[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]


OPPORTUNITIES AND CHALLENGES IN ADVANCING HEALTH INFORMATION TECHNOLOGY

=======================================================================

                             JOINT HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                         INFORMATION TECHNOLOGY

                                AND THE

                      SUBCOMMITTEE ON HEALTH CARE,
                   BENEFITS AND ADMINISTRATIVE RULES

                                 OF THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 22, 2016

                               __________

                           Serial No. 114-109

                               __________

Printed for the use of the Committee on Oversight and Government Reform



[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                      
                      
                    U.S. GOVERNMENT PUBLISHING OFFICE
23-444 PDF                  WASHINGTON : 2017                    
_______________________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected].  
              
              
              
              
              
              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                     JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida                ELIJAH E. CUMMINGS, Maryland, 
MICHAEL R. TURNER, Ohio                  Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee       CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio                     ELEANOR HOLMES NORTON, District of 
TIM WALBERG, Michigan                    Columbia
JUSTIN AMASH, Michigan               WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona               STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee          JIM COOPER, Tennessee
TREY GOWDY, South Carolina           GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas              MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming           TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky              ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina         BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida                TED LIEU, California
MICK, MULVANEY, South Carolina       BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado                   STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina          MARK DeSAULNIER, California
ROD BLUM, Iowa                       BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia                PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma              MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama

                   Jennifer Hemingway, Staff Director
                 David Rapallo, Minority Staff Director
   Troy Stock, Subcommittee on Information Technology Staff Director
                       Christina Hinkle, Counsel
                           Willie Marx, Clerk
                 Subcommittee on Information Technology

                       WILL HURD, Texas, Chairman
BLAKE FARENTHOLD, Texas, Vice Chair  ROBIN L. KELLY, Illinois, Ranking 
MARK WALKER, North Carolina              Member
ROD BLUM, Iowa                       GERALD E. CONNOLLY, Virginia
PAUL A. GOSAR, Arizona               TAMMY DUCKWORTH, Illinois
                                     TED LIEU, California
                                 
                                 
                            ----------                              

     Subcommittee on Health Care, Benefits and Administrative Rules

                       JIM JORDAN, Ohio, Chairman
TIM WALBERG, Michigan                MATT CARTWRIGHT, Pennsylvania, 
SCOTT DesJARLAIS, Tennessee              Ranking Member
TREY GOWDY, South Carolina           ELEANOR HOLMES NORTON, Distict of 
CYNTHIA M. LUMMIS, Wyoming               Columbia
MARK MEADOWS, North Carolina         BONNIE WATSON COLEMAN, New Jersey
RON DeSANTIS, Florida                MARK DeSAULNIER, California
MICK MULVANEY, South Carolina, Vice  BRENDAN F. BOYLE, Pennsylvania
    Chair                            JIM COOPER, Tennessee
MARK WALKER, North Carolina          MICHELLE LUJAN GRISHAM, New Mexico
JODY B, HICE, Georgia                Vacancy
EARL L. ``BUDDY'' CARTER, Georgia
                            
                            
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on March 22, 2016...................................     1

                               WITNESSES

Karen DeSalvo, M.D., National Coordinator for Health Information 
  Technology, U.S. Department of Health and Human Services
    Oral Statement...............................................     5
    Written Statement............................................     8
Ms. Jessica Rich, Director, Bureau of Consumer Protection, U.S. 
  Federal Trade Commission
    Oral Statement...............................................    13
    Written Statement............................................    15
Mr. Matthew Quinn, Federal Managing Director, Intel Healthcare 
  and Life Sciences
    Oral Statement...............................................    24
    Written Statement............................................    27
Mr. Neil DeCrescenzo, Member, Executive Committee, Healthcare 
  Leadership Council
    Oral Statement...............................................    44
    Written Statement............................................    46
Mr. Mark Savage, Director of Health IT Policy and Programs, 
  National Partnership for Women and Families
    Oral Statement...............................................   126
    Written Statement............................................   128

                                APPENDIX

An April 1, 2016 letter from the National Partnership for Women & 
  Families to Chairman Will Hurd, Chairman Jim Jordan, Ranking 
  Member Robin Kelly, and Ranking Member Matthew Cartwright, 
  Entered by Chairman Will Hurd..................................   152

A December 2014 report from the National Partnership for Women & 
  Families titled, ``Engaging Patients and Families: How 
  Consumers Value and Use Health IT'', Entered by Representative 
  Matt Cartwright. A copy of the report can be found online here: 
  http//www.nationalpartnership.org/research-library/health-care/
  HIT/engaging-patients-and-families.pdf

 
OPPORTUNITIES AND CHALLENGES IN ADVANCING HEALTH INFORMATION TECHNOLOGY

                              ----------                              


                        Tuesday, March 22, 2016

                  House of Representatives,
Subcommittee on Information Technology, joint with 
    the Subcommittee on Health Care, Benefits, and 
                              Administrative Rules,
              Committee on Oversight and Government Reform,
                                                   Washington, D.C.
    The subcommittees met, pursuant to call, at 2:06 p.m., in 
Room 2154, Rayburn House Office Building, Hon. William Hurd 
[chairman of the Subcommittee on Information Technology] 
presiding.
    Present from Subcommittee on Information Technology: 
Representatives Hurd, Walker, Blum, Connolly, and Lieu.
    Present from Subcommittee on Health Care, Benefits, and 
Administrative Rules: Representatives Walberg, Gowdy, DeSantis, 
DeSaulnier, Cartwright, and Lujan Grisham.
    Mr. Hurd. The Subcommittee on Information Technology and 
the Subcommittee on Health Care, Benefits, and Administrative 
Rules will come to order. Without objection, the chair is 
authorized to declare a recess at any time.
    We are expecting votes fairly soon, so I am hoping we can 
get through opening remarks, go do our vote series, and come 
back and finish the hearing.
    Good afternoon. I appreciate your being here today. You all 
know that heart disease is a leading cause of death in the 
United States, according to the CDC. More than 600,000 
Americans die from heart disease each year.
    The American Medical Association recommends walking as the 
simplest positive change you can make to improve your heart 
health. Walking 30 minutes day, or around 10,000 steps, lowers 
blood pressure, improves movement and mobility, and increases 
energy. Simply increasing the number of steps you take per day 
can significantly reduce your risk of coronary heart disease 
and stroke.
    Many of you could glance right now at your smart phones, 
wearables, or other devices and report your number of steps and 
calories burned for the same period of time. For most of us, I 
will bet that number is probably higher than before we had the 
app or device and we were tracking our steps.
    It would not be an extreme exaggeration to say that the 
proliferation of wearable devices and smart phone apps that 
track steps and the accompanying increases in the number of 
steps some people are taking on a daily basis has saved lives.
    This is just one example of the benefits technology has 
brought to health and health care, and we have barely scratched 
the surface. We are on the cusp of being able to use technology 
to truly revolutionize health care and health care delivery.
    Leveraging the power of the cloud will enable us to move 
more health care tasks online, including consultations and data 
storage and retrieval.
    Sensors will make it easier for people to take care of 
themselves before they get sick. Constituents in rural parts of 
Texas 23rd, my district, will be able to speak directly with 
their primary care providers instead of commuting hours each 
way.
    As more devices are connected and more data is generated, 
medicine will become customized and personalized. Preventative 
medicine and healthy living practices will increase, costs will 
decline, and the prevalence of chronic diseases will decrease 
substantially.
    But this will only happen if researchers, hospitals, 
entrepreneurs, regulators, health care professionals, patient 
advocates, and lawmakers come together to update antiquated 
laws and reform outdated institutions.
    Right now, old and unclear privacy laws hinder 
interoperability between health IT systems and devices. Right 
now, the sheer number of Federal agencies, and often 
conflicting rules one must navigate to invest in the space, 
chills investment and entrepreneurship. And right now, a 
fragmented and bureaucratic system places the patient at the 
fringe of the process, rather than at the center.
    In today's hearing, I hope to hear specifically what laws 
or regulations need to be changed or updated, and how they 
should be changed or updated or abandoned.
    Health IT is an exciting, innovative field, but to get this 
right, we must collaborate. We must destroy silos. I am 
committed to doing so. I know my friend and ranking member, Ms. 
Kelly, and Ted Lieu are as well.
    And I want to thank the witnesses for being here today, and 
I look forward to their testimony.
    Now I would like to recognize Mr. Cartwright for his 
opening statement.
    Mr. Cartwright. Thank you, Chairman Hurd. I would like to 
thank you both for calling this hearing so we can hear about 
how the Federal Government and private industry are working 
together, and for your interest and efforts at creating the 
next generation of health information technology.
    I represent largely a rural district in northeastern 
Pennsylvania, and I know quite well how health IT can bring 
affordable medical care to those who might not otherwise be 
able to receive it.
    In fact, that is why I cosponsored the Medicare Telehealth 
Parity Act of 2015, the 21st Century Cures Act, and also the 
TELE-MED Act. Bills like these help medical professionals 
provide patients with the best health care available anywhere 
and at any time.
    But even with the undeniable benefits technology brings, 
patient safety must remain our foremost consideration. 
Technology brings opportunity, but it can also bring unforeseen 
challenges, and I hope we can talk about that a little today.
    As a career courtroom attorney, I have seen too many 
medical malpractice lawsuits where carelessness caused injuries 
and death, and where doctors have made grave and avoidable 
mistakes. Too often these mistakes were due to failures in 
communication that left physicians and nurses without all of 
the patient's information that they needed to complete proper 
assessment and treatment.
    We worry that different computer system standards and 
methods of tracking medical history often mean doctors, nurses, 
lab technicians, and others involved in the treatment process 
cannot get a complete understanding of the illness in front of 
them and the treatment that is needed.
    That is why it is so important that technologies like 
electronic health records, which contain the complete medical 
and treatment history of a patient quickly and efficiently give 
providers insight and a comprehensive view into what is going 
on and all the facts of the case. Standardized, industry-
accepted technologies can make that happen, in my view.
    In the field of health IT, private industry has a critical 
role in the process doing what it does best: drive innovation 
and keep America at the leading edge in medical technology.
    The Federal Government also has a role to play, making sure 
these new technologies meet health care needs without 
compromising patient safety.
    I am looking forward to today's hearing, to the testimony 
of all of you. I am glad that industry and government are 
working together to bring about the kinds of technological 
advances that will improve health care in this country, make it 
safer, and make it more available to people in all corners and 
all pockets of this Nation.
    I thank you again, Chairman Hurd, and I yield back.
    Mr. Hurd. Thank you.
    I am going to hold the record open for 5 legislative days 
for any members who would like to submit a written statement.
    Ranking Member Lieu is here, and if he is ready, we will 
have him give his opening remarks.
    Mr. Lieu from California is recognized for 5 minutes.
    Mr. Lieu. Thank you, Mr. Chairman.
    Thank you to the witnesses who will be presenting today.
    Today, we are here to learn more about how to make the 
primary health technology laws work smarter and better. Laws 
and regulations should be there to protect the public, but done 
incorrectly, they can hinder innovation, and the same holds 
true in the health IT space.
    The Health Insurance Portability and Accountability Act, 
HIPAA, contains provisions to create universal electronic 
medical records and protect patient privacy. The Health 
Information Technology for Economic and Clinical Health, 
HITECH, contains provisions to protect consumer privacy and 
give notice in case of data breach. The Affordable Care Act 
also contains provisions to improve the quality and efficiency 
of patient care with EHRs.
    However, these laws and regulations were enacted before key 
technological advances that we now take for granted. HIPAA was 
passed in 1996 before broad adoption of the mobile revolution. 
HITECH was passed in 2009, before much of cloud computing 
existed.
    Some might suggest that rolling back regulations is the 
answer. While I agree that government regulation is not as 
nimble as technology, we still need some combination of 
regulations and enforceable guidance to protect the public.
    For instance, last month, the IT system at Hollywood 
Presbyterian Hospital in Southern California was held hostage 
by ransomware denying patients and providers access to their 
medical records. The HITECH law has cybersecurity requirements 
that require notifications for data breaches, but the law says 
nothing about notification for data that was frozen or held 
hostage where it is stored.
    I note that today the press reports that two more hospitals 
in Southern California were hit with malware attacks.
    Technology is moving very quickly. Telemedicine and text 
messaging and mobile smart phone exposure requires that HHS and 
FTC keep up with technology changes, update guidance reliably, 
and keep rules and regulations flexible to encourage 
innovation.
    Regulation done wrong or too little regulation makes it 
difficult to protect the public and ensure that data flows 
freely. Regulation done right spurs innovation and improves 
quality of care and protects the public.
    I look forward to hearing from the witnesses today about 
what we can do to encourage innovation and cooperation, and 
continue to bring government health care into a more modern era 
of service.
    With that, I yield back.
    Mr. Hurd. Thank you, Mr. Lieu.
    If Chairman Jordan joins us and is interested in giving 
opening remarks, we will let him do that as he arrives.
    Again, I would like to thank the witnesses. I would like to 
recognize you all now. I am pleased to welcome Dr. Karen 
DeSalvo, national coordinator for health information technology 
at the U.S. Department of Health and Human Services. Thank you 
for being here. Ms. Jessica Rich, director of the Bureau of 
Consumer Protection at the U.S. at the Federal Trade 
Commission; Mr. Matthew Quinn, Federal managing director at 
Intel Healthcare and Life Sciences; Mr. Neil DeCrescenzo, 
member of the executive committee at the Healthcare Leadership 
Council; and Mr. Mark Savage, director of health IT policy and 
programs at the National Partnership for Women and Families.
    Welcome to you all. Pursuant to committee rules, all 
witnesses will be sworn in before you testify.
    Please rise and raise your right hands.
    Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing 
but the truth?
    Thank you. Please be seated.
    Let the record reflect that the witnesses answered in the 
affirmative.
    In order to allow time for discussion, please limit your 
testimony to 5 minutes. Your entire written statement will be 
part of the record.
    We are going to go through as many opening remarks as we 
can before we get called to votes. If the bells go off while 
you are in your remarks, go ahead and continue. We will finish 
after your remarks.
    Now I would like to recognize Ms. DeSalvo for your opening 
remarks.

