[Senate Hearing 114-670]
[From the U.S. Government Publishing Office]


                                                       S. Hrg. 114-670

  ACHIEVING THE PROMISE OF HEALTH INFORMATION TECHNOLOGY: INFORMATION 
                    BLOCKING AND POTENTIAL SOLUTIONS

=======================================================================

                                 HEARING

                                 OF THE

                    COMMITTEE ON HEALTH, EDUCATION,
                          LABOR, AND PENSIONS

                          UNITED STATES SENATE

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                                   ON

   EXAMINING ACHIEVING THE PROMISE OF HEALTH INFORMATION TECHNOLOGY, 
        FOCUSING ON INFORMATION BLOCKING AND POTENTIAL SOLUTIONS

                               __________

                             JULY 23, 2015

                               __________

 Printed for the use of the Committee on Health, Education, Labor, and 
                                Pensions
                                
                                
 [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]                               


      Available via the World Wide Web: http://www.gpo.gov/fdsys/
      
      
      
                      U.S. GOVERNMENT PUBLISHING OFFICE                    
95-737 PDF                  WASHINGTON : 2017                     
          
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected]. 
                


          COMMITTEE ON HEALTH, EDUCATION, LABOR, AND PENSIONS

                  LAMAR ALEXANDER, Tennessee, Chairman

MICHAEL B. ENZI, Wyoming		PATTY MURRAY, Washington
RICHARD BURR, North Carolina		BARBARA A. MIKULSKI, Maryland
JOHNNY ISAKSON, Georgia			BERNARD SANDERS (I), Vermont
RAND PAUL, Kentucky			ROBERT P. CASEY, JR., Pennsylvania
SUSAN COLLINS, Maine			AL FRANKEN, Minnesota
LISA MURKOWSKI, Alaska			MICHAEL F. BENNET, Colorado
MARK KIRK, Illinois			SHELDON WHITEHOUSE, Rhode Island
TIM SCOTT, South Carolina		TAMMY BALDWIN, Wisconsin
ORRIN G. HATCH, Utah		        CHRISTOPHER S. MURPHY, Connecticut
PAT ROBERTS, Kansas			ELIZABETH WARREN, Massachusetts
BILL CASSIDY, M.D., Louisiana                         

               David P. Cleary, Republican Staff Director

                  Evan Schatz, Minority Staff Director

              John Righter, Minority Deputy Staff Director

                                  (ii)

  
                            C O N T E N T S

                               __________

                               STATEMENTS

                        THURSDAY, JULY 23, 2015

                                                                   Page

                           Committee Members

Alexander, Hon. Lamar, Chairman, Committee on Health, Education, 
  Labor, and Pensions, opening statement.........................     1
Murray, Hon. Patty, a U.S. Senator from the State of Washington..     3
Cassidy, Hon. Bill, a U.S. Senator from the State of Louisiana...    28
Franken, Hon. Al, a U.S. Senator from the State of Minnesota.....    30
Enzi, Hon. Michael B., a U.S. Senator from the State of Wyoming..    32
Baldwin, Hon. Tammy, a U.S. Senator from the State of Wisconsin..    34
Bennet, Hon. Michael F., a U.S. Senator from the State of 
  Colorado.......................................................    36
Whitehouse, Hon. Sheldon, a U.S. Senator from the State of Rhode 
  Island.........................................................    38

                               Witnesses

Kendrick, David C., M.D., MPH, Chair, Department of Medical 
  Informatics, University of Oklahoma, CEO, MyHealth Access 
  Network, Tulsa, OK.............................................     5
    Prepared statement...........................................     7
Mirro, Michael J., M.D., FACC, FAHA, FACP, Past Chair, Medical 
  Informatics Committee, American College of Cardiology, and 
  Chief Academic/Research Officer, Parkview Mirro Center for 
  Research and Innovation, Fort Wayne, IN........................    13
    Prepared statement...........................................    15
Kibbe, David C., M.D., MBA, President and CEO, DirectTrust, 
  Senior Adviser, American Academy of Family Physicians, 
  Washington, DC.................................................    17
    Prepared statement...........................................    19
Black, Paul M., MBA, President, Chief Executive Officer and 
  Director, Allscripts, Chicago, IL..............................    22
    Prepared statement...........................................    23

