR. BURGESS.  We are going to have a bill before us either in 
this subcommittee or the full committee about this, and if it would 
not be out of order to ask each of our respondents to give us their 
impressions about what they like, what they dislike about the bill.  
This is important that we get it right because this could be the 
headache for the next two or three generations of physicians or the 
benefit for the next two or three generations of physicians.
	MR. DEAL.  Certainly.  That would be appropriate, and there 
may be other questions from other members of our committee that 
were not here that may be submitted to you in writing.  We would 
appreciate your response on that.  I commend all of you.  
Somewhat different points of view on some issues, but generally I 
think there is a consensus that this is an area that is worth 
exploring.  It is worth us trying to move forward on the issue.  We 
appreciate your various points of view.  As Dr. Burgess indicated, 
if we can move a legislative agenda, we would appreciate your 
further comments with regard to that as we attempt to refine those.  
We do appreciate your time, and thank you for your attention and 
your being with us on this occasion.  I am not going to adjourn the 
hearing because we expect to have in the next few weeks a follow-
up panel that will be from a Federal point of view and so therefore 
in light of the fact that that further panel will elaborate on the same 
general issue, we will simply just suspend this session of the 
hearing on IT.  Thank you all for being here.
	[Whereupon, at 1:56 p.m., the Subcommittee adjourned.]

    RESPONSE FOR THE RECORD BY WILLIAM BRAITHWAITE, MD, PHD, 
   CHIEF CLINICAL OFFICER, EHEALTH INITIATIVE AND FOUNDATION 
                   FOR EHEALTH INITATIVE

        Responses to Questions following March 16, 2006 
Subcommittee on Health Hearing entitled: "Legislative Proposals 
to Promote Electronic Health Records and a Smarter Information 
System"

        1. How important is it to think realistically and not try to 
do everything at once in terms of a complete electronic 
medical record, but instead focus on things like e-
prescribing, lab results, and patient information?

        Through eHI's Working Group for Value Creation, Working 
Group for Practice Transformation and other organizational efforts,  
eHI is exploring important issues in this topic area. To the question 
specifically, trying to do everything at once in terms of a complete 
electronic medical record, to me, is like trying to boil the ocean.  
Although an electronic health record system for every clinician, 
including functional clinical decision support systems, is a 
necessary vision and goal to work toward, this development and 
implementation process will take decades to complete.  It is much 
better to implement some "low hanging fruit" for which a return on 
the investment can be demonstrated as a way to support the longer 
term effort.
        To the functions you mentioned, e-prescribing, lab results, and 
patient information, I would add medication history (including 
allergies) and clinical reports to complete the set of commonly 
mentioned electronic health information exchange functions that 
clinicians agree would help provide higher quality healthcare in the 
short term.

        2. Can you give an example of some of the decision 
support systems that are possible by moving towards 
smarter information systems?

        Some examples of decision support functions include:
	 Advising a clinician that a drug he/she is trying to 
prescribe has contraindications that must be considered (and possibly 
explained or justified) such as allergies, potential drug-drug 
interactions, instance of another prescription or OTC drug 
the patient is taking with similar physiological activity and 
existence of a less expensive alternative with similar 
activity.
	 Advising a clinician that a lab test that he/she is trying to 
order was done recently on the same patient and present the 
results of that test for consideration to avoid redundant 
procedures.
	 Advising a clinician that a result of a test (laboratory, 
radiology, pathology, or other) indicates an abnormality 
that has not been documented and/or acted upon.
	 Advising a clinician that a screening or follow-up test 
judged to be appropriate for the particular patient (age, 
weight, sex, diagnoses, health status, etc.) has not yet been 
ordered or has been ordered but not produced a result in the 
expected timeframe (e.g., results of ordered Hgb A1c test 
have not been received within 2 weeks of follow-up patient 
visit for diabetes control).
	 Advising a patient that a refill of a prescription for a drug 
that should be taken daily to treat a chronic disease is 
overdue.



RESPONSE FOR THE RECORD BY ALAN MERTZ, PRESIDENT, 
AMERICAN CLINICAL LABORATORY ASSOCIATION

April 18, 2006


The Honorable Nathan Deal
Chairman, Subcommittee on Health
House Energy & Commerce Committee
2125 Rayburn House Office Building
Washington, D.C.  20515-6115


Dear Chairman Deal:

        Thank you for the opportunity to testify before the 
Subcommittee on Health at the March 16, 2006 hearing entitled, 
"Legislative Proposals to Promote Electronic Health Records and a 
Smarter Information System."  Per your request, attached are 
answers to the questions posed in the April 11th letter to the 
American Clinical Laboratory Association (ACLA).

The Honorable Nathan Deal

        1. What particular function of healthcare do labs provide 
that makes them a good starting ground for smarter 
health information systems?  Laboratory data are the 
heart of the medical record.  Laboratory data represent 60-
70% of the medical record while comprising only 5% of 
total hospital costs and only 1.6% of Medicare costs.  The 
vital information provided by laboratory data directs the 
diagnosis and treatment of disease, improves the efficiency 
of the clinical care provided, and most importantly, 
improves clinical outcomes for patients.  The long-term 
benefit of these effects is reduced health care costs.  For 
instance, 62% of the Health Plan Employer Data and 
Information Set (HEDIS) effectiveness of care measures 
are informed by diagnostic tests.  Diagnostic tests are 
specified as important to measure in 80% of the clinical 
evidence based guidelines for the most costly disease 
conditions in the U.S.   It is for these reasons that virtually 
every health care community trying to develop an 
electronic health information infrastructure is looking to 
laboratories first.  In a survey of hospitals, the number one 
health care information technology (IT) function in use by 
the majority of hospitals today is the electronic order entry 
and review of results for diagnostic services.  For example, 
ACLA member Quest Diagnostics, a commercial 
laboratory with business relationships with over half of the 
nation's physicians and hospitals, currently sends 60% of 
its results and gets 40% of orders via the Internet.  The 
investment that laboratories have made in health IT also 
includes public health - ACLA member companies report 
to over 3,000 public health agencies at the local, regional, 
and national level - much of which is done via electronic 
means.
        2. I understand that labs have a limited exception under 
the Stark law.  Can you explain how this exception 
works and whether there are any examples of abuse in 
this area with respect to labs?  The terms of the Stark law 
are defined to exclude from the law's scope the provision 
of hardware or software by a clinical laboratory to an 
ordering clinician provided such items are "used solely to 
order or communicate the results of tests or procedures for 
such entity."  This provision was added to the Stark law 
when it was amended by Congress in 1993.  Under the 
terms of this provision, laboratories are not permitted to 
include other types of functionality in the hardware or 
software they are providing to the ordering physician 
without charging fair market value for this added 
functionality.  For example, one of ACLA's members 
currently offers a product which, in addition to being able 
to order tests and transmit results, also enables the 
physician the means to electronically order prescription 
drugs.  Due to the limited nature of the Stark law provision 
discussed above, this laboratory must charge fair market 
value to the participating physician for this additional e-
prescribing functionality.  The laboratory provision has 
helped shepherd health information technology into 
numerous physician offices and hospitals throughout the 
country today.  The ability to provide clinicians with this 
limited hardware and software is fundamental to rendering 
efficient, comprehensive laboratory services to patients - a 
critically important function that must be maintained.  
Clinicians place a high value on being able to order 
laboratory services and receive laboratory results 
electronically because it improves legibility, decreases 
error rates, produces more timely results, and allows the 
monitoring of redundant or duplicative testing.  ACLA 
member laboratories strive to fully comply with the 
parameters of the Stark law and we are not aware of any 
examples of abuse in this area.
        3. With respect to ICD-9/ICD-10 issues, would it be safe to 
say that we would get more detailed and accurate 
information by switching to ICD-10?  If yes, why have 
we been so slow to move toward this code change? 
Transition from ICD-9 to ICD-10 does hold great promise 
- provided clinicians accurately use the more detailed 
diagnosis and procedure codes offered by the ICD-10 
Clinical Modification (CM) and Procedural Coding System 
(or PCS).  More detailed procedure codes could allow for 
enhanced tracking and analysis of clinical and economic 
benefits and better outcomes research.  However, the 
transition to ICD-10 has justifiably been slow due to the 
massive overhaul to providers and payers' computer 
systems, and the time and expense needed to provide 
appropriate client education, training and testing of the new 
systems.  This transition would be particularly difficult for 
laboratories since they bill Medicare directly, yet depend 
on the ordering physician for the diagnosis codes to include 
on the claim they submit to Medicare.  While the current 
iteration of ICD-9 consists of roughly 13,000 diagnosis 
codes, problems persist today with physicians not providing 
the appropriate ICD-9 codes in order for laboratories to get 
paid.  ICD-10's 120,000 codes have the potential for delays 
in reimbursement if providers are not well educated on how 
to use the new system.   Finally, other regulatory changes 
(including the replacement of Version 5010 of the 837 
claim standard) must occur before ICD-10-CM can be 
implemented
        4. Having uniform standards for the transmission of 
laboratory results is an essential part of promoting 
electronic health records and a smarter health IT 
system.  Can you share with the Subcommittee what 
progress has been made in establishing such uniform 
standards?  Much work has already been accomplished in 
developing uniform standards for laboratory result 
reporting.  Currently, most laboratories and other 
diagnostic services use HL7 to send their results 
electronically from their reporting systems to their care 
systems.  In that transmission most laboratories utilize 
Logical Observation Identifiers Names and Codes (LOINC) 
to facilitate the exchange and pooling of results, such as 
blood hemoglobin or serum potassium for clinical care, 
outcomes management, and research.  The laboratory 
portion of the LOINC database contains the categories of 
chemistry, hematology, serology, microbiology (including 
parasitology and virology), and toxicology.  The 
Consolidated Health Informatics (CHI) initiative, one of the 
Office of Management and Budget's eGov initiatives 
adopted LOINC as one of its core uniform standards on 
March 21, 2003.  However, what is also needed is an 
implementation guide for this system, given the variability 
among laboratories in reporting different LOINC codes for 
the same test (there are over 25,000 LOINC codes for 
laboratory tests).  The EHR-Lab Interoperability and 
Connectivity Standards (ELINCS) project, a non-
proprietary effort involving various players within the 
health care delivery system (including those focused on the 
transmission of lab results), has been doing just that.  In 
March of 2005, ELINCS, through the leadership of the 
California Healthcare Foundation, began developing an 
implementation guide to 'map' the top 80% of performed 
laboratory tests.  This 'mapping' essentially creates 
uniformity among laboratories, providers and vendors alike 
in terms of which LOINC codes refer to which laboratory 
results.  The initial effort was completed in late 2005 (v1.0) 
and additional work on v2.0 is nearing completion, which 
expands the project to cover the top 95% of all performed 
tests (around 170 tests).  In September of 2005 the 
Certification Commission for Health Information 
Technology (CCHIT), which was awarded an HHS contract 
for health IT product certification, included ELINCS v1.0 
among the handful of interoperability specifications it has 
proposed for its first round of certification criteria for 
electronic health record systems.
        5. Establishing an electronic connection between labs and 
physicians or hospitals for ordering tests and receiving 
results can be very costly.  This cost is a significant 
barrier for many physician offices, particularly smaller 
practices.  How costly is it to establish such interfaces, 
why is it so costly, and what is the impact on health care 
practices?  The eHealth Initiative, in a recent report 
entitled, "Practice and Laboratory Connectivity," estimated 
that establishing custom interfaces between physicians, 
hospitals and laboratories can cost anywhere between 
$30,000 to $50,000.  This high cost is due to two factors: 
(1) the cost of the actual hardware/software, installation 
and training of staff; and (2) the cost to "marry' the existing 
data streams of the participating provider and the 
laboratory.  This cost burden, most often paid to a vendor, 
is the direct result of the lack of uniform electronic test 
requisition and result reporting standards.  Due to the 
significant cost involved with establishing this 
connectivity, the provision of this technology is a business 
decision - one which often times prevents this technology 
from reaching both rural and small physician/hospital 
locations.  However, with the ongoing work of the ELINCS 
project in creating an implementation guide for electronic 
results reporting (and plans to tackle the test requisition in 
the near future), it is our hope that in the next few years the 
cost prohibitive nature of custom interfaces will abate, 
thereby leading to greater access to this technology for 
physicians/hospitals both in rural areas and in smaller 
practices.