                       WITNESS STATEMENTS

                STATEMENT OF KAREN DeSALVO, M.D.

    Dr. DeSalvo. Thank you, Chairman Hurd, and Ranking Members 
Lieu and Cartwright, and distinguished members of the 
subcommittees. Thank you all for the opportunity to appear here 
today.
    I am Dr. Karen DeSalvo, and I have the honor of serving as 
the national coordinator for health information technology at 
the U.S. Department of Health and Human Services for the past 2 
years. I'm proud to be here today representing the remarkable 
team at the Office of National Coordinator and share with you 
the current State of health information technology in our 
Nation and how we are working with others to see that these 
systems realize their full potential.
    The Office of the National Coordinator for Health 
Information Technology has a strong, bipartisan history. It was 
established in 2004 by executive order and charged with the 
mission of giving every American access to their electronic 
health information. In 2009, it was statutorily established by 
the Health Information Technology for Economic and Clinical 
Health Act, or HITECH, which provided the resources and 
infrastructure needed to foster the rapid nationwide adoption 
and use of health IT.
    In the 7 years since HITECH was enacted, we have seen 
dramatic progress. Today, nearly all hospitals and more than 
three-quarters of physicians report using a certified 
electronic health record. This tripling in rates of adoption 
puts us as a Nation well ahead of our peer countries, giving us 
a significant competitive advantage in health care innovation 
and scientific advancement. And it is working in so many 
communities across this country.
    But I also note that we haven't realized the full potential 
of health IT for every person in this country.
    And this is not just an abstract policy idea to me. It is 
personal. It is why I came to ONC 2 years ago, because I knew 
as a doctor the promise of health IT, of having information 
available for me when I was on call in the evening not at the 
hospital, such a leap from the days in the early 1990s when I 
was a medical school student at Charity Hospital and had to 
physically go up to a lab and pull a lab slip with handwritten 
results from a wooden box, so that I would understand more 
about my patients and how to care for them.
    Today, that is all available electronically to me and other 
doctors, and not just to us but to our patients, to really see 
that they can be empowered and have the information they need 
to self-care. It is a rapid and remarkable transformation in a 
very short period of time. But the pace has come with 
challenges.
    Like others, I have been frustrated by the lack of 
interoperability, by the usability of the systems, and by how 
hard it can be to select the right system to buy. I hear about 
these challenges from my colleagues whether at listening 
sessions but also from consumers and other stakeholders.
    We all want to move ahead with technology, but we want it 
to work better. That is what I came to Washington to do.
    Since I've been the national coordinator, we have been 
focused on fixing those challenges in an urgent fashion to meet 
the expectations of the people that I serve, the American 
people. ONC does this in a variety of ways.
    For example, we can leverage our electronic health record 
certification program. We also serve as a coordinator across 
the Federal Government to see that agencies have shared policy 
and technology approaches and will send clear signals to the 
private sector.
    We have also worked with the private sector on setting a 
clear path ahead for our nationwide interoperability. This 
roadmap that we produced last year lays out who should do what 
by when to achieve interoperability in the near term to see 
that electronic health information is available when and where 
it matters to consumers and clinicians.
    ONC and others have been meeting our deliverables from this 
plan and are advancing drivers of interoperability like payment 
reform, publishing clear standards, working with States and 
others on harmonizing privacy and security expectations. The 
plan has been publicly endorsed by our Federal partners, by the 
private sector, and we have been so pleased with everyone's 
willingness to step up and lead where appropriate, to see that 
we can innovate and accelerate interoperability. Indeed, 
working with the private sector is how ONC operates.
    As another example, we recently convened stakeholders to 
ask them to make a series of commitments to ensure that 
electronic health information works better for patients and 
providers. It is a really tremendous opportunity for the 
private sector to lead.
    So last month, we were able to announce that companies that 
provide electronic health records for 90 percent of hospitals 
in this country, and health care systems with facilities in 46 
States, including the States for all the members of these two 
subcommittees, and over a dozen professional associations and 
stakeholder groups like the AMA and the American Hospital 
Association, all have agreed to implement three commitments 
that will help make sure health information flows.
    The commitments are that consumers will have access to 
their electronic health information, that entities will not 
engage in health information-blocking, and that we will move to 
federally recognized national standards so that all these 
different systems will speak the same language.
    ONC and our partners in the Federal space and the private 
sector are working together each and every day to see that we 
can move this future vision to an immediate reality. And 
Congress has been one of the great partners in health IT, and I 
look forward to continuing to work with you all to realize the 
full potential of health IT for this country.
    Thank you for having me here today, and I look forward to 
your questions.
    [Prepared statement of Dr. DeSalvo follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Thank you, Dr. DeSalvo.
    Now, Ms. Rich, you are recognized for 5 minutes.