                          ADDITIONAL MATERIAL

Statements, articles, publications, letters, etc.:
    American College of Cardiology, Heart House, Letter..........    50
    Response by David C. Kendrick, M.D., MPH, to questions of:
        Senator Alexander........................................    53
        Senator Murray...........................................    54
        Senator Enzi.............................................    55
        Senator Casey............................................    57
        Senator Baldwin..........................................    58
        Senator Cassidy..........................................    58

                                 (iii)

  

 
  ACHIEVING THE PROMISE OF HEALTH INFORMATION TECHNOLOGY: INFORMATION 
                    BLOCKING AND POTENTIAL SOLUTIONS

                              ----------                              


                        THURSDAY, JULY 23, 2015

                                       U.S. Senate,
       Committee on Health, Education, Labor, and Pensions,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 10:05 a.m., in 
room SD-430, Dirksen Senate Office building, Hon. Lamar 
Alexander, chairman of the committee, presiding.
    Present: Senators Alexander, Enzi, Cassidy, Murray, Casey, 
Franken, Bennet, Whitehouse, and Baldwin.

                 Opening Statement of Senator Alexander

    The Chairman. Senator Murray will be here, but she has 
asked me to go ahead and start. Welcome. This is a hearing of 
the Committee on Health, Education, Labor, and Pensions.
    Senator Murray and I will each have an opening statement. 
Then we will have our witness testimony. We will ask you to 
summarize your remarks in 5 minutes. Then we will have 
questions.
    I need to leave at 10:30 a.m. for just a few minutes to go 
vote in an Appropriations hearing, and Senator Enzi will 
preside during that time. Then I will be right back. I don't 
want to miss anything from our witnesses. I read your 
testimonies, very helpful.
    Today's hearing is on information blocking. What does that 
mean? Here is an example.
    If I suddenly found myself at the Vanderbilt University 
Medical Center emergency room and the doctors there wanted to 
get my paperwork from the hospital and doctors that I usually 
use, information blocking means there is some obstacle getting 
in the way of my personal health information being sent to the 
Vanderbilt University emergency room.
    This could happen in a variety of ways. No. 1, could be 
that my usual hospital refuses to share my information. No. 2, 
the electronic systems at both hospitals don't talk to each 
other. That could happen. No. 3, my usual hospital says it will 
charge Vanderbilt a huge fee to send my electronic records. No. 
4, my usual hospital might say it can't share them for privacy 
reasons. That could be our fault here in the Federal 
Government. No. 5, or my usual hospital won't send them because 
they cite concerns about data security.
    There could be a lot of reasons why I am sitting there in 
the Vanderbilt University emergency room, and the doctors can't 
get my medical records.
    Since 2009, American taxpayers have spent $30 billion to 
encourage doctors in hospitals to install electronic health 
record systems through incentive payments to Medicare and 
Medicaid providers. One of the chief goals was to improve the 
electronic exchange of a patient's health information between 
physicians' offices and urgent care centers and hospitals and 
pharmacies.
    By encouraging these practitioners to adopt these systems 
and then encourage the manufacturers of the system to make them 
able to communicate with one another, we call that 
interoperability. That way, for example, I could have my 
physician send my records easily to a specialist who could have 
my entire medical history right in front of her before I even 
had my first appointment. No more printing of papers that I 
have to go to pick up and bring to my appointment, have added 
to a paper file, and then reentered into the specialist's 
computer.
    The Federal Government even went so far as to certify 
certain systems so physicians and hospitals generally expected 
that the certified systems would enable them to transfer 
records. But interoperability, this communication among systems 
that is so critical, has been difficult to achieve. Information 
blocking is one obstacle to interoperability, and I am 
interested to hear today from the witnesses the extent to which 
it is a problem, the extent to which the Government may share 
the blame and the extent to which the Government can encourage 
interoperability.
    It could loosely be defined as intentionally interfering 
with access to my personal electronic health information. Here 
is what Reid Blackwelder, a family physician in Kingsport, TN, 
told the New York Times earlier this year,