        Thank you once again for the opportunity to testify before the 
Subcommittee.  If you have questions or need any additional 
information, please do not hesitate to contact me.

Sincerely,
								


Alan Mertz
President

RESPONSE FOR THE RECORD BY MARK NEAMAN, PRESIDENT AND 
CEO, EVANSTON NORTHWESTERN HEALTHCARE, ON BEHALF OF 
HEALTHCARE LEADERSHIP COUNCIL
 
 

RESPONSE FOR THE RECORD BY JAMES C. PYLES, ATTORNEY 
MEMBER, POWERS, PYLES, SUTTER AND VERVILLE, P.C.

April 25, 2006

Dear Mr. Grant,
 
Please accept my response to the letter from Chairman Deal of 
April 11. I was unable to respond to the letter when it arrived 
because I was completing the petition for certiorari to the Supreme 
Court in Citizens for Health v. Leavitt which challenges the 
constitutionality of the HIPAA Amended Privacy Rule. That 
petition had to be filed on April 13, and I had to be out of the 
office until this week. My secretary reminded me that this was due 
today. I think you will find the answers helpful.
 
Question 1:
 
        The question does not accurately state the question I raised. My 
question was, " Will Congress compel Americans to disclose all 
of their most sensitive health information about themselves and 
their families to and from a national "interoperable" health 
information system without meaningful, informed patient 
consent, against their will and without adequate enforcement 
against unauthorized uses and disclosures?" 
        The question to me also incorrectly states that "under current 
health care operations providers may exchange identifiable health 
information for the purpose of treatment and billing." In fact, the 
Amended Health Information Privacy Rule that is currently in 
effect, authorizes covered entities (including doctors, other 
providers, health plans and health care clearing houses as well as 
their business associates) to use and disclose virtually any of an 
individual's identifiable health information for the purposes of 
treatment, payment and health care operations. These are separate 
terms and purposes. Treatment and payment are generally defined 
as uses for the patient's treatment where the patient has requested 
that treatment and payment where the patient has requested that an 
insurance claim be filed. So these uses and disclosures are 
somewhat within the patient's control. Health care operations, by 
contrast, are a broad list of uses generally for the benefit of the 
covered entity that are completely outside of the patient's control 
that include underwriting and premium rating, business planning 
and development, management activities, and due diligence in 
connection with the sale of a business. 45 CFR 164. 501, 65 Fed. 
Reg. at 82,803-04. As the American Medical Association said in 
its comments on the Amended Rule, "As currently defined, "health 
care operations" includes a broad array of activities unrelated to a 
patient's individual treatment or payment and extending far beyond 
the necessary disclosures and uses patients would expect when 
they seek health care...An optional consent provision combined 
with a broad definition of health care operations would 
effectively compel patients, as a condition of obtaining health 
care services, to allow uses and disclosures of their protected 
health information that are not routine or necessary for a 
covered entity to run its business."  AMA letter to HHS, p. 7 
(April 26, 2002). 
  	The question also states, "Of course, doctors may also not 
disclose information if they choose or other rules do not constrain 
it." That choice is not as available as the statement implies. 
Covered entities may provide a consent process for disclosures for 
treatment, payment and health care operations, but only by 
entering into an agreement with the patient to restrict uses and 
disclosures. 45 CFR 164.522; 67 Fed. Reg. at 53,213. Covered 
entities are further discouraged from entering into such 
arrangements because failure to act in accordance with such 
agreements can result in a violation of the Rule and civil penalties. 
67 Fed. Reg. at 53,213. 
        The statement, however, reveals the real change that the 
Amended Rule made in the practice of medicine and the right to 
medical privacy. It is correct that under the Amended Rule, for the 
first time in the nation's history, covered entities have been given 
the federal authority to decide whether a patient's health 
information will be disclosed without the patient's consent and 
even over the patient's objection. The practice under constitutional 
law, medical ethics and the laws of most states, prior to the 
Amended Rule, was for THE PATIENT to be able to decide 
whether his or her identifiable health information would be 
disclosed. In other words, a patient's identifiable health 
information could not be disclosed without the patient's consent. 
This long established principle was recognized in the Original 
Health Information Privacy Rule. 65 Fed. Reg. at 82,474. 
        When many consumers and practitioners raised the concern 
that the proposed Amended Rule would violate medical ethics and 
state laws, HHS responded that The Amended Rule was only 
intended as a "floor" of protections and that more stringent state 
privacy laws and standards of medical ethics would remain in 
effect.  67 Fed. Reg. at 53,212. However, the decision making 
power was taken from the patients and vested solely in the hands 
of covered entities. 
        So in answer to the specific question whether current law fails 
the test, the answer is that the Amended Rule does fail that test to 
the extent that it authorizes covered entities to disclose Americans' 
identifiable health information without their consent and against 
their will. But HHS contends that current law is only a "floor" of 
privacy protections and was not even intended to be a "best 
practices" standard. 67 Fed. Reg. at 53,212. Some who testified at 
the hearing desire for the Amended Rule to become the national 
privacy standard. The effect would be for the "floor" to also 
become the "ceiling" which would leave little room for consumers' 
ethical and constitutional rights to health information privacy. The 
HIPAA Amended Rule cannot be made the national privacy 
standard because it essentially eliminates the individual's right to 
health information privacy rather than protecting it. 

Question 2:

Should a patient be able to "block" a doctor who needs to send 
certain medical information for the purpose of billing?