                   STATEMENT OF JESSICA RICH

    Ms. Rich. Chairman Hurd, Ranking Members Lieu and 
Cartwright, and members of the subcommittees, I am Jessica 
Rich, director of the Bureau of Consumer Protection at the 
Federal Trade Commission. I appreciate this opportunity to 
present the commission's testimony.
    Consumers are increasingly taking an active role in 
managing their health data, and there has been an explosion of 
new products and services to help them. These range from 
wearable fitness devices like Fitbit or Jawbone, to dieting 
apps like My Fitness Pal and Calorie Counter, and to Web sites 
like WebMD where consumers can get health advice and 
information.
    These products and services offer enormous benefits to 
consumers, but they raise privacy and security concerns, too. 
Who has access to all of this data? And is it being stored 
securely?
    Much of this activity now happens outside of the doctor's 
office and other traditional health care contexts. As a result, 
it is not protected under HIPAA, which only applies to health 
data held or generated by covered entities, such as health care 
providers and health plans. In most instances, however, this 
activity is covered by the Federal Trade Commission Act, which 
prohibits unfair or deceptive practices across the marketplace, 
including in the area of health privacy.
    As the primary Federal agency charged with protecting 
consumer privacy, the FTC has made it a priority to protect 
consumer-sensitive health information. Our efforts include 
civil law enforcement, policy initiatives, and consumer and 
business education.
    Three recent FTC cases illustrate the challenges we face in 
protecting consumer health data and how the FTC is addressing 
them.
    PaymentsMD is a medical billing company that offered an 
online portal where consumers could pay their bills. The FTC 
charged that the company misled thousands of consumers who 
signed up by failing to tell them that it would also seek their 
highly detailed medical data from pharmacies, medical labs, and 
insurance companies.
    Henry Schein provided office equipment software for dental 
practices. We charged this company with misrepresenting to 
clients that its software provided industry-standard encryption 
of sensitive patient information as required by HIPAA. In fact, 
we alleged the software used a weaker method of data masking 
that didn't meet HIPAA standards.
    A third example is our settlement with GMR, a medical 
transcription service. We charged that GMR assured its clients 
that its services were secure but outsourced them to a third-
party service provider without adequately checking its security 
measures. As a result, consumers found doctors' notes of their 
physical examinations freely available on the Internet.
    Besides enforcement, the commission engages in policy 
initiatives to encourage stronger protection for health 
information. Last year, we hosted a public workshop on consumer 
health data to examine the products and services consumers are 
using to generate and control their data and how this data is 
protected.
    We also released a staff report on the Internet of Things, 
which, among other topics, examined the privacy and security 
issues raised by connected medical devices and health and 
fitness products. Of greatest concern, panelists discussed the 
unique risks if health devices like pacemakers and insulin 
pumps are not secure and are vulnerable to hackers.
    Finally, the commission promotes stronger data protections 
through consumer education and business guidance. For example, 
our new IdentityTheft.gov Web site provides customized advice 
to consumers who have been victims of medical identity theft.
    And last year, the FTC launched its Start with Security 
campaign to educate small businesses around the country about 
how to develop an effective data security program.
    In addition, working with HHS and with FDA, the FTC is 
currently developing business guidance for health app 
developers to help them understand which legal requirements 
apply to them.
    The FTC shares the subcommittees' concerns about the need 
to protect the privacy and security of consumer health data. 
Although we now use a variety of tools to protect consumers in 
this area, additional tools would enhance our ability to do so.
    To this end, the commission reiterates its longstanding 
bipartisan call for Federal data security and breach 
legislation that would allow us to seek civil penalties to 
deter unlawful conduct and give us jurisdiction over nonprofit 
entities.
    In closing, the FTC remains committed to protecting 
consumer health data and looks forward to our continued work 
with Congress on this critical issue. Thanks again for the 
opportunity to provide the commission's views today.
    [Prepared statement of Ms. Rich follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Thank you, Ms. Rich.
    Mr. Quinn, you are recognized now for 5 minutes.

                   STATEMENT OF MATTHEW QUINN

    Mr. Quinn. Good afternoon, Chairman Hurd and other esteemed 
members of the House Oversight and Government Reform Committee. 
Thank you for the opportunity to testify today on behalf of 
Intel Corporation.
    In my written testimony, I provide some tangible examples 
of how Intel is working to make good on the promise of today's 
health technologies and to pave the way toward tomorrow's. 
Today, I would like to frame my comments in the context of 
recent personal experiences.
    Two Fridays ago, I received a call that no one wants. My 
sister in Ohio said that dad had just taken a bad fall. He had 
just left his doctor's office where he was in for a checkup 
after a recent hospitalization.
    Things had gone well, and they stopped by a favorite 
restaurant for breakfast. As my dad climbed the curb, he became 
lightheaded, fell to the ground, and tumbled back into the 
parking lot. As we soon found out, he broke his clavicle, 
pelvis, and deeply cut his elbow.
    To say that my dad is a complex patient would be an 
understatement. He is the poster child for needing all of his 
providers and caregivers to be on the same sheet of music and 
have the whole picture of his health and health care.
    Let's begin by thinking of the constellation of my dad's 
health data. Most familiar are the clinical and claims data 
captured at clinics, hospitals, and the like. Secondly, there 
is diagnostic data captured by medical devices and imaging. 
Adding to this is consumer-generated data. And finally, there 
is 'omics, vast amounts of information in his genome.
    Personal precision medicine in the 21st century will need 
to make sense of all of this.
    The U.S. has made great strides to ensure that each person 
has an electronic health record. Yet the goal of point-of-care 
and personal access to comprehensive health information has not 
yet been achieved.
    There are three recurring barriers that often limit data-
sharing. First, medical institutions using privacy and security 
policies and laws like HIPAA as excuses for why they can't 
share; next, medical professionals lacking easy, affordable 
tools to share data, especially because vendors fail to use or 
consistently implement standards; and finally, payment reforms 
that don't reimburse for new care models like telehealth.
    Back to my dad's experience, when he arrived at the ER, the 
same hospital where he had received his most recent treatment, 
they pieced together his health history, partly from the EHR 
and partly from my parents.
    I fear that if he was brought to a different hospital, it 
would've been basically starting from scratch. There exists a 
local health information exchange, but evidently, this hospital 
and my dad's nephrologist don't participate. My mom is our de 
facto health information exchange.
    My dad would definitely enjoy the kind of secure, 
standards-based data-sharing that Intel's own Connected Care 
program makes available for over 33,000 of its employees. As we 
have shown, it is all quite possible today, just not as 
widespread as it could be.
    We need to think about interoperability in much broader 
terms than merely exchange of electronic health record data. 
That will change as the Internet of Things takes hold and we 
connect smart devices to the Internet in ways that generate 
data that can be turned into valuable insights.
    How would this affect my dad? Well, first of all, it would 
allow him to get some sleep. Because the devices monitoring him 
in the ICU don't talk to each other and his vitals tend to 
bounce around, there are endless, nearly always false alarms.
    What if devices even from different vendors could talk to 
each other? Innovators could create smart alarms from the new 
combined data streams and save countless hours of nursing time, 
countless lives, and just let my dad sleep. The data from all 
the medical devices could automatically feed the EHR, millions 
more nursing hours saved.
    But let's think bigger. What if when my dad was discharged 
that he was outfitted with sensors or an app that constantly 
detected whether his gait was making him prone to falls? Or 
what if instead of having to drive across town to visit his 
doctor, he could do so from his home via telemedicine, and his 
blood and vitals could be automatically analyzed via his home 
dialysis unit? What if his caregivers could track his progress 
in getting back up on his feet as he rehabs?
    I think we have come up with a half-dozen ideas for new 
businesses, but all of this relies on there being a solid 
foundation for the Internet of Things to blossom: security from 
the sensor to the cloud; connectivity, allowing devices to 
communicate their status to the system; data normalization to 
allow devices to speak the same language; and actionable 
analytics.
    So to close, how do we believe Congress can help seize the 
opportunities and overcome the challenges?
    First, sustain momentum toward standards and 
interoperability for today and for tomorrow. As Intel's 
Connected Care program demonstrates, a rigorous standard-based 
approach enables quicker and more rapid efficient deployments 
today. And to rapidly move forward toward the Internet of 
Things, Intel invites active Federal participation in industry-
led initiatives such as the IIC, OCF, ICE alliance, and 
Continua.
    Second, encourage patient engagement by removing obstacles 
for patients to access and share their data. Intel invites 
policymakers to partner with industry to pursue a standardized, 
machine-readable consent form to allow patients to easily 
donate their data to ongoing research.
    And last but not least, continue to push towards value-
based care. We support the HHS goal to move half of care to 
alternative payment models by 2018. When incentives are aligned 
to value-based care, the demand for information-sharing goes 
up. Congress can further drive innovation by providing 
reimbursement for remote patient monitoring and other promising 
technologies.
    Thank you, and I look forward to your questions.
    [Prepared statement of Mr. Quinn follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Mr. Quinn, I appreciate your opening remarks.
    Now Mr. DeCrescenzo is recognized for 5 minutes.