          ``We have electronic records at our clinic. The 
        hospital, which I can see from my window, has a 
        separate system from a different vendor. The two don't 
        communicate. When I admit patients to the hospital, I 
        have to print out my notes and send a copy to the 
        hospital so they can be incorporated into the 
        hospital's electronic records.''

    Last year, I worked with the Appropriations Committee to 
acquire a report from the Office of the National Coordinator on 
information blocking. We received the report from Dr. DeSalvo 
and her team, who did a good job describing the various kinds 
of information blocking. The report described the sorts of 
information blocking and the scenarios I outlined earlier.
    It concluded that successful strategies to prevent 
information blocking will likely require congressional 
intervention, but this is not the only view of the practice. 
Some view information blocking as rational, competitive 
practices by for-profit businesses in a competitive healthcare 
industry. In other words, why would a hospital or physician 
network make it easy for a patient to go out of their network 
when that is against their business interest, these persons 
might say.
    Senator Murray and I have created working groups within our 
committee to deal with the various issues on electronic medical 
records. We have also created a good working relationship with 
Secretary Burwell, Secretary of HHS. In fact, we had breakfast 
with her this morning and discussed this subject some.
    Let me just give my own view about this. Based upon what I 
have heard from doctors, hospitals, administrators, meaningful 
use Stage 1 helped encourage adoption. Meaningful use 2 was a 
mixed blessing. Meaningful use 3 is a whole other kettle of 
fish.
    The head of Mayo Clinic came to see me recently and said 
that Mayo, which is unique in some ways, is budgeted spending 
$1 billion over the next 4 years with 500 employees working on 
it in order to put in place the requirements of meaningful use 
Stage 3.
    Another well-respected hospital told me that meaningful use 
1 and 2 worked OK, but they were terrified by meaningful use 3. 
My instinct is to say to Secretary Burwell let us not go 
backward on electronic healthcare records, but let us not 
impose on physicians and hospitals a system that doesn't work 
and which they spend most of their time dreading.
    Half the doctors are now paying penalties rather than 
participate in electronic medical records. We want something 
that physicians and hospitals buy into that help patients 
rather than something that they dread.
    One of the questions I will be interested in hearing the 
witnesses talk about is the extent to which we might want to 
slow down the implementation of Stage 3 of electronic 
healthcare records, not with the idea of backing up on it, but 
with the idea of saying let us get this right before we set 500 
employees and $1 billion to work at the Mayo Clinic 
implementing a system that is not right and that we then have 
to change in 2 or 3 or 4 years, or that we impose on physicians 
and doctors such an onerous system that we get a huge backlash 
in 2 or 3 years and waste the effort that we have made today.
    I took a little longer than I normally would in saying 
that, but this is our fourth hearing on electronic health 
records. We have got another one scheduled for September and 
then another one in October. We intend to make whatever results 
a part of our medical innovation legislation, which we hope to 
finish by the end of the year.
    This is a serious subject, both for Senator Murray and for 
me and for Democratic and Republican members of the committee. 
We are looking for advice about the right thing to do.
    Thank you.
    Senator Murray.