        Answer-A doctor should always act in accordance with 
standards of medical ethics. The standards of medical ethics of the 
American Medical Association, as well as virtually every other 
medical society, state that, "The physician should not reveal 
confidential communications of information without the express 
consent of the patient, unless required to do so by law." See Tab 1 
to my testimony, item 16.a. HHS also found that this is has been 
the established practice throughout the history of the country. 65 
Fed. Reg. at 82,474. 
        So if a patient, a Congressman for example, wishes to file an 
insurance claim for treatment of the flu, he or she should be able to 
expect that their psychiatric record or genetic test for a 
predisposition for cancer will not be disclosed without their 
consent. If the insurance company insists that they have to have the 
entire medical record to pay the claim, the Congressman should 
have the right to pay privately and not have to disclose this 
information against his or her will. If we do not allow patients to 
assert their traditional right to privacy, they will avoid seeking 
needed health care and/or instruct their physicians to falsify their 
medical records. HHS has found that many Americans already are 
taking such self protective measures and physicians are 
withholding information from patient records. 65 Fed. Reg. at 
82,468. Thus, protection of the right to privacy is essential for 
effective, high quality health care. See HHS determination to this 
effect. 65 Fed. Reg. at 82,467. 
        So the short answer to your question is that a doctor should 
only be able to disclose a patient's identifiable health information 
for billing purposes with the patient's consent. If this means that 
the claim cannot be paid, the patient will have to pay privately (as 
has always been the case). The physician can determine this, as 
they always have, by determining prior to providing the services 
whether the patient will consent to the disclosure of information 
necessary for insurance coverage or agree to pay privately.
        What a physician cannot do in the ethical practice of medicine, 
is disclose a patient's identifiable health information for billing or 
other purposes without the patient's consent, unless required to do 
so by law.

Question 3:

Should a patient be able to edit or block the sharing of identifiable 
health information between a physician and a specialist? 

        Answer-Again, we believe in the ethical practice of medicine 
under which a patient's identifiable health information cannot be 
disclosed, even to another physician, without the patient's consent. 
There is no reason why this consent cannot be obtained at the time 
the patient is accepted for treatment by the first physician. This is 
not a novel concept. This has been the established practice, as 
reflected in standards of medical ethics, throughout the history of 
the country.
        For example, psychoanalysts often seek consultations from 
other practitioners, but they never do so without obtaining the 
patient's consent. Certainly, no physician, even a physician to 
whom a patient was referred, would ever treat a patient without his 
or her consent. 
        We do believe, however, that there are situations in which a 
physician should be able to infer consent where it is necessary to 
carry out treatment that a patient has requested. This is essentially 
the approach that was taken in the Original Privacy Rule which 
allowed health care providers in an "indirect treatment 
relationship" (such as a consult) to review an individual's 
identifiable health information without express consent. 45 CFR 
164.506(a)(2)(i) (65 Fed. Reg. at 82,810). 
        The point that must be appreciated is that if the individual's 
right to privacy for identifiable health information is not protected, 
the information will simply not exist, because the patient will 
refuse to disclose it. This was expressly recognized by the 
Supreme Court in Jaffee v. Redmond, 116 S. Ct. 1923, 1929 
(1996).  That decision has now been followed in over 150 other 
cases. 
        The right of consent is not new or novel. It is the core concept 
of medical ethics and the right of all law abiding citizens "to be let 
alone" as protected by the First, Fourth, Fifth, Ninth, and 
Fourteenth Amendments to the Constitution. As HHS has found, 
the right to privacy is a "fundamental right" of all Americans. 65 
Fed. Reg. at 82,464. 
        Do not hesitate to contact me if you have further questions.

							Jim Pyles
							On behalf of the American 
							Psychoanalytic Association 



RESPONSE FOR THE RECORD BY DON E. DETMER, PRESIDENT AND 
CHIEF EXECUTIVE OFFICER, AMERICAN MEDICAL INFORMATICS 
ASSOCIATION

1.	It seems important that when we're talking about electronic 
health records that we would need to come up with a 
common medical terminology. Is the licensure of 
SNOMED the final step in coming up with this common 
terminology or does more need to be done?

        Response: The initial comment is accurate; that is, we need to 
have a common medical terminology.  The licensure of SNOMED 
was not the final step in coming up with a common terminology 
and more does need to be done.  Today, we have three problems. 
First, we don't have a global system that brings SNOMED and 
ICD-10 together and, second, we don't have an agreed-upon 
manner by which the world will maintain the terminology and 
classification system going forward. Medicine constantly changes 
due to new discoveries about human biology and diseases, new 
technologies, and new treatments.  The challenge is to find a way 
to support those groups who can do this kind of work well and also 
support a method and manner of giving the world timely open 
access to the terminology and classification into the future.  The 
USA would be very wise to license SNOMED and subsequent 
terminology and classification for use by the world and not just for 
USA institutions from the National Library of Medicine as well as 
support the ongoing maintenance of the standard terminology and 
classification systems through the NLM; an extra $6-8 million per 
year would give the NLM the funding it would need to support this 
but the benefit to the USA itself would more than offset this cost.   
A joint task force of AMIA and AHIMA experts is currently 
working on a white paper that discusses this issue in some detail 
and a copy of that report will be sent to you as soon as it becomes 
available.  Additional funding for informatics research on this and 
related issues such as that mentioned in the next paragraph is 
needed.
        The third problem relates to the movement within the USA of 
giving patients electronic health records populated upon 
information used in paying insurance claims.  The current 
terminology on insurance claims that used ICD-9 is so outdated 
that it will only serve as an approximate representation of a 
person's health status, treatment, or disease condition(s). We have 
very little data to show us just how well or poorly it reflects reality 
but many experts are concerned about the potential distribution of 
millions of records of dubious accuracy and the confusion this will 
cause physicians as well as patients as they seek to sort out reality 
from 'billing' data.  We will have integrated computer-based 
personal and clinician health records in the future and this makes 
the challenge of addressing the remaining terminology and 
classification issues for now and going forward.

2.	You mentioned the need for ways to authenticate or 
identify individual patients - what are the privacy aspects 
associated with a unique personal identifiers, as was called 
for in the original HIPAA legislation?

        Response:  The privacy aspects of authentication or 
identification of individual patients fall into two categories based 
upon what one consider 'privacy rights' to entail in a free society.  
If 'privacy rights' are defined as a 'right to be left alone', they 
imply something different than if 'privacy rights' are defined as the 
'right to remain unknown'.  Since I do not believe a modern 
society can exist by operating with the second definition as the 
dominant operating policy, I will respond to policy dimensions 
relating to the first definition. Indeed, the testimony of one witness 
at the hearing reflected that latter perspective.
        The original HIPAA legislation called for unique personal 
identifiers for health for a number of reasons.  First, all developed 
economies in the world have adopted this approach as the most 
reliable and cost-effective manner of personal identification for 
health purposes. Today, we are seeing rising interest and indeed 
rapid movement to give citizens their personal health information.  
It is crucial for both health care safety and personal privacy that 
both doctors and patients exchange data solely to those to whom it 
is intended and no one else.  In all likelihood we will use an 
algorithm in addition to a unique identifier.  If one does not have 
access to a person's social security number (SSN) for example, the 
accuracy of the algorithm drops considerably.  To assure the 
greatest accuracy, a unique personal identifier is the most sensible 
approach. 
        At the minimum we need national public policy that will assign 
a unique health identifier with an opt-out arrangement for those 
citizens who fall into the latter category mentioned above.  
Suggestions have included the SSN plus a four digit PIN and a 
range of other suggestions have been made.  There is ample 
testimony before the NCVHS on this topic.  I see some value for 
using the first five digits of the SSN plus a four digit PIN that the 
individual selects.

3.	We have heard complaints about the negative impact of the 
HIPAA privacy rule on clinical research - how would 
legitimate clinical research uses of information be better 
facilitated?

        This question has many potential responses.  Unfortunately, the 
potential for HIPAA to be revised so that it could better support 
clinical research without legislation being passed or regulations 
being developed that would in reality make clinical research even 
more difficult to undertake is a compelling consideration. In light 
of this, only one recommendation follows.  As the nation moves 
toward an approach to authenticate all individuals in order to 
improve patient safety and protect the privacy of their data, the 
citizen at the time of identifier selection could be given the option 
of 'ticking a box' to allow him or her to be contacted by 
researcher(s) having clinical research protocols approved by a 
legitimate institutional review board to see if the individual had 
any interest in participating in such a study or studies.  
        Those citizens who chose neither to have a unique identifier 
nor participate in research would not be able to be notified but 
certainly millions of citizens both could and would choose to 
participate. This would be enormously helpful to the clinical 
research community.  Obviously, those who chose not to 
collaborate would still gain the benefits from any findings coming 
from those sharing their data.  Of course, if sufficient numbers of 
people opted out in a certain category of age or sex, no valid 
research would be achievable since sample sizes might be too 
small. This creates a problem known as 'free riders'.   Too many 
free riders and the train won't leave the station.   If there is interest 
in other ways to improve clinical research, I can respond further.