                 STATEMENT OF NEIL DeCRESCENZO

    Mr. DeCrescenzo. Thank you. Mr. Chairman, members of the 
committee, it is a privilege to be here today.
    My name is Neil DeCrescenzo. I am the president and CEO of 
Change Healthcare. Perhaps our name says it all.
    Change Healthcare is headquartered in Nashville, Tennessee, 
provides its services in all 50 States, and has over 50 offices 
nationwide. We are a leading provider of software and 
analytics, network solutions, and technology-enabled services 
that optimize communications, payments, actionable insights 
that enable smarter health care.
    By leveraging our Intelligent Healthcare Network, which is 
one of the largest financial and administrative networks in the 
United States health care system, payers, providers, and 
pharmacies are able to more effectively manage complex 
workflows that support value-based health care.
    While I am proud to represent the nearly 7,000 people of 
Change Healthcare, I am testifying today in my role as a member 
of the executive committee of the Healthcare Leadership 
Council, a coalition of leading companies and organizations 
from virtually every sector of American health care. In that 
role, I would like to share a few thoughts on the role and 
capability of health information technology to transform our 
Nation's health care system for the better.
    As increasingly is the case in most fields, health care 
improvement today is driven by data. If our health care system 
is not improving at the pace any of us would like, this is in 
large part due to barriers standing in the way of access to 
data, the ability to share information, and the utility of this 
information for consumers, providers, payers across the health 
care continuum.
    Our HLC member companies know from firsthand experience 
that data interoperability can strengthen care coordination, 
enabling providers, payers, pharmacists, laboratories, and 
others, to be on the same page when treating a patient. It can 
boost progress toward an outcome-driven, value-based payment 
system to replace the outdated and inefficient fee-for-service 
status quo while also improving our quality measurement 
capabilities.
    With interoperability and access to clinical and claims 
data, we can accelerate medical research and give hospitals and 
physician offices real-time access to comparative effectiveness 
findings. An interoperable system can improve care to rural and 
underserved areas of the country through improved telehealth 
and remote patient monitoring. Wellness and prevention will 
also be enhanced through the better use of patient-generated 
data.
    This future is promising, exciting, and imminently 
obtainable, once we address some of the obstacles standing in 
our way.
    Last year, HLC, under the auspices of its National Dialogue 
for Healthcare Innovation initiative, brought together leaders 
from over 70 organizations representing government, industry, 
patients, employers, and academia. There we built consensus on 
how we can move closer to this desirable data-driven future.
    Last month, we announced the consensus recommendations 
emerging from this effort, a number of which are relevant to 
today's discussion.
    On data interoperability, we believe that a firm date of 
December 31, 2018, should be established by which health 
information is widely shared among electronic health record 
systems nationwide. We have the capability to reach this goal 
in the near term, not a decade from now. Progress toward this 
nationwide data infrastructure should be driven by private 
sector innovation, with emphasis placed on secure data-sharing 
to protect patient privacy, common standards and governance, 
and a ban on data-blocking.
    In addition, we believe that Congress and the 
administration must address physician health referral laws and 
Federal anti-kickback statutes, as well as civil monetary 
penalty laws.
    These fraud and abuse protections were built for a fee-for-
service world, but today, they often stand as barriers to the 
kind of collaboration and information-sharing that is essential 
for value-based health care approaches and for improving 
patient care.
    Another barrier to data-sharing is the multitude of diverse 
and often contradictory Federal and State laws regulating 
health information that exist alongside the Federal HIPAA 
regulations. We believe these national and State privacy laws 
and regulations should be harmonized to facilitate greater 
information-sharing for the benefit of patients while still 
protecting their confidentiality.
    Members of the committee, I would like to close by 
applauding you for conducting this hearing and your focus on 
the issues that can genuinely transform and improve health care 
for every American.
    We can move faster. We can move more collaboratively across 
the spectrum of U.S. health care. And we can help more 
Americans maintain or improve their health better than we do 
today through data, information, and insights.
    We look forward to working with you toward our shared 
goals, and I will be happy to take your questions. Thank you.
    [Prepared statement of Mr. DeCrescenzo follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Thank you, sir.
    Mr. Savage, you are recognized for 5 minutes.