                  Opening Statement of Senator Murray

    Senator Murray. Thank you very much, Chairman Alexander.
    Thank you to all of our witnesses and colleagues who are 
here with us today.
    I believe strongly that when it comes to our country's 
healthcare system, we need to keep moving forward, and that 
means building on the progress made so far to continue 
expanding coverage to our families, making healthcare more 
affordable, and improving the quality of care patients receive.
    This is, as the chairman said, our fourth hearing on 
strengthening our country's health IT infrastructure, an issue 
that is especially important to two of those goals--improving 
the quality and the affordability of care. When patients and 
providers have more convenient access to better health 
information, they are more equipped to make truly life-changing 
or even lifesaving decisions.
    Hospitals and providers have made substantial progress over 
the last few years toward expanding the use of health 
information technology. Today, for example, 6 out of 10 
hospitals report having used electronic health records to 
coordinate with at least one provider outside their own 
organization. That is a 51 percent increase from just 7 years 
ago.
    We have taken some important initial steps forward, but we 
need to build on that progress and tackle a lot more challenges 
to make sure that patients can get better, more efficient care 
that reflects their medical histories. I am glad today that we 
are focusing on one challenge in particular, the practice of 
deliberate information blocking by some health IT organizations 
which threatens to get in the way of the progress we need to 
make to continue to improve our healthcare system.
    It is important to make clear that there are some 
legitimate reasons that a vendor might limit exchange of health 
information--patient privacy or unanticipated technological 
challenges. According to a recent report by the Office of 
National Coordinator for Health Information Technology, there 
is substantial evidence that some organizations are 
intentionally setting up barriers between their systems and 
other systems or overcharging or creating technical or legal 
barriers to providers who want to access information through 
the system they purchased, or both.
    To me, these efforts to knowingly interfere with access to 
patients' health information is completely unacceptable. We 
have heard before in this committee how big a difference 
medical records can make for patients and their families, and 
because a strong national health IT system depends on different 
electronic healthcare record systems being able to talk to each 
other, we can't afford to have bad actors who prioritize their 
bottom line over patients' best interests and block information 
that hospitals, providers, and patients need to be able to 
share with one another.
    Instead, I am hopeful that members of this committee can 
work together on ideas that would allow physicians to vote with 
their feet when it comes to health IT and enable patients to 
download and provide their medical histories in a standard, 
easily transferable way.
    Today I am going to be very interested in hearing from our 
witnesses about these ideas and others, which would help move 
us toward even more significant progress to strengthen health 
IT and improve healthcare for the families and communities that 
we all serve.
    Thank you again to our witnesses. We look forward to your 
testimony today.
    Thank you, Mr. Chairman, for really focusing on a critical 
topic.
    The Chairman. Thanks, Senator Murray.
    First, we will hear from Dr. David Kendrick, chair of the 
Department of Medical Informatics at the University of Oklahoma 
and CEO of MyHealth Access Network in Tulsa. MyHealth Access 
Network connects more than 1,600 providers and patients through 
an innovative, community-based health information system.
    Dr. Michael Mirro is our second witness. He is the chief 
academic and research officer at the Parkview Mirro Center for 
Research and Innovation in Fort Wayne, IN, and is a national 
leader in health information technology, serving as chair of 
the American College of Cardiology Health IT Committee for 5 
years.
    Next we will hear from Dr. David Kibbe. He is the founding 
president and chief executive officer of DirectTrust, a 
nonprofit organization that helps and protects the rules and 
regulations of those in the nationwide Health Information 
Network. He is the senior adviser to the Alliance for Health IT 
Innovation at the American Academy of Family Physicians.
    And finally, Mr. Paul Black is here. He is president, chief 
executive officer, and director of Allscripts Healthcare 
Solutions, Inc., a leading electronic health record vendor. I 
am told that Allscripts is now able to work with all major 
electronic health record applications in today's market. Mr. 
Black served as the EHR vendor Cerner's chief operating officer 
prior to that.
    Welcome. We look forward to your testimony. If you would 
summarize your remarks in 5 minutes, then we will have a 
conversation.
    Dr. Kendrick, let us begin with you.