Don E. Detmer, MD, MA, President and CEO, American Medical 
Informatics Association


SUBMISSION FOR THE RECORD BY THE BLUE CROSS AND BLUE 
SHIELD ASSOCIATION

Introduction
        The Blue Cross and Blue Shield Association (BCBSA) 
appreciates the opportunity to provide testimony to the Committee 
on H.R. 4157, the Health Information Technology Promotion Act 
of 2005, and applauds the effort to facilitate and encourage the 
widespread adoption of health information technology (health IT).  
        BCBSA is made up of 38 independent, locally operated Blue 
Cross and Blue Shield companies that collectively provide 
healthcare coverage for more than 93 million people - nearly one-
in-three Americans.  Blue Cross and Blue Shield Plans across the 
country are leaders in advancing health information technology, 
giving providers and consumers tools and information to help them 
make better health care decisions.  Plans are sharing clinically 
relevant claims information with physicians; giving consumers 
access to their medical information through personal health records 
and other internet-based tools; and helping providers adopt health 
IT, including e-prescribing and electronic health records (EHRs).
        BCBSA is committed to a health care system that can assure 
greater patient safety, improved quality of care and increased 
efficiency.  We believe that achieving this goal requires nationwide 
adoption of health IT based on interoperability standards that 
support the exchange of information among providers, payers, 
consumers and government.  That is why we strongly support the 
requirement in H.R. 4157 to establish interoperability standards 
through a public-private collaborative process.
However, we are concerned that the provision calling for switching 
from ICD-9 to ICD-10 billing codes by October 1, 2009 would 
threaten the goal of widespread adoption of health IT.  Switching 
to ICD-10 by 2009 is unworkable because:
	 ICD-10 is a massive undertaking, not only for payers and 
hospitals but also for physicians;
	 Industry is running at maximum capacity with HIPAA 
mandates;
	 Much preliminary work is needed to make the switch 
feasible; and
	 Medicare would be put at great risk.
        Our testimony below will explain these factors, and offer as an 
alternative three additional years to switch to ICD-10, with full 
compliance no sooner than October 1, 2012.
        In addition, we would like to draw the Committee's attention to 
a specific issue concerning the provision creating new safe harbors 
under the federal anti-fraud and anti-kickback laws: the prohibition 
on taking into account the volume or value of referrals by entities 
donating health IT to physician.  As explained below, this 
prohibition would have a chilling effect on donations of health IT 
that are already taking place today.

Switching to ICD-10 by 2009 is Unworkable
        In 2003, the Robert E. Nolan Company - a respected business 
consulting firm - estimated that implementing ICD-10 would cost 
providers and payers up to $14 billion.  This cost is indicative of 
the complexities involved in switching from ICD-9 to ICD-10.

Provider and Payer Systems will require a Massive Overhaul
        ICD codes are ubiquitous in health care.  Providers process and 
store diagnosis and procedure codes in virtually every one of their 
computer systems, many of which are linked to share information.  
Payers use diagnosis and procedure codes not only to process 
claims, but also to design benefit packages, construct fee 
schedules, operate disease management and quality improvement 
programs, make medical necessity determinations, and prevent 
fraud and abuse. 
        The new ICD-10 coding systems are significantly more 
complicated than ICD-9.  ICD-9-CM (volumes 1 & 2) uses about 
13,000 codes for diagnoses; ICD-10-CM uses 120,000 codes for 
diagnoses.  ICD-9-CM (volume 3) uses about 11,000 codes for 
procedures; ICD-10-PCS uses 87,000 codes for procedures.
        To handle these new ICD-10 codes, provider and payer 
systems must be completely redesigned: field sizes will have to be 
expanded, alphanumeric composition allowed, and code values and 
their interpretation completely redefined.  IT staff will have to 
install new code sets, remap and testing every interface used with 
vendor software (front-end and back-end) and modify all reports 
used by providers and payers in clinical, financial, reimbursement 
and quality analyses.
        Such far-reaching changes demand adequate time to avoid 
costly mistakes and disruptions in claims payments.

Physician Practices will Require a Massive Overhaul
        If the advantages of the new coding system are to be realized, 
physicians will need to become substantially more precise and 
detailed in documenting patients' medical records.  To make sure 
they get the right information from patients to assure proper 
coding, physicians will need to know ahead of time all of the 
information that will be required to code according to the new 
standard - an impossible task without new electronic decision 
support systems that take physicians through the "decision tree" 
for each possible diagnosis.  Unfortunately, fewer than 15% of 
physicians currently have electronic health records systems that 
could be modified to provide such decision support.  A report 
published last year in the Annals of Internal Medicine projects on 
the basis of current trends that in five years' time only 25% of 
physicians in solo or small group practices will have electronic 
health records.
        Once they gather the needed information, physicians will need 
to put additional time and effort into documenting patients' 
medical records, and completing what is sure to become a greatly 
expanded "superbill" to assure proper reimbursement.  In turn, the 
physician's coders will need to increase their medical knowledge, 
and the medical staff will need to be aware of the challenges to the 
physicians and be prepared for greater interaction between the 
coding staff and the physicians.

Industry is Already at Maximum Capacity with HIPAA
        Implementing ICD-10 by 2009 would cause system overload.  
Payers and providers are currently working hard to implement 
pending and planned HIPAA tasks.  These need to be completed or 
well underway before implementing ICD-10 because they require 
the same staff resources.  Providers, payers and vendors will all 
have resources stretched thin over the next several years.   
        Currently the health care industry is still working to fully 
implement all of the initial HIPAA transactions. For payers this 
work includes trading partner testing and making improvements to 
the level of response in both the claims status and eligibility 
response transactions.  
        Another major task currently underway is implementation of 
the National Provider Identifier (NPI). This project has proven to 
be much more difficult than originally contemplated because of the 
complex relationship between NPIs and legacy identifiers.  
Crosswalks or maps between the two sets of identifiers need to be 
developed, and in some extremely complex cases re-contracting 
may be required. The compliance date for this implementation is 
May 2007, and will most likely require continued use of support 
staff for the remainder of that year.
        Other HIPAA projects on the horizon include electronic claims 
attachments, which will probably need to be implemented starting 
in 2007, implementation of the 5010 version of the current HIPAA 
transactions, and the National Payer Identifier (which has the 
potential to become as complex as the National Provider 
Identifier).  Each of these projects individually will require 
substantial human and capital resources.  All of this work, coupled 
with the scope and complexity of the move to ICD-10, would 
severely overload system resources and expose the providers and 
payers to unnecessary risk.  

Much Preliminary Work Is Needed
        Important steps must happen before the switch to ICD-10 can 
begin.  
        First, industry must move to a new version of HIPAA 
transactions (5010) because the current (4010) will not work with 
ICD-10.  This change alone is a significant upgrade that will 
require the two years allowed under HIPAA to analyze, program, 
test, and implement this more complex version.  The 
"implementation guide" that is part of the new 5010 version shows 
that thousands of changes will need to be made, from 
comparatively simple tasks like making a change to a single 
document, to extremely complex tasks like adding the ICD-10 
code list.  Only after these changes are made should providers and 
payers begin implementing ICD-10
        H.R. 4157 seeks to hurry the process of implementing version 
5010 by eliminating notice and comment rulemaking.  This would 
be a mistake.  The notice and comment process is industry's 
primary opportunity to raise business issues that have broad policy 
implications.  To take claims attachments as an example:  the SDO 
might focus on the business requirements around a specific 
interaction between trading partners such as an unsolicited claim 
attachment; but CMS would focus on the larger business/policy 
issue of whether or not to allow claims attachments.  
        Only the agency's comment and review process gives industry 
the opportunity to consider the proposed mandate from an 
enterprise or industry-wide perspective. We believe that global 
perspective review is essential for the industry and we strongly 
believe that global review opportunity must be preserved under 
any revised system for HIPAA changes.
        Second, the government must release automated crosswalks 
that map ICD-9 and ICD-10 - a complete set is not yet available - 
and providers, payers, and vendors must analyze and test those 
crosswalks to minimize problems.  If the crosswalks do not work 
properly, historical data will be lost, resulting in an inability to run 
incentive ("pay-for-performance") programs and the risk of 
increased fraud and improper payments.
        Any change in the underlying code set for claims will undo 
years of work on fraud detection and control based in ICD-9 
coding.  Payers have put logic into place within their systems that 
enable them to see patterns of utilization (such as multiple surgical 
procedures, assistant surgeon charges, unbundling, upcoding, 
appropriateness of care, excluded procedures), draw comparisons 
among providers, and detect claims that fall outside norms.  
        All of this logic will have to change - which involves the 
manual process of rewriting all the validity edits - to detect claims 
irregularities.  Depending on the detail and accuracy of the 
crosswalks, this could be a significant undertaking. Meanwhile, 
even a small increase in fraud could pose significant risk in a $1.5 
trillion health care system.  

Medicare Would Be Put At Great Risk
        In the largest contracting change since Medicare's inception, 
CMS is transitioning more than 50 fiscal intermediary and carrier 
contracts to 15 Part A/B Medicare Administrative Contractors 
(MACs) by 2009.  This will require multiple claims workloads to 
move from multiple contractors to a single MAC with new 
jurisdictional lines.  At the same time, CMS will be consolidating 
Medicare workloads into two data centers, which must be done 
carefully to avoid service disruptions.
        The MAC transition will be made in three cycles of 
competitive bidding, scheduled for completion by summer, 2009.  
This is a mammoth undertaking with multiple data systems being 
transitioned to a single entity.  The GAO has noted that this 
massive consolidation in itself has the potential to cause major 
service problems for Medicare, and the schedule allows little time 
for CMS to make adjust for any problems.  
        Switching to ICD-10 by 2009 would further overwhelm 
Medicare contractors' IT departments, leading to claims backlogs, 
improper payments, increased opportunities for fraud, and provider 
and beneficiary dissatisfaction.  