                    STATEMENT OF MARK SAVAGE

    Mr. Savage. Good afternoon, Chairman Hurd, Ranking Members 
Lieu and Cartwright, and distinguished committee members. Thank 
you for the opportunity to testify today.
    I am Mark Savage, director of health IT at the National 
Partnership for Women and Families, a nonprofit, nonpartisan 
organization that for 45 years has worked to improve the lives 
of women and families. We are deeply invested in improving the 
value and experience of health care and ensuring that new 
models of delivery and payment help make consumers partners in 
their care with access to the right care at the right time.
    I am delighted to be able to share today the values, 
experiences, and needs of patients and consumers who are using 
health information technology, such as online access and 
electronic data-sharing with doctors to improve their health 
and care.
    The national partnership leads the Consumer Partnership for 
eHealth coalition and can speak broadly to the great 
opportunities that health IT presents and the obstacles that 
still make it difficult to realize its full potential.
    Health IT is the essential infrastructure for improving 
quality, care coordination, and value in our health care system 
today.
    It is a critical tool for engaging consumers who clearly 
recognize its value, according to a national survey we 
commissioned in 2014. We found that nearly 9 in 10 patients 
with online access to their health information use it. Notably, 
people who use online access frequently are much more likely 
than infrequent users to report that health IT motivates them 
to improve their health.
    Patients recognize that health IT is essential to improving 
their access to care, as well as their access to their health 
information. They know what we know, that health IT helps 
patients and family caregivers communicate with their health 
care providers, share information and manage their care; 
improves patients' knowledge of their health and empowers them 
to take charge of their care plans; allows patients to correct 
errors or outdated information in their medical records, such 
as a missing drug allergy; enables patients to share treatment 
outcomes, such as pain levels, functional status, and whether 
their health improved after the office visit; helps health care 
providers answer questions from patients by secure email and 
provide care with telehealth and see the patients who need the 
most; gives patients more control over how much personal 
medical information is shared and how it is used; and much, 
much more.
    Like electronic access in so many other parts of our lives, 
such as banking and retail, health IT enables real-time access 
to care and information, and provides individuals with the 
convenience and control they need and expect in the 21st 
century. Health IT can also enhance patient trust and the 
privacy and security of patient data through encryption and 
other means.
    The country has seen a rapid increase in health care 
providers' adoption and use of health IT in recent years, but 
much work remains before the potential benefits reach all 
patients. We have an urgent imperative to break down barriers 
and continue the progress.
    First, that begins with removing barriers to health 
information. The national partnership runs the Get My Health 
Data campaign, and, through it, we have learned that many 
patients continue to face astonishing barriers to getting their 
digital health records from their health care providers. We 
need to change that by advancing policies and programs that 
promote patients' online access to and use of their health 
information.
    Second, we need to clarify privacy and security 
requirements for sharing health data, because confusion 
persists about patient access rights. That means, for example, 
adding proactive education initiatives about what HIPAA 
requires and what it does not, and encouraging mobile app 
developers and technology vendors to post their privacy 
policies and data-sharing practices in standardized ways.
    Third, we need to enhance the usability of health 
information so that when patients access their medical data, 
they can understand and use it. For example, innovative apps 
could help patients organize their health information in ways 
that they find most useful.
    And fourth, we need to bridge existing digital divides to 
help identify and reduce disparities in care. That means, for 
example, promoting online access to health information across 
diverse communities, and innovation in mobile apps can help.
    In sum, patients and consumers applaud the progress to date 
and they need more. Patients have a unique vantage point for 
they are at the center of the health care and information-
sharing we are all working to improve.
    Our goal must be to leverage health IT so it helps patients 
become real partners in their care and health. Only if we do 
that will we realize the full promise of health information 
technology. Thank you very much.
    [Prepared statement of Mr. Savage follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Thank you, Mr. Savage.
    We are going to keep going. We are expecting votes in about 
10 to 15 minutes, so we will try to get through as many 
members' questions as we can.
    To kick us off this afternoon is the distinguished 
gentleman from North Carolina, Mr. Walker.
    Mr. Walker. I thank you, Mr. Chairman.
    I appreciate the panel being here today and taking your 
time and being really a valuable resource for us.
    I married into the medical community. My wife is a family 
nurse practitioner at Wake Forest Baptist Medical Health 
Center. Every time I feel like I have, by osmosis, learned more 
medical knowledge, after 23 years, she reminds me that I don't 
really have a good base of understanding.
    But this is something that concerns. I remember even as a 
minister for 2 decades sometimes trying to get information 
about a patient to family members or to others, and trying to 
figure out how we can meet those needs. Sometimes there were 
problems to do that, even good laws.
    I also want to paint a picture here of some friends. I 
recently tagged along with a surgeon there in Moses Cone 
Hospital in Greensboro that has been so burdened with some of 
the software and some of the regulation. It has impacted him 
negatively, as well as other physicians who have talked about 
this.
    So I want to address a couple of these issues. Maybe, Mr. 
DeCrescenzo, if I could start with you, you both mentioned in 
your testimony obstacles. You also mentioned the word 
``barriers.'' Talk to me for just a minute, if you would, about 
what specifically are the obstacles and barriers to getting 
where this needs to go.
    Mr. DeCrescenzo. I think some of the barriers and 
obstacles, Representative, are some of the things that I 
mentioned and some of the other folks here on the panel.
    First of all, there is a lot of activity underway around 
collaboration in the industry, but it is one that we think 
needs to be supported broadly. We have both private sector and 
combined private sector and government initiatives, things like 
the CommonWell Alliance, the Sequoia Project. There are 
technical standards from committees like HL7 that are trying to 
push the ball forward to make these systems talk to themselves, 
to each other, a lot more adeptly and easily than they have 
historically.
    I think support for that, as exhibited by the ONC report 
that came out last year, to push us down a roadmap where those 
efforts can be channeled into a way that they ultimately come 
to a harmonized approach between the State regulations and laws 
and standards, Federal, State, Federal laws, regulations, and 
standards, and private sector initiative, really is one of the 
ways that we can make the most against some of the obstacles 
and barriers that exist today where the systems don't have 
those standards to make it easier for them to talk to one 
another.
    Mr. Walker. Thank you for responding to that. Are you 
familiar with the Press Ganey scores?
    Mr. DeCrescenzo. The patient satisfaction scores.
    Mr. Walker. Exactly right. I want to make sure that we are 
also being an advocate for the health care providers, that we 
don't put these guys in a bind. In fact, earlier this morning, 
we had a very passionate hearing--compassionate, I should say 
as well--as far as the heroin and opioids. And we know 
sometimes patients can be very manipulative in this process.
    Can you take a moment, Dr. DeSalvo, and speak to that to 
make sure, as we move forward with this, we are not putting our 
providers in a more vulnerable position?
    Dr. DeSalvo. Thank you for the question, Congressman.
    As a doctor, I know full well the challenges of making sure 
that you are being compassionate but also being evidence-based 
in the practice of medicine.
    I wanted to touch on the patient access piece, because you 
mentioned it, and it is so critically important. The electronic 
health information is theirs. They have the right to access it. 
And we have worked with the private sector to see that we are 
creating innovative ways that they have more ready access to 
that information, so they can make their own care decisions, 
but also it can be available in the care setting.
    As an example, just in the last few months, working with 
the Office of Civil Rights, who has the primary responsibility 
for HIPAA access, put out some guidance directed at consumers, 
so that they would know what they have the right to access. 
This is a common refrain that we hear from consumers but also 
from docs who want to make sure that the information is getting 
out.
    In the space of opioids, as an example, we certainly want 
to make sure that we are doing everything to support clinicians 
on the frontlines.
    My husband is an emergency medicine doctor, so this is a 
very everyday occurrence for him. The tools like PDMPs, the 
prescription drug monitoring programs that are electronic in 
many States and have really made it easier for us to access 
information to make sure that we are appropriately giving 
opioids to people who have pain, are needed, but also trying to 
help folks stay out of trouble.
    We have been working with SAMHSA and with States and with 
the industry to see that those become more aligned within 
electronic health records, so you don't have to go to another 
place and sign on. That's an added burden.
    Mr. Walker. Before my time expires, let me also look at 
this. Health care certainly is very important as we move 
forward in having the right perspective. As a Member of 
Congress, we also have a financial fiscal responsibility as 
well. We spend more than $2,000 per patient than any other 
country in the world.
    Can we make a case out of this that is something that can 
drive us to be more health care cost conscience as well?
    Mr. Quinn or Ms. Rich, would one of you like to address 
that?
    Mr. Quinn. I will use as an example Intel's Connected Care 
program. Where Intel, as a large purchaser of health care on 
behalf of its 53,000 employees in the U.S., said how can we 
make our employees the healthiest in the country, retain them, 
and also try to save some money doing it?
    We have been very successful in the first two. The third 
has been more challenging, although there has been a great 
progress there.
    The key to it, I would say, and this is also the key 
potentially for driving data-sharing and information-sharing in 
our broader health care system, is focusing on value-based 
care, rather than fee-for-service. That was the engine that 
drove this, and we have seen a massive amount of actual use of 
this health information exchange because, of course, the 
technical pieces are there with the Sequoia Project and 
building this, but also the incentives for using it are there 
for the health care providers.
    Mr. Walker. Thank you, Mr. Quinn.
    I yield back, Mr. Chairman.
    Mr. Hurd. The plan is to go to Mr. Connolly, and then we 
will go into recess to get to votes.
    I now recognize the gentleman from Virginia, Mr. Connolly, 
for 5 minutes.
    Mr. Connolly. I thank the chair.
    And I thank Mr. Lieu and Mr. Cartwright for their gracious 
consideration. Thank you so much. I have seven hearings in a 
day and half, so I'm running back and forth.
    Mr. Quinn, thank you for sharing your story. Boy, could I 
relate to that. Both of my parents are in their 80s, and I have 
witnessed scenes where one is in the hospital in the emergency 
room, and the other one is being asked to give the history, the 
medical history. I'm thinking, what could go wrong with this 
scenario? Thank God they are both alert and have mental acuity, 
but you know, memory sometimes fails us in moments of stress.
    It is hardly an ideal system, and surely technology exists 
that would allow us to have a comprehensive picture of the 
patient in question without relying on human memory and such.
    So I really related to what you had to say, and I hope your 
dad is doing well.
    Dr. DeSalvo, picking up on Mr. Quinn's narrative, according 
to HHS's 2016 report to Congress on the adoption of health IT, 
your agency found that 97 percent of hospitals and 74 percent 
of physicians possessed a certified electronic health record 
system. But only 76 percent of hospitals and 42 percent of 
physicians with electronic health record systems were sharing 
the information for the coordination of care. Why that big gap?
    Dr. DeSalvo. Well, thank you for the question. I certainly 
identified with Mr. Quinn also, both as a doctor who takes care 
of those kinds of patients but also because of family members 
as well. So as I said in my opening, it is pretty personal to 
all of us to see that the data is moving.
    The good news story in the data that you present is that, 
over the course of the last many years, we have dramatically 