STATEMENT OF DAVID C. KENDRICK, M.D., MPH, CHAIR, DEPARTMENT OF 
  MEDICAL INFORMATICS, UNIVERSITY OF OKLAHOMA; CEO, MYHEALTH 
                   ACCESS NETWORK, TULSA, OK

    Dr. Kendrick. All right. Thank you.
    Good morning, Chairman Alexander, Ranking Member Murray, 
and distinguished members of the committee.
    In previous hearings, committee members have asked how do 
you define interoperability? From my perspective, every patient 
deserves to have their complete longitudinal medical record 
securely available wherever and whenever decisions are made 
about their health.
    Wherever includes places like the doctor's office or the 
emergency room, between doctor visits when medications are 
refilled, as well as at home with the patient or caregiver. I 
think this definition is helpful because it reminds us that the 
primary objective of interoperability is to better serve the 
patient with high-quality, safe, and cost-effective care.
    We have taken these principles to heart in Oklahoma and 
have leveraged our ONC Beacon Community Award to create 
statewide interoperability. MyHealth is a nonprofit that serves 
as an entity most trusted by payers and providers to measure 
quality, cost, and value in support of new healthcare payment 
and delivery models.
    This unique, trusted, third-party arrangement has 
accelerated the adoption of value-based payment models in 
Oklahoma, and interoperability has enabled providers to succeed 
in these new care delivery models. For example, MyHealth serves 
as the convening organization and data aggregator for CMMI's 
Comprehensive Primary Care Initiative demonstration project in 
which 265 Oklahoma primary care providers reduced Medicare 
costs by 7 percent in 1 year.
    These accomplishments have been hard fought, requiring more 
than 5 years and $15 million to produce. By far, the most 
significant barrier to success has been liberating accurate 
patient data from practices, hospitals, and other 
organizations. Generally, we think of data blocking as the 
intentional interruption or prevention of interoperability by 
one of two parties, the provider or the provider's EHR vendor.
    Provider data blocking may have been an important challenge 
early in the development of MyHealth, but it has quickly 
receded as value-based payment models take hold. Thus, the 
biggest challenge we face is liberating patient data from EHR 
systems to make it interoperable.
    While many EHR vendors work well with our customers and 
with our organization to establish interoperability, we still 
have so many specific experiences with inappropriate data 
blocking and substandard data quality that we have created a 
nomenclature to classify six common types. Below, we describe 
one or more real examples of each type.
    Type 1 is the golden rule. By far, the most common barrier 
to interoperability is the high price charged by vendors to 
implement and maintain interfaces, which commonly exceeds 
$10,000, and it is not uncommon to see charges of $30,000 to 
$40,000 per practice, regardless of practice size, to do 
something that meaningful use supposedly required.
    Type 2 we call the Hotel California. There is a component 
of the EHR certification program called data portability that 
is intended to help providers change EHR vendors if they like. 
Unfortunately, few vendors appear to offer this functionality 
as intended, and so we say that the customers of these vendors 
have a Hotel California problem. They can check out other EHR 
products anytime they like, but their data can never leave.
    Type 3 is inexplicable. We recently were told by a large 
EHR vendor's project manager that, ``We just don't do CCDs,'' 
which is the patient summary of care document, ``because 
they're not in our DNA.''
    The CCD is required of all certified EHRs, and no amount of 
arguing thus far has been able to convince this project manager 
that his vendor could do this.
    Type 4 we call garbage in and garbage out, and this simply 
relates to the quality of the data we are getting in these 
standard CCDA files. We are finding uncoded lab results, 
uncoded medications. When the data is not coded properly, it 
can't be duplicated and essentially becomes useless for other 
providers to use in care.
    Type 5 we call EHR at the center of the universe. 
Increasingly, we are hearing from large health systems that 
their EHR vendor provides all of the interoperability that they 
need without the community HIE. This is because the vendor 
provides convenient connections to other systems that use their 
product.
    However, providers in critical services using other EHR 
products are excluded, leaving a big hole in the 
interoperability of the community and the health system. Most 
concerning about this mistaken belief among health system 