BCBSA Recommendation
        As switching to ICD-10 by 2009 is unworkable, BCBSA 
recommends a minimum of three additional years, with 
compliance no sooner than October 2012.  An additional three 
years would reduce the risk of HIPAA overload and Medicare 
meltdown, and would provide time for the adoption of decision 
support systems and significant training and education that 
physicians and other health care professionals will need.

Pilot Testing
        An additional three years would also provide time for pilot 
testing, which BCBSA believes is critical for any major systems' 
change.  Adequate pilot testing is crucial to ensure the new system 
works, providers are educated, and claims will be paid:  A key 
lesson from HIPAA is the importance of pilot testing to avoid 
costly mistakes and assure smooth implementation.  ICD-10 is 
vastly different from the current billing system, with more than 
200,000 codes (compared to 24,000 now).  The World Health 
Organization (WHO) also recommends this essential step: "Before 
starting full-scale countrywide use of ICD-10, it is advisable to test 
adapted data registration tools and procedures in a number of pilot 
areas and hospitals. It will help early identification of outstanding 
problems and fix these before the countrywide implementation 
starts."
        Once comprehensive, automated crosswalks are released, ICD-
10 should be pilot tested.  Providers and payers would then be able 
to adjust their systems, and develop a coordinated implementation 
strategy based on the pilot results.  CMS could then set a 
compliance date that allows the industry to complete the needed 
adjustments. 

Safe Harbors and Limits on Volume
        H.R. 4157 stipulates that in order for non-monetary 
remuneration (in the form of health information technology and 
related training services for a physician) to fall within the safe 
harbor, the entity offering the remuneration must not take into 
account the volume or value of referrals (or other business 
generated) by the physician to the entity. The problem with this 
provision is that it would have a chilling effect on donations that 
are already taking place today by health plans. 
        For example, it is increasingly common for health plans to 
promote electronic prescribing by donating e-prescribing hardware 
and software to physicians. To optimize the allocation of scarce 
resources, the donation programs commonly target physicians on 
the basis of volume of prescriptions written or the value of the 
drugs prescribed. By taking into account volume and value, health 
plan donations have the most impact on improving physician 
prescribing habits and improving services provided to the greatest 
number of health plan members. 
        Unlike hospitals and group practices, health plans as private 
payers actively seek to control the fraud and abuse activity the 
legislation seeks to address-it is a business imperative. As 
partners with the government on Medicare and Medicaid, health 
plans are designed to, and have every financial incentive to control 
utilization costs to compete effectively-the incentives of plans 
and of the government are aligned by the contractual arrangements 
to promote gains in efficiency and quality, and to control fraud and 
abuse. 

BCBSA Recommendation
        BCBSA recommends that the legislation specifically allow 
health plans to determine eligibility or the amount or nature of the 
items and services in a manner that takes into account the volume 
or value of referral or other business generated between the 
physician and the health plan.

Conclusion
        A minimum of three additional years is critical to switch to 
ICD-10 - with full compliance by no sooner than 2012 - not only 
to avoid costly missteps in transitioning from ICD-9 to ICD-10, 
but also to avoid derailing important health IT initiatives to 
improve safety, quality, and efficiency.  Health IT innovations are 
exploding as providers and payers devote significant resources to 
advancing the national priority of widespread adoption of 
interoperable electronic health records (EHRs) and personal health 
records (PHRs).  For example, many Blue Cross and Blue Shield 
Plans are building payer-based EHRs and PHRs using claims data 
and developing regional networks for exchanging administrative 
and clinical information.  Having to redirect resources for an 
immediate switch to ICD-10 could hinder initiatives promising 
direct consumer benefit.



SUBMISSION FOR THE RECORD BY DEBORAH C. PEEL, MD, 
FOUNDER, PATIENT PRIVACY RIGHTS FOUNDATION

        Chairman Deal and Members:
        The Committee on Health deserves thanks for holding hearings 
to examine legislative proposals to build a national health 
Information technology network.  
        I appreciate the opportunity to provide written testimony on 
this matter of critical importance, not only to the future of our 
healthcare system but also to the future of our Democracy and our 
cherished rights to personal liberty and freedom.
        H.R. 4157, the "Health Information Technology and Promotion 
Act of 2005" promotes the adoption of information technologies to 
streamline and improve the healthcare system, but at the expense 
of Americans' most cherished values: personal liberty and privacy. 
	
What is Privacy?
        What exactly does it mean to have the right to privacy? The 
Original Privacy Rule states, "The right of privacy is: 'the claim of 
individuals, groups, or institutions to determine for themselves 
when, how, and to what extent information about them is 
communicated'." 65 Fed. Reg. at 82,465
        The two key reasons HR 4157 and the other HIT bills (with the 
exception of HR 2234) will eliminate every American's right to 
privacy are:

        1) HR 4157 relies on the HIPAA Privacy Rule as a privacy 
standard. But the Amended Privacy Rule deprives all 
Americans of the right of consent, thereby depriving them 
of the right to control access to their medical records.   
[citation: "The consent provisions.are replaced with a 
new provision.that provides regulatory permission for 
covered entities to use and disclose protected health 
information for treatment, payment, healthcare 
operations." 67 Fed. Reg. at 53,211]
        2) HR 4157 sets up a process to study and eliminate all 
stronger state laws protecting medical privacy. Setting up a 
process to eliminate more privacy-protective state laws in 
the absence of a very high national standard set by 
Congress is a mistake. States' rights to determine how best 
to protect citizens must not be eliminated without a strong 
national standard in place.

        These two elements of HR 4157 will create a national 
electronic health system with open access to the nation's medical 
records by over 800,000 private individuals, corporations, and 
government agencies; and eliminate states' rights to retain privacy 
protections stronger than HIPAA. 
        Other aspects of the bill can be negotiated, but privacy rights 
cannot. Privacy must be the lynchpin of any system for storing and 
sharing the nation's medical records.

Consequences of Building a National Health IT System 
Without Privacy 
        Without privacy, HR 4157 will have damaging effects that 
reach far beyond the healthcare system by making electronic 
medical records instantly accessible for business uses that have 
nothing to do with healthcare. Broad dissemination of the nation's 
medical records to hundreds of thousands of covered entities will 
facilitate discrimination against every man, woman, and child. HR 
4157 will enable electronic access to a mother lode of the most 
commercially valuable databases on earth: the nation's medical 
databases.
        Armed with detailed medical records, private businesses and 
government agencies will be tempted to discriminate against 
people based on fears about their future health, rather give them 
opportunities based on their qualifications and abilities. Will we 
get jobs, promotions, or bank loans?
        Our children's opportunities and livelihoods will be more 
severely limited than ours, as opportunities will be denied to them 
earlier in their lives. Will our children and grandchildren get into 
colleges, get jobs, or be able to buy their first homes?  
        As the health care system increasingly becomes the province of 
big business and government, threats to patient privacy will 
increase exponentially. The immense commercial value of 
identifiable medical records explains why corporations and the 
government want unfettered access to everyone's medical records. 
Privacy (the right to control personal health information) is an 
important substantive limit on the power of the government and the 
power of corporations; it limits what they can do.
        HR 4157 without privacy is a prescription for disaster.

Introduction  
        My name is Deborah C. Peel, MD. I have been practicing 
medicine for 32 years. My specialty is adult psychiatry and 
Freudian psychoanalysis. My career as a mental health 
professional put me at ground zero for privacy.
        No one would tell me anything if their treatment could be used 
to harm them. People paid me cash long before managed care or 
computers were invented, in order to assure their privacy. 
        Mental health treatment requires the most stringent privacy 
protections so people will trust mental health professionals with 
their most painful and terrifying thoughts, feelings, and memories. 
Patients need privacy and the trust it engenders to speak freely and 
fully. Mental health professionals need privacy to offer effective 
psychotherapy, just as surgeons need sterile fields to operate.
        I've seen so many people be harmed over the past 32 years 
when their medical or prescription records were disclosed without 
their consent. 
        Without privacy, people will refuse to get treatment and the 
help they need when they are sick. They will lie and omit data, and 
refuse genetic and other tests and treatments that could stigmatize 
them. People will risk worsening illness and even death, rather 
than risk losing their jobs or reputations.
        As a physician, mother, patient, and consumer, I could not 
stand idly by and watch the destruction of our privacy rights.
        No national medical privacy watchdog organization dedicated 
to fighting to save our rights to privacy existed, so I started Patient 
Privacy Rights Foundation about three years ago. Our mission is to 
inform and empower Americans to save their human and civil 
rights to medical privacy.

Consequences: What happens when patients can't control 
access to their medical records

        1) Diane O'Leary (permission was granted to tell her story). 
Ms O'Leary is a journalist by profession, living in NY. She 
developed a rare neurological condition. After the first 
neurologist she sought treatment from did not help her and 
the medications he prescribed made her worse, she stopped 
going to him and sought care elsewhere. But the doctor she 
fired sent her medical records with his opinions to the new 
specialists she consulted, without her knowledge or 
permission. He claimed the HIPAA Privacy Rule gave him 
the right to disclose her medical records. The disclosures 
effectively kept her from getting the correct diagnosis and 
treatment for three years. She was partially disabled and 
can no longer work as a journalist.