increased not just adoption but the opportunity to move and 
share data. So those are snapshot numbers. But if you look back 
at the trajectory, every year it improves both for doctor 
offices and hospitals. We are not where we want to be yet, but 
we are making progress.
    There are areas like the national capital region where 
health information exchanges like CRISP make that data 
available, such that if somebody arrives in an emergency room, 
their primary care doc will get a ping and be able to have the 
opportunity to send that med list or problem list, so that we 
will actually know more about the person in the ER.
    There are even more exciting advances happening, like in 
Mississippi, where the State of Mississippi has been working 
with local vendors to see that all of long-term data from their 
Medicaid program is available to the doctors in the University 
of Mississippi Medical Center, so that when somebody arrives, 
you have a picture like you mentioned.
    Mr. Connolly. You mentioned CRISP, but doesn't that require 
a voluntary decision to participate?
    Dr. DeSalvo. You are touching on the challenge that has 
emerged since we have been adopting electronic health records 
and moving to a digitized system, and that is that State laws 
vary, and so there is a need to harmonize that.
    Mr. Connolly. Right. That is a particular challenge here in 
the national capital region, since we have three jurisdictions 
with three different political cultures and sets of laws and so 
forth.
    I have actually encountered that, where Maryland has one 
set of standards on this kind of communication and Virginia has 
another, and we are not always talking, which what could go 
wrong with that for someone's health? I mean, you could 
jeopardize someone's health without intending to.
    Now, do we need, from your point of view, and I welcome Ms. 
Rich as well, or anyone else, but is this a case where, 
frankly, we do need to look at some Federal legislation?
    We regulate blood supply for safety. Well, electronic 
recordkeeping is not just a nice thing to have. In the digital 
age, it may be very critical to someone's health and the care 
they get, especially in an emergent situation.
    Dr. DeSalvo. In the short run, we have been working, the 
Office of National Coordinator, with the National Governors 
Association on developing a toolkit so States themselves can 
harmonize their privacy expectations, so that won't be an 
unnatural impediment to information flow.
    Over the long term, clearly, the health IT landscape has 
changed a lot since HITECH was passed in 2009. We were on iOS 3 
then and now we are up to 6, just as one example. But apps and 
cloud computing have really evolved.
    So we certainly are leveraging all the opportunities that 
we have at ONC and our partners, the Office of Civil Rights and 
other agencies, to see that we are protecting consumers and 
that data is going to flow. But there are areas where we know 
that there may be some opportunity, like information-blocking, 
where we would need some additional support.
    Mr. Connolly. Thank you so much for this fascinating 
conversation.
    Again, Mr. Chairman, thank you.
    Mr. Hurd. Sure.
    Votes have been called. The committee stands in recess 
until immediately following votes.
    [Recess.]
    Mr. Hurd. The Committee on Oversight and Government Reform 
Subcommittees on Information Technology and Health Care, 
Benefits, and Administrative Rules will get started again.
    I appreciate our witnesses' and guests' patience as we went 
to go vote. We shouldn't be interrupted.
    To get us restarted is my friend from California, Mr. Lieu. 
You are recognized for 5 minutes.
    Mr. Lieu. Thank you, Mr. Chair.
    Dr. DeSalvo, in your opening statement, you mentioned data-
blocking. Can you explain what that is and how it works?
    Dr. DeSalvo. Yes, certainly, Mr. Lieu. Thank you for the 
question.
    Congress asked us to provide a report on health 
information-blocking, which we did last April. We thank you for 
that, because it generated a national conversation and set into 
motion some actions that we have been taking in partnership, 
for example, with the Office of Inspector General, also with 
the Office of Civil Rights, to see that we unblock data that 
has been collected in electronic health records.
    This is a new challenge we wouldn't have had years ago when 
we did not have a digitized system. It has emerged since 2009 
when the HITECH Act put ONC and our authorities into place.
    An example of it would be that I'm in a health system and 
my patient records have been collected or digitized, and a 
patient ends up in the emergency room at another hospital 
across the street, and for whatever reason I'm not sure I can 
share it, because I don't understand HIPAA, or maybe I don't 
have a business associate degree that I think you need to have 
to share data. And so when that patient shows up across the 
street literally, the data is not moving. And it is just 
because of a lack of understanding.
    So that would be sort of an unknowing example. And by 
educating about HIPAA, which is something we have been actively 
doing, we hope to unblock that sort of data.
    Sometimes it is more around business practices. People want 
to hold onto patients or hold onto data and don't share it.
    So we have asked and gotten pledges from the health IT 
industry to say they won't block data. Now we are acting on 
making sure that we can put some teeth to it.
    But if I may, Congressman, it is an area where, since 2009, 
the world has really evolved. That is why in our budget 
request, we did put forward a proposal asking for some more 
opportunities for us to be able to address blocking, and to see 
that, where data could move, that it would.
    We really welcome the chance to talk with you more about 
the ways that we think we could have more opportunities to 
address it.
    Mr. Lieu. Just so I understand, sometimes you have data-
blocking because the doctor or hospital may not have 
interpreted HIPAA correctly. Are there times where, in your 
opinion, they are intentionally doing it to gain a competitive 
advantage?
    Dr. DeSalvo. We certainly heard plenty of reports about the 
use of it to gain a competitive advantage.
    Mr. Lieu. What about vendors? Do vendors sometimes do that 
as well?
    Dr. DeSalvo. Occasionally. The way that will occur with 
vendors is they will require added fees, unexpected fees, to 
create the interfaces, and that is a form of lack of 
transparency but can also be a form of blocking.
    Mr. Lieu. And in the HITECH law, do you believe there are 
gaps that could address this? What can this committee or 
Congress do to help on data-blocking?
    Dr. DeSalvo. Yes, sir.
    What we have asked for as part of our budget request are 
some additional opportunities around defining it and giving us 
an opportunity to require that vendors, for example, can't use 
gag clauses to prevent providers from talking about some of the 
contractual elements. Those are just a couple of the examples 
that we've asked for.
    So, yes, we do believe that, since the world has evolved, 
there is a new need for us to have some additional 
opportunities to protect the people who are using the systems 
and, more importantly, to protect the data of the consumers.
    Mr. Lieu. Let me switch to cybersecurity.
    Hollywood Presbyterian Hospital in Southern California had 
been attacked with malware. They had to give a ransom to get 
their data essentially unencrypted, unblocked. Two more 
hospitals, it was disclosed, were recently attacked in Southern 
California.
    What do you think we can do to help prevent those attacks?
    And my understanding is that it is the Office of Civil 
Rights that does cybersecurity?
    Dr. DeSalvo. That's correct.
    Mr. Lieu. And do you think that would be the appropriate 
office or not?
    Dr. DeSalvo. The Office of Civil Rights does have the 
primary responsibility for privacy and security, and for 
security breach investigations. We work with them in a variety 
of ways to see that we are educating providers, clinicians, and 
others to make sure that the functionalities, the capabilities 
in electronic health records that we require to keep the data 
secure, are actually used in the field.
    We all know that there is a mix of both physical and 
cybersecurity expectations, so tools like our security risk 
assessment tool is a way that we educate providers to know in a 
simple way how they can protect the data that is in there. So 
there are some opportunities that we leverage, but we work 
largely in partnership with the Office of Civil Rights.
    Mr. Lieu. And does that office have a team of computer 
folks that deal with cybersecurity issues?
    Dr. DeSalvo. It is very tight partnership. They certainly 
have experts in the area of HIPAA and cybersecurity and 
privacy, and we work very hand in hand with them.
    We, for example, recently released some additional guidance 
for providers but also for consumers about access and security, 
and have posted a series of joint blogs to make sure there is a 
shared understanding of what security expectations there are.
    You all, for example, asked the department to put together 
a cybersecurity task force, and we have been working along with 
others across the department to see that we put together that 
task force. It just met for the first time last week, so we 
thank you guys for raising that issue.
    Mr. Lieu. Thank you. I yield back.
    Mr. Hurd. I would like to pick up where Mr. Lieu left off. 
So in OCR, they have lawyers so they understand HIPAA. Do they 
have technical folks that can actually help with a breach or 
the next ransomware attack?
    Dr. DeSalvo. Congressman, I would not want to speak 
specifically to the skill sets of their staff. What I can share 
with you is that the Office of the National Coordinator, which 
has technical staff, partners very tightly with the Office of 
Civil Rights, just like we do with other agencies, to make sure 
that we are bringing that talent to the table if it is 
necessary.
    Part of this task force as an example, which is with the 
private sector, is to bring together the best minds in 
cybersecurity and to work with not only ONC but OCR to see that 
we are helping to advance the health care marketplace to adjust 
to any new changes they need to in cybersecurity.
    Mr. Hurd. Ms. Rich, why is there so much confusion around 
HIPAA?
    Ms. Rich. I can't speak to why there is confusion around 
HIPAA, but I do know that there are many entities that are 
outside of HIPAA that are under our jurisdiction, and that 
includes all the health apps and the Web sites that take in 
consumer-generated information, and that consumers may be 
confused about whether there is a regulation that protects 
their privacy in those areas, which is one of the reasons why 
we think there ought to be a regulation that protects the 
privacy and data security for the information collected by 
those entities directly from consumers.
    Mr. Hurd. Does FDA have responsibility in some type of 
regulation in this space?
    Ms. Rich. The FDA regulates medical devices, and that 
includes some health apps. But generally, they are looking at 
safety issues surrounding whether the app does what it says it 
does. The privacy and data security issues of such entities is 
generally in our care. And we have been working in this area 
for over 15 years, and we have an extensive program to look at 
the data security of these entities and take action--well, 
educate them to start with and then also take action in 
appropriate instances.
    Mr. Hurd. So if it is a HIPAA violation, that is OCR's 
jurisdiction. If it is generally something else, it may be you, 
it may be FDA, it may be SAMHSA, or the PPACA. There are so 
many of these different regulatory bodies, and my fear is that 
it is hurting innovation. It is hurting the proverbial two guys 
or two gals in a garage from creating something that can change 
the way that we deliver health care.
    Ms. Rich, I will get back to you on another question.
    I wanted to ask Messrs. Quinn, DeCrescenzo, and Savage, and 
then, Ms. DeSalvo, you answer after them, meaningful use, this 
is a term that I have been hearing a lot over the last 16 
months that I have been in Congress and how it was originally 
designed to kind of spur companies from participating in EHR 
programs. But what I am hearing is that it is actually getting 
in the way of innovation.
    I would like for you three gentlemen to comment on your 
opinions on meaningful use. And, Ms. DeSalvo, I will let you be 
the cleanup batter.
    Mr. Quinn?
    Mr. Quinn. So meaningful use was quite successful in 
driving adoption of electronic health records. Without 
meaningful use, we wouldn't have the rates of adoption today 
that we see.
    As is the case with my dad's example, that each individual 
health care organization has an electronic health record and 
may be beginning to exchange data doesn't mean that the net 
result of it is the coordinated care, the shared health 
information, that we all need. And the prescriptiveness of this 
led some vendors and health care organizations to play to the 
test.
    What we need is to think ahead about the next generation of 
technology that is needed to embrace, for example, the Internet 
of Things, consumer-generated health data, the data that is 
being unearthed with the genome, and these other sources, and 
incorporate them into this so that we are not just thinking 
about this program as an end unto itself, but as an enabler of 
new technologies, new care models, et cetera.
    Mr. Hurd. Thank you.
    Mr. DeCrescenzo. Thank you, Mr. Chairman. I would certainly 
second Mr. Quinn's opinion that meaningful use as it has been 
affected in the last few years to dramatically increase use of 
the EHRs, as Dr. DeSalvo mentioned earlier, in addition to some 