leaders is that it subverts interoperability at the community 
and State level, creating instead a corporate EHR network for 
interoperability which is not subject to the trust arrangements 
and policies of the community.
    Type 6 we call the bait and hidden switch. In this type of 
data blocking, the vendor achieves certification with one 
feature set and then either hides or eliminates functionality 
when the EHR is actually deployed in practice. By filing a 
complaint with ONC's surveillance program, we recently 
discovered that one of the Nation's largest ambulatory EHR 
vendors had actually hidden functionality that they used to get 
certified and were instead charging tens of thousands of 
dollars to practices for an additional product to do the same 
thing.
    We have since used this knowledge to connect many practices 
at no cost. Unfortunately, the vendor in question still has not 
been compelled to communicate this information to all of their 
customers.
    We have also observed a certain fear among providers that 
filing complaints with ONC against their vendor will produce a 
backlash in the form of poor service or increased fees. Most of 
the time our participants ask that we, the health information 
exchange, file the complaint to preserve their relationships 
with their vendors.
    My recommendations to improve the flow of data for 
interoperability are, No. 1, expand HIT certification to test 
interoperability in the field. Don't just test it on the bench, 
but also test it once it is deployed to prove that it works.
    No. 2, further emphasize the ONC certification surveillance 
program. No policy has ever been successful without at least 
the threat of enforcement.
    No. 3, consider implementation of a lemon law for EHRs to 
protect providers and other organizations stuck in long-term 
contracts with vendors who do not perform.
    No. 4, require certain clauses of EHR contracts to be 
transparent, especially the interoperability clauses that can 
hide these data blocking issues.
    No. 5, continue to expand value-based payment models, which 
inherently encourage interoperability among providers.
    And No. 6, although it may sound controversial coming from 
a board-certified medical informaticist, we don't need any new 
standards right now. We need to make the ones we have work. We 
should continue research and development, but please don't 
layer in new standards.
    HITECH called upon ONC to establish the governance for the 
nationwide Health Information Network, but perceived 
limitations on ONC's authority have left this entire segment of 
our critical national infrastructure without governance. This 
vacuum is being filled by various consortia and collaborations 
of vendors and large provider organizations.
    ONC's authority should be made clear in three groups.
    The Chairman. If you could wind it up, Dr. Kendrick.
    Dr. Kendrick. Sure. Those who receive care, provide care, 
and pay for care should be organized into governance.
    [The prepared statement of Dr. Kendrick follows:]
           Prepared Statement of David C. Kendrick, M.D., MPH
    Good morning, Chairman Alexander, Ranking Member Murray, and 
distinguished members of the committee. I am pleased to offer you my 
testimony on a topic that has consumed nearly all of my professional 
life--the modernization of our healthcare delivery system, and lately, 
the information blocking that is getting in the way of progress.
    I reviewed the previous healthcare IT testimony to this committee 
and noted that a very important question has consistently been asked by 
committee members: ``How do you define interoperability?''
    My definition of interoperability is that every patient deserves to 
have their complete, longitudinal medical record available wherever and 
whenever decisions are made about their health. ``Wherever'' includes 
places like the doctor's office or the emergency room, between doctor 
visits when medications are refilled, as well as at home with the 
patient or caregiver and on smartphone when the patient travels.
    I think this definition is helpful because it reminds us that the 
primary objective of interoperability is to better serve the patient. 
It also provides us with a convenient test for any health IT 
implementation or policy. ``Does my EHR ensure that my patients have 
their records from my clinic available no matter where they seek 
care?'' is a fundamental question all doctors should ask about their 
systems.
    Another important test is ensuring that each patient, and 
population, is receiving high value care--the primary ingredient 
required for successful value-based payment models. In order to do 
this, quality and cost measures must contemplate ALL of the relevant 
data on each patient. Since the average patient sees more than 3 