        2) Patricia Galvin (permission was granted to tell her story). 
Ms Galvin is a lawyer who was being seen in a sleep 
disorders clinic at Stanford University. She saw a therapist 
in the clinic who repeatedly assured her that the 
handwritten records she kept of their therapy sessions 
would not be entered into Ms Galvin's general medical 
record. But they were. Once her therapy records were 
scanned and placed in her general medical record, Ms 
Galvin could not prevent the records from being repeatedly 
disclosed by the hospital without her permission, because 
HIPAA allows disclosures of medical records for all 
routine uses. Her medical records were sent to her insurer 
and employer, who fired her and because of some errors in 
the records and she also lost her disability coverage for an 
unrelated back injury.


        3) A physician whistleblower wrote Patient Privacy Rights 
about his concerns that the VA's electronic medical records 
system allows anyone with access to the system to see any 
patient's medical records without the patient's knowledge 
or permission (permission was granted to share his story). 
He gave 3 examples of very sensitive records that VA staff 
could view:
         a man had a device inserted into his penis, the 
nursing notes described the time, length, and size of 
his erection
	 a woman suffering from painful intercourse had 
detailed chart notes about the depth and timing of 
her partner's vaginal penetration to remedy her 
symptoms
	 an x-ray technician who took a shoulder x-ray of a 
man had read his mental health notes and asked him 
if he was still suicidal. The man went to the VA 
psychiatrist and fired her and refused further 
treatment 

        4) Parents of children diagnosed with autism expressed 
outrage that the CDC was obtaining their children's 
medical records and school records without notice or 
consent, a use the HIPAA Privacy Rule makes fully legal 
for covered entities. [National Autism Association Press 
Release - 3/1/2006 - CDC Obtains Children's Confidential 
Records Without Parental Consent For Autism Study]

        5) A college student was expelled from GWU because his 
medical records concerning his depression were disclosed 
to the college without his consent. [GWU Suit Prompts 
Questions Of Student Liability; School Barred Depressed 
Student, Washington Post - 3/10/2002] 

        6) Insurers now ask doctors to disclose patients' complete 
medical records, using HIPAA to justify access without 
patient consent:

        Email from Robert Charles Powell, MD, PhD on 3/11/06 to 
a psychiatric listserv (permission was granted to share the 
email for testimony): "Now that HIPAA is attempting to be 
lord of the land, there are more and more requests for "all 
medical records and notes" -- which is an illegal request of 
a psychiatrist under the Illinois Confidentiality Act. I don't 
know how this ultimately will shake out, but it is worth 
noting that the Ohio Supreme Court recently upheld that 
state's confidentiality act -- almost as good as Illinois' -- 
noting (a) that the state act offered the patient more 
protection than HIPAA and therefore should be followed 
plus (b) that the physician had a responsibility to protect the 
patient's privacy regardless of whatever piece of paper the 
patient might have signed [the Illinois act specifies likewise 
that a patient can NOT sign away protected confidentiality 
rights. [Grove v. Northeast Ohio Nephrology Associates 
(Ohio Ct. App., Nos. 22594, 22585, 12/26/2005)]

        7) Wal-Mart:

        Quotes from the Memorandum to Wal-Mart's Board of 
        Directors: 
	 "Redesign benefits and other aspects of the 
Associate experience, such as job design, to attract a 
healthier, more productive workforce."  
	 "The team is also considering additional initiatives 
to support this objective, including: all jobs to 
include some physical activity (e.g., all cashiers do 
some cart gathering)."

        See New York Times story October 26, 2005: Wal-Mart 
Memo Suggests Ways to Cut Employee Benefit Costs, By 
Steven Greenhouse and Michael Barbaro.

        [Supplemental Benefits Documentation, Board of Directors 
Retreat FY06, Wal-Mart Stores, Inc., Reviewing and 
Revising Wal-Mart's Benefits Strategy, Memorandum to 
the Board of Directors, 
http://www.patientprivacyrights.org/site/DocServer/WalMa
rt_memo.pdf?docID=501]

        8) FDIC Notice on Medical Privacy. This example is included 
to show how access to medical records is widespread, far 
beyond the direct uses in the healthcare system. Enough 
medical records were in the hands of banks and financial 
institutions for the FDIC to issue a formal memo on April 
28, 2004. Furthermore, the Gramm-Leach-Bliley Financial 
Services Act permits banks and financial institutions to 
share medical and financial records with all their affiliates 
and non-affiliates without consumer consent.

        The FDIC acknowledges that banks and financial 
institutions have medical records, "section 411 prohibits 
creditors from obtaining or using medical information to 
make credit determinations. Except as permitted by the 
regulators or the FACT Act itself, section 411 treats 
medical information as a credit report when a creditor 
shares it with an affiliate." Further, section 411 states that 
"a creditor may not obtain or use a consumer's medical 
information, as defined in the Act, in connection with a 
determination of a consumer's eligibility, or continued 
eligibility, for credit...section 411 states that when 
affiliates share certain medical information, that 
information will be considered a consumer report under the 
FCRA."

        9) Patients' medical records can be sent around the world 
without their knowledge for transcribing, because under 
HIPAA patients have no right to consent to or even be 
notified of this "routine" practice.  

        See San Francisco Chronicle story by David Lazarus: A 
tough lesson on medical privacy, Pakistani transcriber 
threatens UCSF over back pay   Wednesday, October 22, 
2003 URL: 
sfgate.com/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8
G.DTL  

        10) "Placentas taken, but moms were not told." Susan 
Goldman of the Oregonian reported on Sunday February 
12, 2006, that "as many as 700 afterbirths, many involved 
in difficult deliveries, made their way to a Portland registry, 
records show." Not getting consent to analyze women's 
body parts following births of children with injuries or 
defects is a severe violation of their privacy. 

[http://www.oregonlive.com/search/index.ssf?/base/news/1
139707514288820.xml?oregonian?lctop&coll=7]

        11) Patients can no longer control who can access their 
records, so as our medical records are disclosed over and 
over to people we do not about, our records will be stored 
in many more locations we have no knowledge of, 
exposing us to high risk of identity theft because electronic 
systems are NOT secure.

        See: TechWeb News March 9, 2006, by Gregg Keizer: PIN 
Scandal 'Worst Hack Ever'; Citibank Only The Start "The 
scam has hit national banks like Bank of America, Wells 
Fargo, and Washington Mutual, as well as smaller banks, 
all of which have re-issued debit cards in recent weeks, says 
a Gartner research vice president."  
http://www.informationweek.com/story/showArticle.jhtml?
articleID=181502474 ]

        12) There is no meaningful recourse or right of action under 
HIPAA if your privacy is violated.  You can only complain 
to HHS. The woman caught in an FBI sting operation is 
only the second conviction for a privacy violation since 
HIPAA took effect. The first was a conviction for identity 
theft that was later overturned. The second story from 
TMCNews reported that of the 17,000 complaints of 
privacy violations made to the government, only one 
person was prosecuted. 70% were dismissed because they 
were legally permitted disclosures. Because HIPAA grants 
legal access to over 800,000 individuals, corporations, and 
government agencies, patients have no right or opportunity 
to stop access by any of them.

        See Laredo Morning News - 3/7/2006, Alamo Woman 
Guilty of Selling Medical Information at: 
http://www.patientprivacyrights.org/site/News2?page=New
sArticle&id=5807&news_iv_ctrl=-1

        See also TMCNet News, February 24, 2006 at 
http://www.tmcnet.com/usubmit/2006/02/24/1404832.htm

Don't Confuse Privacy and Security
        It is important not to confuse the privacy with security. 
Security can help protect medical records from illegal users like 
hackers, but it cannot restore or substitute for the right to control 
who can see and use your medical records. The terms are often 
used interchangeably, confusing their different effects on access to 
medical records.
        Privacy means that patients control who can see and use their 
electronic medical records, which means they can exclude any 
individual or corporation from having access to their medical 
information. 
        Security measures such as encryption, firewalls, passwords, 
levels of access, and other physical and technical measures can 
help protect medical records from illegal access by hackers and 
identity thieves. But security measures do nothing to stop the over 
800,000 covered entities that currently have legal access to medical 
records from using them. Strong security measures are not a 
substitute for privacy.

Need for a system of trusted couriers and trusted custodians 
        The health IT system should be designed and engineered to be 
a system of trusted couriers and custodians. It should be structured 
to permit access to medical records only with patient permission 
(emergencies could be specifically excluded). That is how FedEx 
works. We trust FedEx to deliver our packet of information to only 
the person we specify. 
        Instead, in the electronic world, any data broker, data 
warehouse, and any healthcare business that handles, stores or 
processes medical records simply appropriates them for corporate 
use.  If FedEx operated like that-where anyone who happened to 
handle the packet of information could tear it open, make copies, 
and use and sell the data, it would not have any customers. 
        Surely our sensitive health information should not be 
accessible to all covered entities to copy and steal just because they 
happen to be in a business that is connected to the healthcare 
system. 