of the new technologies that you mentioned, need now to be 
considered, and also suggest that over the last 4 or 5 years 
under meaningful use, we have learned a lot about how 
technology is used and what are some of the other process and 
incentive issues, including things like reimbursement 
mechanisms that may or may not incent further use of electronic 
medical records and other types of electronic digitization of 
health information in a sharing around that.
    So going forward, we believe that we need to be thoughtful 
about what we have learned over the last 4 or 5 years, as we 
look at additional regulation or requirements for expanding the 
use of electronic medical records and allied technologies.
    Mr. Hurd. Mr. Savage?
    Mr. Savage. We agree that the meaningful use program has 
been a major catalyst for improved adoption and use of health 
IT. Patients have been seeing a lot of the benefit of that. As 
I said in my testimony, there are still obstacles to overcome, 
and more needs to be done.
    But with the meaningful use program in our surveys, we saw 
a doubling of online access from 2011 to 2014, from 26 percent 
of patients with online access to 50 percent.
    We see them using it for the kinds of things that are 
really critical for delivery system reform that is coming. So 
the access is important, but the meaningful use program is also 
in 2017 to 2018 to provide much more robust functions around 
patients sharing data with their providers, nonclinical data 
that is nonetheless relevant to care, better correction of 
errors, wearables, remote monitoring. And it will, indeed, 
stimulate the kind of innovation that we are all looking for.
    The version that is coming up also has APIs. We have tech 
developers who are writing apps for using those APIs.
    So important catalyst. Critical things are coming for 
patients and family caregivers to help them with their care 
planning.
    Dr. DeSalvo. Thanks to these folks, I'm just going to talk 
about going forward, because the health IT landscape and health 
care has absolutely been changing and evolving. We are looking 
to go forward after listening to providers, after seeing where 
the health IT landscape is, to take the opportunity that was 
made from the doc fix or the MACRA legislation and make this 
program going forward more flexible, much more focused on 
clinical outcomes and on interoperability.
    Mr. Hurd. Thank you.
    Mr. Cartwright, you are recognized for 5 minutes.
    Mr. Cartwright. Thank you, Chairman Hurd.
    I want to follow up that discussion with Mr. Savage a 
little bit. I think a cornerstone of the health IT field are 
the electronic health records, the digital version of a 
patient's paper chart containing not just the patient's current 
condition but also his or her medical history.
    I have here, it looks like a Harris poll that NPWF 
commissioned. Is that correct, Mr. Savage?
    Mr. Savage. That is correct.
    Mr. Cartwright. So this is entitled, ``Engaging Patients 
and Families: How Consumers Value and Use Health IT.''
    I will ask that this be made a part of the record, Mr. 
Chairman.
    Mr. Hurd. So moved.
    Mr. Cartwright. It is a result of the Harris poll. I cannot 
imagine how long this poll went, Mr. Savage, but it's pretty 
hefty.
    It was done in the spring of 2014, correct?
    Mr. Savage. Correct.
    Mr. Cartwright. Toward the end of it, there is a global 
summary. And it showed that more than 50 percent of patients 
want the ability to review their treatment plans, right?
    Mr. Savage. Correct.
    Mr. Cartwright. And that nearly 60 percent wanted to see 
their doctors' notes, and that fully 75 percent of patients 
wanted access to their test results electronically.
    Have I got that correct, Mr. Savage?
    Mr. Savage. Yes, we found great interest in all of those.
    Mr. Cartwright. So that is the sort of information that 
would be available in an electronic health record, correct?
    Mr. Savage. Yes.
    Mr. Cartwright. Okay. Is it easy for patients to get access 
to their electronic health records right now?
    Mr. Savage. The survey that you are referencing does 
identify increased numbers of access, doubling from 26 percent 
to 50 percent. For those who have it, it has become easier, but 
the national partnership has also done work with the Get My 
Health Data campaign, which has found that there are also 
people without the access that they need and that there are 
some barriers.
    So I can either talk about on the survey side, or I can 
share with you some of the barriers we found with the Get My 
Health Data side.
    Mr. Cartwright. The barriers I'm interested in.
    Mr. Savage. We have tracers, volunteers who report to us 
their experience with trying to get data, and everybody's story 
is unique. But we do find some commonalities among those 
stories.
    So some of the significant barriers are a very complex, 
time-consuming process in order to get access. So you and I, in 
order to get access to our banking records, we just go down to 
an ATM or access it through the Internet. That is not a time-
consuming process, for the norm.
    But for access to health records, yes, it has been very 
time-consuming for these individuals.
    Records provided in a format that is not useful. You may 
ask for it in an electronic format. You get a piece of paper by 
snail mail.
    Misunderstanding of what patient's rights to access are.
    And perhaps one of the things that we've discovered most 
recently is the use of unreasonable fees in order to--before 
you can get access to your records. That may take the form of 
you have asked for your information and, sure, here's the copy 
and here's the bill, and it is a bill that you never expected. 
Surprise. Or you are charged a per page fee when it is an 
electronic record.
    So there's actually been--the Get My Health Data campaign 
has recommended that there be some comprehensive education 
initiatives to try to help providers and patients alike 
understand the requirements better.
    And the OCR guidance that recently came out provides some 
examples of the kind of innovative education efforts that we 
really do need to see.
    Mr. Cartwright. Dr. DeSalvo, pick up from there. What kind 
of examples?
    Dr. DeSalvo. So consumers have more access to their 
information than they did previously, though it is not where we 
think it needs to be. And as Mr. Savage mentioned in his 
earlier comments, we have been pushing through the meaningful 
use program and through other ways to get increased consumer 
access.
    We, in fact, just put out a challenge grant through the 
Office of National Coordinator calling on the private sector to 
take advantage of this API expectation that we put in 
electronic health records to create very consumer-friendly apps 
that would be on a smart phone and allow somebody, any patient, 
to be able to access their health information and have more 
opportunity to control it. So we are really excited to see what 
the private sector is going to develop in the next few months 
to make it easier to get more access.
    The kinds of examples that get in the way of that, 
technology certainly Mr. Savage mentioned, but they are 
sometimes just a misunderstanding of HIPAA. The Congressman had 
asked earlier why doctors don't understand HIPAA, and part of 
it is we are not really well-trained in it in medical school.
    This is, I think, a really important opportunity that the 
medical education field has along the way to see that we 
understand what HIPAA is and is not, and do not let it get in 
the way. Also, the way sometimes it is enacted gets in the way 
of consumers having access to their information.
    It is, in essence, a form of blocking.
    So, again, back to this comment of, the world has really 
evolved and now there is data to be free, data to move. And the 
primary concern is to see that it is there for that clinical 
moment when you need it.
    There are also many other important uses, so we are 
leveraging all the tools we have, whether that is education or 
clarity on rules and regs, but there's probably also some 
additional needed attention and maybe some additional support 
to see that blocking is never a reason that people do not get 
their data.
    Mr. Cartwright. So last question, my sense of it is that 
the better access patients have to their medical records, the 
better we all are in terms of patient safety.
    Does anybody disagree with that? Let the record reflect 
they are all shaking their head no, Mr. Chairman, and I yield 
back.
    Mr. Hurd. Thank you, sir.
    I would now like to recognize Ms. Lujan Grisham for 5 
minutes.
    Ms. Lujan Grisham. Thank you, Mr. Chairman. I think I 
probably want to take off from where my colleague was leading 
you all, Mr. Cartwright.
    I actually think in addition to the blocking and 
misunderstanding that we have seen two principles in HIPAA be 
determined--and as an attorney, I feel bad about this--but sort 
of a legal opinion that you have two mutually exclusive 
premises. One, patient protection, and the other would be the 
portability of that information, and they err on the side they 
are absolutely in their minds mutually exclusive, so they go to 
privacy.
    I just had this happen with a very large, very recently, 
health care provider who argued with me--and HIPAA, I spent a 
lot of time dealing with HIPAA, so it wasn't--I won, because 
the CEO of the health care company refused to provide the 
patient information from provider to provider.
    Actually, I was trying to do them a favor, right? I have 
labs that are 45 days out. I get a patient who calls my office 
as a constituent and says I have to have them because my 
specialist can't do what they need to do without the records 
from this other provider. I said, let me just call, because I 
know I don't need really anything else, provider to provider, 
just do it. And basically I'm helping you, because God forbid 
we find something in those labs that indicate to your lawyers 
that you have a real liability.
    And then second, they wouldn't do it, because HIPAA 
prevents that, as you all know it absolutely does not. For the 
audience, it does not prevent that. It explicitly provides for 
that.
    Then in addition, to make it easy for them, I was willing 
to get the patient on the phone, with plenty of patient 
identifiers. And HIPAA, according to this provider, also 
explicitly prohibits not having someone where you have really 
restrictive proof that that is the patient. I said that is 
nowhere in there. That is your own system, which gets to that 
it is proprietary, it is not interoperable, and that while we 
are to doing I think great strides to make this information 
available, that unless we deal with that, you can't really 
create a patient record.
    I have to have apps for, right now, let's see, I'm old, 
that would work with about 47 different providers. Now that I 
am lucky enough to have this job, I have to have to add all the 
providers that are in D.C. that I guarantee you do not speak to 
any of my providers in Albuquerque.
    So that was a typical-for-me, long-winded statement that 
our intentions here and meaningful use and all the incentives 
and including many of the accountability mechanisms really 
haven't gotten us to what we really want, which is very 
effective patient records, because if we want patients to be 
part of problem-solving, and you do. If I get access to my 
record, I find all kinds of stuff that my docs didn't see 
because they are busy. I feel bad about that. I love them. They 
are my docs, so I really like them, or my practitioners.
    But they do not have the time to search through stuff, 
which is why every time you go, they have to do a whole new 
history because they have to ask me, because it is much faster. 
But what happens when about 20 years from now, I can't remember 
for a whole variety of reasons?
    So what additional incentives can we use? And you sort of 
floated around many, right?
    But I also want a milestone check, because I have also been 
working on telehealth for more than 2 decades. Quite frankly, 
the reimbursement issues and the other barriers really simply 
have not made it available in the places where the technology, 
not only in juxtaposition to physician consultations or 
physician-to-patient consultations, but now you have the 
ability to do incredible online diagnostics. And yet, we aren't 
really doing it.
    So what are some really great milestones and mechanisms 
that this committee can help you achieve, to that end?
    Anyone? All of you? Everyone?
    Ms. Rich. I would just like to comment that I do think an 
obstacle to uptake on the part of consumers is concern about 
privacy, an obstacle to uptake of use of electronic records.
    Regardless of what a lot of consumers think about privacy 
in other contexts, we do know that they care a lot about 
privacy when it comes to their health records, which can reveal 
truly personal information. So from the perspective of somebody 
that is talking about privacy, we would like to see stronger 
protections that make sense. Yes, it is a balance. Stronger 
protections for data ----
    Ms. Lujan Grisham. Where do you see the balance? And nobody 
I think on this committee is making any sort of statement that 
we should reduce privacy protections. But when they become an 
obstacle--that does not diminish the protection of privacy, we 
have a really big problem here.
    I gave you one illustration. There are many. But what is a 
milestone to not diminish the protections that we are all 
interested in, but to get us to real patient records, serious 
interoperability, not just provider to provider because of 
proprietary, but as you mentioned in an earlier meeting, within 
our hospital equipment, which creates huge patient outcome 
issues, that is not a privacy issue, and gets us to telehealth, 