Conclusions
	 Congress should intervene when private actions have such 
vast public consequences. The failure of Congress to 
intervene and specify the rights patients should have---the 
right to control access to their medical records----will 
undermine significant Constitutional values and impair 
important individual privacy rights. 
	 Congress should set privacy standards, not delegate the task 
to unelected officials with no Congressional or public input 
or oversight.
	 With ironclad privacy standards and patient privacy rights 
in place, patients will be willing to trust and use the 
national electronic health system and the incredible and 
transforming benefits that IT can bring to the healthcare 
system will be fully realized. 

Solutions to Insure the Privacy Of Medical Records In 
Electronic Networks and Systems
	 Patients must control who has access to their personal 
health information over any electronic health networks
	 Allow patients to opt-in and opt-out of health information 
networks
	 Allow patients to segregate their most sensitive medical 
records
	 Require audit trails of all disclosures
	 Require patient notification of all suspected or actual 
privacy and security breaches
	 Deny employer access to employee medical records
	 Allow access to de-identified medical records for research, 
public health, and other legitimate uses
	 Preserve stronger state laws protecting medical privacy
	 Enact criminal penalties for use or possession of medical 
records without permission


Deborah C. Peel, MD
Chairman, Patient Privacy Rights Foundation
Austin, Texas 
512-732-0033
www.patientprivacyrights.org




SUBMISSION FOR THE RECORD BY ADVANCED MEDICAL 
TECHNOLOGY ASSOCIATION

        AdvaMed and its member companies thank the Committee for 
holding this hearing on health information technology (HIT).  HIT 
promises to revolutionize the health care delivery system and 
dramatically effect patient safety, quality of care, and efficiency.  
HIT products and applications are greatly expanding throughout 
vital sectors of the American health care delivery system, including 
clinical operations, decision support, devices, equipment, 
distribution, administrative tasks, and the interface with payers.  As 
a result, HIT is helping to significantly reduce medical errors, 
improve the quality of care, speed paperwork, and reduce 
administrative costs.
        AdvaMed is the world's largest medical technology association 
representing manufacturers of medical devices, diagnostic products 
and medical information systems.  AdvaMed's more than 1,300 
members and subsidiaries manufacture nearly 90 percent of the 
$75 billion of health care technology purchased annually in the 
United States and more than 50 percent of the $175 billion 
purchased annually around the world.  Many of these technologies 
- such as electronic infusion pumps that administer intravenous 
(IV) drugs, verify correct drugs, and check dosages, as well as 
remote physiological monitoring (RPM) technology - save lives 
and improve the quality of life for patients by preventing 
medication errors and managing disease.

The Role of Technology
        Universally interoperable electronic health records (EHR) hold 
great promise in reducing health care costs and improving the 
quality of care delivered to patients.  The Department of Health 
and Human Services (HHS) cites two studies that estimate savings 
from implementing EHRs to be between $78 and $112 billion.  
HIT, however, is expanding far beyond the EHR to include devices 
that are already dramatically improving patient safety, quality of 
care, and health care efficiencies.  Combined, the EHR and these 
other innovative technologies will ultimately play a major role in 
reducing overall health care costs.  Examples of these innovations 
include:
	 Computer-assisted physician order entry devices to increase 
patient safety and health system efficiency;
	 Hand-held Personal Digital Assistants (PDAs) to allow 
doctors making rounds to immediately access each 
patient's complete medical record;
	 Electronic lab results to allow test results to be stored and 
sent to physicians electronically;
	 Electronic prescription orders to allow physicians to send 
prescriptions directly to pharmacists to ensure accurate 
order submissions and allow pharmacists to conduct drug 
interaction reviews; 
	 Infusion pumps to prevent drug overdoses and enable 
hospitals to re-engineer their systems to avoid medical 
errors;
	 Image-guided or computer-assisted surgery (CAS) to allow 
surgeons to more precisely position their instruments for 
less invasive operations and to document procedures;
	 Remote monitoring, telemedicine, and other devices with 
computerized components, such as implantable 
cardioverter-defibrillators (ICDs), to allow heart patients to 
send vital data to their physicians via a secure Internet 
connection, often reducing trips to the doctor; and
	 Picture archiving and communication (PAC) systems to 
store and permit the transmittal of radiological images, 
such as X-rays.



Improving Patient Safety and Quality of Care
        The Institute of Medicine (IOM) estimates that 44,000 to 
98,000 deaths each year result from preventable medical errors in 
hospitals.  Studies have shown that there are errors in 24.9 percent 
of hospital patient records.   An estimate by the Food and Drug 
Administration (FDA), found that as many as 372,000 preventable 
adverse drug events occur each year.   These errors result from 
administering incorrect dosages, errors in filling prescriptions, and 
adverse drug interactions.
        Technologies that support IV drug administration can help 
prevent medication errors using automated dosage limits and 
alerting systems.  Electronic physician ordering systems and data 
management software reduce transcription and dosing errors, 
promote process standardization, increase access to patient specific 
medical information, and reduce laboratory turnaround time.
        For example, a report by the National Academies in 2003 
recommended that health care organizations adopt information 
technology systems capable of collecting and sharing health 
information about patients and their care.  Computerized physician 
order entry (CPOE) devices can link the health care worker with 
the facility's computer system to avert medical errors.  These 
computerized systems can automatically alert the practitioner to 
past drug allergies, potential drug interactions with a patient's 
current medications, and incorrect dosing.
        The Children's Hospital of Pittsburgh (Children's) launched its 
CPOE program, Children's Net, in October 2002.  It helps this 
pediatric hospital with its special challenge with medication errors 
due to their patients' weights, as well as meeting the regulatory 
requirements for compliance to reach certain care benchmarks.  
Children's CPOE system allows doctors to show lab or diagnostic 
test results to parents at the child's bedside, chart functions, and 
graph progress.  Its warning system provides an alert if a dose 
seems out of line, based on predetermined standards, and the 
CPOE has reduced medication errors by 75% and virtually 
eliminated weight related adverse drug events.

Reducing Costs
        By reducing duplicative care, lowering health care 
administration costs, and avoiding care errors, health information 
technology could save approximately $140 billion per year, 
according to HHS.  Studies cited by HHS in its 2004 Health IT 
Strategic Framework Report suggest the use of EHRs can reduce 
laboratory and radiology test ordering by 9 percent to 14 percent, 
lower ancillary test charges by up to 8 percent, reduce hospital 
admissions ($16,000 average cost) by 2 percent, and reduce excess 
medication usage by 11 percent.  Two studies have estimated that 
ambulatory EHRs have the potential to save all payers $78 billion 
to $112 billion annually.  HHS also cites evidence that EHRs have 
the potential to reduce administrative inefficiency and paperwork.
        A 2004 study in Critical Care Medicine found that using 
remote Intensivists (intensive care specialists) to monitor patients 
electronically from a remote location as part of an ICU 
telemedicine program not only improves clinical outcomes, but 
also enhances hospital financial revenues.   Cost savings resulted 
both from a reduction in the average length of stay in the ICUs 
(3.63 days vs. 4.35 days) and from a decrease in daily costs. 
        In addition, picture archiving and communication systems 
(PACS) enable hospitals, imaging centers and multi-site health 
care organizations to manage, store and transmit patient medical 
images such as digital X-ray, MRI and CR images. Combining this 
kind of technology with a digital patient information system 
allowed several Boston-area hospitals to save an estimated $1 
million annually by, in part, reducing the time spent searching for 
files and manually admitting patients. 

Policies to Foster HIT Adoption
        To assure appropriate access to continued innovations in health 
information technologies for patients, AdvaMed believes that 
policies should evolve with the technologies.  We support 
developing incentives that will overcome the barriers to timely 
adoption HIT.  Providers, payers, and medical technology 
manufacturers should all be involved in developing the ways to 
address these issues and enable interoperable and efficient use of 
these technologies to improve the quality of care, patient safety, 
and health outcomes overall.  Specifically, we support the 
following provisions for inclusion in HIT legislation:
        Regulatory Reforms: The implementation of the International 
Classification of Diseases, version 10 (ICD-10) will have an 
impact on the timely adoption of life-saving and life-enhancing 
medical technology.  ICD-10 is the next generation of the coding 
system that will modernize and expand CMS's capacity to keep 
pace with changes in medical practice and technology.  Its unique 
structure will incorporate all new procedures as unique codes that 
would explicitly identify the technology used to perform the 
procedure.  The transition from the currently used ICD-9 system to 
the internationally used ICD-10 system is time-sensitive as the 
number of available codes under ICD-9 is rapidly dwindling.  The 
availability of new codes has been raised in public meetings as a 
potential basis for CMS to deny applications for new codes, and 
this reluctance to issue new codes will hinder appropriate tracking, 
identification, and analysis of new medical services and 
technologies.  
        In 2003, after several years of hearings, the National 
Committee of Vital and Health Statistics (NCVHS) raised concerns 
about the viability of the ICD-9-CM as it was "increasingly unable 
to address the needs for accurate data for health care billing, 
quality assurance, public health reporting, and health services 
research."  NCVHS also noted in 2003 that these concerns have 
been "well documented" in the testimony and letters provided to 
the NCVHS over the past several years.  HHS has yet to begin this 
important transition. 
        Without adoption of ICD-10, it will be difficult to track new 
and emerging public health threats, such as avian flu.  ICD-10 is 
also the key to collecting the information needed to implement a 
proper pay-for-performance system for providers and carry out 
Medicare's road map for the future, which depends on accurate 
data on the effectiveness of treatments.  ICD-10 will also enable 
better patient care through better understanding of the value of new 
procedures, improved disease management, better understanding of 
patients' health care outcomes, and an improved ability to study 
patient outcomes. 
        While concerns have been raised about the cost of 
implementing ICD-10, we note that the 2004 RAND study found 
that the financial benefits of ICD-10 significantly outweigh the 
costs, and the study did not even account for the significant costs 
that will accrue for not adopting the system in a timely fashion.  
Additionally, several cost estimates that have been circulated to 
attempt to dissuade support for ICD-10 are flawed by failing to net 
out costs of the normal upgrading of all payment systems that 
would occur independent of ICD-10.  
        We believe that the long term and ongoing benefits of 
improved measurements of efficiency, complications, resource use, 
and improved accuracy of payments would more than offset the 
one-time or short-term costs of the conversion to ICD-10.
Some existing laws and regulations present barriers to the 
adoption of HIT.  Currently, unless an exception is met, provisions 
of the federal health care program anti-kickback statute prohibit 
the offer or acceptance of anything of value in return for patient or 
item/service referrals.  Likewise, unless an exception is met, the 
physician self-referral law (the "Stark" law) bars hospitals from 
billing for items or services provided by physicians who have 
financial relationships with the hospital.  While an exception to 
Stark has been promulgated by the Centers for Medicare and 
Medicaid Services for community-wide health information 
systems, the exception is not well defined or understood, and a 
much broader, clearer exception is needed.  
        A parallel safe harbor to the federal health care program anti-
kickback statute is also necessary.  These barriers to the 
dissemination of resources (financial, equipment or otherwise), 
such as a hospital financially supporting its referring physicians in 
the acquisition and use of health information technology, must be 
removed.  While the proposed EHR and e-prescribing exceptions 
to both the anti-kickback and Stark laws are an important step in 
the right direction, they do not go far enough to protect the 
adoption of HIT.  
        In addition, AdvaMed is concerned with the impact of an 
increasing array of state and local laws on interoperable health 
systems that resulted from the enactment of the Health Insurance 
Portability and Accountability Act (HIPAA).  Our member 
companies operate in a multi-state, multi-jurisdictional 
environment, and the overlapping multiplicity of these laws makes 
it costly and complex to develop compliant processes and systems 
for protecting confidentiality and securing information.  AdvaMed 
believes that uniform federal standards for privacy, security, and 
technical regulations are critical to achieving a nationwide 
electronic health information exchange, and the lack of uniform 
federal standards should not delay this effort.
        Standards: AdvaMed endorses the FDA's current software 
regulation policies, under which it only regulates software if its 
output directly results in software-directed treatment or diagnosis 
of patients.  We also believe that the FDA's regulation of any 
software associated with medical devices should be risk-based and 
only at the minimum level necessary to protect public health.  
Since the EHR is not a medical device and simply stores data for 
retrieval by a health care professional (EHR algorithms do not 
make diagnostic or treatment decisions), FDA regulation is not 
warranted for EHRs under the FDA's own standards.
        Financial Incentives: Many providers lack the financial ability 
to make the upfront investment needed to install and operate an 
advanced health information technology system.  The federal 
government and other payers should provide financial incentives 
sufficient to spur widespread, rapid adoption of health information 
technology throughout the health care system, including universal 
adoption of EHRs.  "Pay-for-performance" proposals should 
include incentives for adoption and use of HIT.
        Direct Reimbursement:  Reimbursement systems should 
reward new modes of providing services that result in quality 
improvement or cost reduction for patient care.  Remote patient 
management of chronic diseases is one example of a quality-
enhancing technology for which health care practitioners are not 
directly reimbursed under Medicare.  Many Medicare beneficiaries 
living in rural or underserved urban areas are unable to make 
regular visits to their physicians.  As a result, patients with 
treatable chronic diseases such as diabetes, cardiac arrhythmia, and 
heart failure do not receive the care they require to manage their 
conditions.  
        Remote patient management would ensure that Medicare 
beneficiaries would have access to real-time disease management 
services for covered chronic conditions.  Direct reimbursement to 
health care practitioners for utilization of remote patient 
monitoring devices would facilitate use of this technology and lead 
to improved patient outcomes.  AdvaMed also supports providing 
physicians with a quality-of-care incentive bonus for meeting 
specific standards of care for covered chronic diseases.     
        Quality and Safety Studies:  The e-health system should be 
designed to assure that data from the electronic medical record 
would be available, with appropriate privacy protections under 
HIPAA, for studies to improve patient safety, and quality of care.

Conclusion
        Again, we thank the Committee for holding this hearing today.  
HIT holds great promise for improving patient safety, improving 
the quality of medical care, and increasing efficiency.  While EHR 
is one of the many medical devices that can attain this goal, HIT is 
expanding far beyond this and dramatically improving patient 
safety, quality of care, and health care efficiencies.
        Despite the existing and growing body of evidence that HIT 
will improve patient safety, enhance the quality of care, and 
increase efficiency of care provided, many barriers to adoption 
remain.  We urge expeditious implementation by CMS of the ICD-
10 system and federal preemption of HIPAA rules to ensure that 
data may be stored, updated, and transmitted electronically 
anywhere in the United States.  Legislation is needed to address the 
regulatory barriers to HIT adoption, like the federal health care 
program anti-kickback statute and the "Stark" physician self-
referral law.  As clinical and interoperability standards are 
developed by Congress and the private sector, it is paramount that 
the standards are designed to evolve with advancements in 
technologies and that financial incentives are provided to allow 
providers to purchase and maintain the HIT.  

  42 USC 1395nn(h)(1)(C)
  See as just one example Caroline Broder, "Survey: Consumers Concerned About Control, Access 
to Medical Info," Healthcare IT-News, January 18, 2006.
  For example, polling of Americans shows 63% to 75% would not participate in, or are concerned 
about loss of medical privacy in an electronic system.  See work of Professor Alan Westin, February 
23, 2005; California Health Care Foundation, January 2000; and 65 Federal Register 82,466. 
  Testimony of  Joy Pitts, Assistant Research Professor, Georgetown University, July 27, 2005 
before the Ways and Means Health Subcommittee, citing the Rep. Velasquez and former President 
Clinton examples, page 2.  See also Robert Dallek's  An Unfinished Life (p. 261ff) for a description 
of LBJ's efforts to obtain medical information on JFK and how Kennedy avoided certain important 
medical tests so as not to have a medical record.
  As HHS said in the Federal Register, "there is no such thing as a totally secure [electronic 
information] system that carries no risk." 68 Federal Register at 8,346. For very recent examples of 
hacking and intentional misuse of data, see Information Week, March 9, 2006, "PIN Scandal 'Worst 
Hack Ever'; Citibank Only the Start," and The Washington Post, March 14, 2006, Business Section, 
page 2, "Datran Media Settles Probe." 
  Joy Pitts, op. cit., p. 4.
  See letter from National organizations representing consumers, family members, advocates, 
professionals and providers, c/o Peter Newbould, American Psychological Association Practice 
Organization, 750 First Street, NE, Washington, DC 20002.
  Reportedly millions of Americans already forgo sensitive treatments because of privacy concerns. 
65 Federal Register  82,778. 

  Eleven footnote references to sources for statements omitted from quote. For a less scholarly 
description, see "The Drug Pushers, by Carl Elliott, MD, Ph'D in The Atlantic Monthly,  April, 
2006: "After awhile even the most steel-willed doctors may look forward to visits by a [drug] rep, if 
only in the self-interested way that they look forward to the UPS truck pulling up in their driveway. 
A rep at the door means a delivery has arrived: take-out for the staff, trinkets for the kids, and, most 
indispensably, drug samples on the house. Although samples are the single largest marketing 
expense for the drug industry, they pay handsome dividends: doctors who accept samples of a drug 
are far more likely to prescribe that drug later on. Such gifts do not come with an explicit quid pro 
quo, of course. Whatever obligation doctors feel to write scripts for a rep's products usually comes 
from the general sense of reciprocity implied by the ritual of gift-giving."
  This is the comment on anti-kickback proposed rule. Basically identical comments were filed on 
CMS-1303-P, relating to the physician referral proposed rule. 
1 Terri Simmonds. "Using The Trigger Tool to Detect Potential Harm in Medication Management." 
Infusion Safety: Addressing Harm with High-Risk Drug Administration. The ALARISr Center for 
Medication Safety and Clinical Improvement. San Diego, California. 2004, pp 10.
  Steven Tucker. "Analysis of Impact of the Food and Drug Administration's Proposed Bar Code 
Label Requirements for Human Drug Products and Blood." Hospital Pharmacy. 38 (11), Supplement 
1, pp S11.
  Breslow MJ, Rosenfeld BA, Doerfler M, Burke G et al. Effect of a multiple-site intensive care unit 
telemedicine program on clinical and economic outcomes: An alternative paradigm for Intensivist 
staffing. Crit Care Med 2004;32:31-38.
  Networking Health: Prescriptions for the Internet, Institute of Medicine, National Academy of 
Sciences, p. 81, 2000.