all the different kinds of things I know that you all are 
promoting?
    I don't know if the chairman is going to let me keep going. 
What a good guy.
    Mr. Hurd. Mr. Quinn can answer that question.
    Mr. Quinn. I would say a wonderful milestone is getting to 
50 percent alternate payment models by 2018, as HHS has 
proposed, and that Intel, eating our own dog food or, as my 
colleague says, drinking our own champagne, including in 
Albuquerque, where we have a huge facility ----
    Ms. Lujan Grisham. We would like that to be bigger.
    Mr. Quinn. Thirty-three-thousand employees are today 
participating in our Connected Care program. The real enabler 
of this is, of course, that there is something called the 
Sequoia Project that makes interoperability possible in 
connecting 150 different EHRs, but more importantly, that we 
are directly contracting with the providers in that area and we 
have purchasing power.
    We are doing this in Albuquerque. We are doing it in 
Portland. We are doing it in Arizona.
    Intel is a big purchaser, and we said you are going to 
participate as part of this, and we are going to collect these 
metrics.
    The same is happening on this national basis, this 50 
percent. Fifty percent I think is a real tipping point, because 
you can't live in two different worlds. You can't live in the 
fee-for-service world and the alternate-payment world.
    The sooner we can get there, the better. We can't let up on 
the accelerator.
    Ms. Lujan Grisham. Okay, thank you.
    Mr. Hurd. Thank you, Mr. Quinn.
    Raise your hand if you have suggestions on how to harmonize 
privacy laws, and which privacy laws and regulations need to be 
harmonized?
    Mr. Savage, your organizations don't have opinions?
    Mr. Savage. We do. We don't look at them as harmonization. 
We look at them as protecting privacy for patients in all the 
different States.
    Mr. Hurd. So I would like all of you all to submit those 
ideas, those white papers, to the committee for the record, so 
we can review those and see if that can be an area that we look 
at.
    I would be remiss if I don't ask a cybersecurity question.
    Ms. Rich, this is for you, and I am not interested in any 
particular company or something like that. What do you think is 
the biggest threat right now to health information and our 
citizens' health data?
    Ms. Rich. There are a few. One is failure by companies 
still to take this as seriously as they should. There has been 
a lot of progress in recent years, but we are still seeing not 
enough attention focused on this issue.
    Congressman Lieu also mentioned ransomware, which is 
something that is on the rise and is particularly on the rise 
when sensitive information is collected, because of the great 
interest in protecting that information, so the ransomware 
tactics are more likely to succeed.
    We are seeing that more and more in our cases, and we are 
looking at this issue ourselves, and maybe doing something 
publicly on that.
    But the number one issue is still the failure to pay enough 
attention to this issue, among many, many companies.
    Mr. Hurd. Mr. DeCrescenzo?
    Mr. DeCrescenzo. Obviously, Ms. Rich has her perspective, 
what I think at the HLC, we are taking this very seriously. And 
we see across providers, payers, pharmacies, everybody who is 
part of HLC, an enormous amount of investment and forward-
thinking on what to do about the problems that you described, 
for example, at Hollywood.
    I think one of the challenges everyone needs to recognize 
is that we are also trying to constrain costs as much as 
practicable in the U.S. health care system. And all these 
things come at a cost. And there is not necessarily as much 
freedom, or maybe should there be, to be able to capture 
reimbursement in order to reflect those costs.
    So I think it is a very difficult barrier when you think of 
the resources that are applied anywhere from telecommunications 
to banking to other industries around cybersecurity, the fact 
that we have all described the importance of personal health 
information, and recognizing that many of these institutions, 
including many hospitals I'm sure in your districts, are 
already struggling to deal with a number of other aspects of 
successfully providing patient care.
    So I think we certainly see people taking it very 
seriously. As I'm sure you're aware, many people go into the 
medical profession because they have that commitment to 
patients, their data, and privacy.
    So I think one of the things we need to consider is how 
well is reimbursement reflecting the cost of doing a good job 
at it.
    Mr. Hurd. Ms. Rich, what has been the biggest fine that FTC 
has issued on a private company for violating our privacy? We 
don't need to know the situation, just what is the dollar 
amount? And can you describe the situation?
    Ms. Rich. We actually, in the initial instance, don't have 
fining authority in the data security area in general. We do 
when it involves kids' information or consumer credit data. But 
in the general data security work we do, we do not have the 
authority to obtain any penalties.
    That is, I think, something that we seriously need in order 
to create different incentives here.
    Mr. Hurd. If a private company would have lost the 
information on 23 million records, what would FTC have done?
    Ms. Rich. In the abstract, it is hard to say. Each 
violation, if we had civil penalty authority, just borrowing 
from the authority that we have in other areas, every violation 
could amount to a $16,000 penalty. So if you add that up over 
millions of consumers, it's potentially infinite. But, of 
course, we take the ability to pay, et cetera, into account.
    But the fines could be quite high for a company that had 
very serious violations and injured a lot of consumers.
    Mr. Hurd. Thank you.
    Now to close this out, Mr. Blum, you are recognized for 5 
minutes.
    Mr. Blum. Thank you, Chairman Hurd, for holding this most 
important hearing.
    And thank you to all the panelists today for your insights. 
I appreciate it very much.
    Telehealth, telemedicine, has absolutely intrigued me since 
I have been in office the last 15 months. When we talk about 
rising health care costs in the country, I know many citizens 
want a silver bullet, one answer, one thing that is going to 
solve the increasing health care costs.
    I kind of believe, pardon my pun, I believe it has been 
death by 1,000 cuts, the increase in health care costs. It has 
been a lot of small things. And I think one piece of the 
puzzle, the solution to keeping health care costs in line, is 
telehealth or telemedicine, and particularly in our veterans' 
care system with the psychiatric care, PTSD.
    I know in Iowa, it is rural, so we don't have a lot--in all 
the outpatient clinics for vets, we don't have a psychologist 
or psychiatrist on staff. So telemedicine is a great 
application there.
    I would like to ask all the panelists, what policy changes 
do you think are necessary so there is 100 percent--100 
percent--telehealth participation by providers and by 
hospitals? I see it as critically important to saving the 
government money and also improving the outcomes of our 
patients.
    So whoever would like to take that, jump on it, please.
    Dr. DeSalvo. Congressman, perhaps I will begin and say that 
I share your enthusiasm for telehealth. As a doctor, I have had 
the opportunity to use that, particularly for access to 
psychiatric care in my home community of New Orleans after 
Katrina, when we had really a lack of services. As a rural 
State, we have been able to leverage that as well.
    So as a care delivery model, very well-received, and can 
also save people money, because they don't have to take off of 
work and find health care, et cetera, to go to the sites. It is 
less of a technology issue and more of, I think, an opportunity 
as we move to alternative payment models.
    So as the VA has been able to show and the private sector, 
and certainly through some of the work that the department has 
done with these models in the Center for Medicare and Medicaid 
Services, we have been working to advance that as an 
administration, in partnership with the private sector.
    I think it is something that we see as a department an 
opportunity in the delivery system reform work that is moving 
to alternative payment models, such as in the MACRA legislation 
that is required for docs. It is going to give us a lot of 
opportunity to really enable and support new kinds of care 
models.
    So from our standpoint, we believe that, with the 
department, we really believe that we are moving forward into 
this world and that the MACRA legislation for docs, in 
particular, is going to be helpful.
    Mr. Blum. You are a medical doctor, correct?
    Dr. DeSalvo. Yes.
    Mr. Blum. I know you cannot speak for the medical 
community, but what is your impression or your opinion of the 
medical community's opinion of telemedicine? Is it a good one? 
Or do they say this isn't that good?
    Dr. DeSalvo. So I can't speak for the medical community, so 
I will speak for myself and my peers, that there are some real 
benefits to it.
    Speaking purely as a doctor, I think one of the challenges 
is there is a lot that you gain from being in the room with a 
patient, you can touch them, you can listen to them in a way 
you can't necessarily through technology. So a mix of kinds of 
interaction is typically what we want. We wouldn't want it to 
all to be remote, because you also gain something from that 
touch in that exam room.
    Mr. Blum. Absolutely.
    Others? Yes, sir?
    Mr. DeCrescenzo. Congressman, one other thing I would 
mention is harmonization of standards across the States.
    Obviously, with telemedicine, as you described, it is 
something that brings the ability to provide care across 
distance. And, of course, many of the States are quite large, 
so it is urban to rural and various other ways. It certainly 
would facilitate the growth of telemedicine in a very important 
fashion.
    But in addition, there is quite a patchwork of regulations 
and standards on a State basis across the country, so the 
ability to leverage perhaps highly specialized care outside the 
State is often more difficult for somebody looking to put 
together a national network or even nationally focused 
providers like Cleveland Clinic and others who have a very 
large footprint across the country.
    Mr. Blum. And what would the solution to that be? Is there 
an easy one? I like easy solutions.
    Mr. DeCrescenzo. Well, we have 50 States, so I doubt there 
is an easy one.
    But I think there is increasing, I would say, similarity 
between the regulations of different States as they become more 
familiar with this. And perhaps like a lot of the work ONC and 
others have done around harmonization of technology standards, 
we would hope there would also be a similar effort to harmonize 
the standards and regulations around telemedicine.
    Mr. Blum. Yes, ma'am?
    Ms. Rich. The FTC in the competition area, which I don't 
personally work, but we have done a good deal of work on 
breaking down barriers to competition that may hold back 
certain alternative forms of medicine.
    For example, we have commented to States that may have laws 
that favor certain medical techniques over others in a way that 
interferes with competition through State laws. So competition 
is very important in this area.
    Mr. Blum. Do I have time for one more question, Mr. 
Chairman?
    Mr. Hurd. Thirty-nine seconds.
    Mr. Blum. One of the major barriers preventing a focus on 
home-based health care versus expensive hospitalization--
another area I am very interested in, is keeping that person in 
their home as long as we possibly can or getting them back to 
their home as quick as we can. Thoughts on that?
    Mr. Savage. I would jump in and say that is a good 
illustration of perhaps an interoperability issue. We want to 
make sure that the patient's home is connected with the system.
    So you want access. You want the patient to be able to send 
remote monitoring information to the doctor's clinical record. 
These are things that are actually in the process of being 
developed on a national level.
    That kind of two-way communication between the home and the 
doctor's system also contributes to care planning, so that you 
actually have working together to manage the care and to move 
from care to health.
    Mr. Blum. This could apply to nursing homes as well, 
correct?
    Mr. Savage. That's correct.
    Mr. Quinn. I would say that one of the things that really 
is lacking today is ensuring that those home-based applications 
have a market. So today without the reimbursement for many of 
those things, the market hasn't blossomed the way that it 
could. Many of the applications and the tools aren't 
necessarily designed for a 78-year-old or maybe somebody with 
disabilities who is at home.
    Ensuring that that, frankly, consumer marketplace with the 
technology that is rigorous enough to be trusted and 
incorporated into the health care system is built and that 
there is a marketplace for it, because there is reimbursement, 
there is a path for investors to say there is something here.
    Mr. Blum. That's a good point. Thank you very much for your 
input. I appreciate very much.
    With that, I yield the time that I do not have.
    Mr. Hurd. I would like to thank Mr. Lieu and Mr. Cartwright 
for the bipartisan nature in working on this topic. It is 
important for an exchange of information.
    And I appreciate our witnesses taking the time to appear 
before us today and for your patience.
    If there's no further business, without objection, the 
subcommittees stand adjourned.
    [Whereupon, at 4:22 p.m., the subcommittees were 
adjourned.]


                                APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]