different doctors each year, and the average Medicare patient sees 7, 
this almost always means aggregating data from multiple doctors and 
hospitals in order to get an accurate picture of individual and 
population health. To do otherwise would be like assessing the record 
of a football team based only on the performance of the left tackle.
    We in Oklahoma have been hard at work transforming our healthcare 
delivery system. MyHealth Access Network is a non-profit health 
information exchange organization serving more than 4 million patients 
and connecting 275 organizations, including doctors, hospitals, 
pharmacies, tribal health systems, payers, employers, home health, 
hospice, long term care, State and local agencies, and many others. 
MyHealth received a Beacon Community Award from ONC in 2010 which 
encouraged and enabled us to build the Oklahoma approach to 
interoperability.
    MyHealth has established effective health information exchange with 
dozens of EHR's, administrative systems, and payer claims systems, and 
consolidates this data into a single record for each patient to ensure 
that their complete medical record is available wherever, and whenever 
needed for care. In addition, MyHealth serves as the entity most 
trusted by payers and providers to measure quality, cost, and value in 
support of new healthcare payment and delivery models. This unique 
Trusted Third Party arrangement has accelerated the adoption of value-
based payment models in Oklahoma, and has enabled providers to succeed 
in these new care delivery models.
    For example, under the Beacon program, MyHealth demonstrated 
significant improvements in critical ACO success measures: preventable 
admissions and ER visits for asthma, COPD, and congestive heart 
failure. MyHealth technology has been shown to improve care transitions 
by reducing wait times for access to specialty care by 2/3 and 
significantly reducing the total cost of care for transitioned patients 
in the Medicaid population.
    MyHealth has also served as the Convening organization and data 
aggregator for the Oklahoma implementation of a CMMI pilot project 
called the Comprehensive Primary Care initiative (CPC), which includes 
local commercial payers as well as Medicare and Medicaid. These 
multiple payers have partnered to implement a value-based payment and 
practice transformation program in primary care practices. In the first 
year of the program, Oklahoma's 65 CPC practices reduced Medicare costs 
by 7 percent, prompting Secretary Burwell to seek commentary on the 
potential expansion and permanent implementation of the CPC model in 
the latest CMS Physician Fee Schedule.
    These accomplishments have been hard fought, requiring more than 5 
years and $15M to produce. By far, the most significant barrier to 
success has been liberating accurate patient data from practices, 
hospitals and other organizations.
    Generally, we think of data blocking as the intentional 
interruption or prevention of interoperability by one of two parties: 
the Provider or the Provider's EHR vendor.
    Provider data blocking may have been an important challenge early 
in the development of MyHealth but it has quickly receded as value-
based payment models take hold. The Comprehensive Primary Care 
initiative, the rise of several ACO's, and important moves by 
commercial payers such as Blue Cross and Blue Shield have all combined 
to convince providers in Oklahoma that value-based payment models are 
the present and the future. CMS further endorsed this thinking with 
their announcement in January. As providers recognize that their 
success in these new models of care and payment is dependent on having 
their patients' comprehensive data available wherever it is needed for 
decisionmaking (even if that is a competing organization), the 
provider-driven barriers to interoperability tend to melt away.
    Thus, the biggest challenge we face is helping our willing provider 
members to liberate the patient data from their EHR systems to make it 
interoperable. We have so many specific experiences with inappropriate 
data blocking and substandard data quality that we have created a 
nomenclature to classify the six common types. We have had some success 
in solving these issues, but many remain unresolved. Below we describe 
each type of data blocking in the context of a real event.
    Before reviewing the examples, I would like to point out three 
things. First, many EHR vendors work well with their customers and with 
our organization to establish interoperability. Second, until recently, 
we have been left with few options to address most data blocking 
issues. Recently, we have become active users of the ONC Certified EHR 
Technology Surveillance program, filing complaints after we have 
exhausted all other efforts to work with the vendor and the provider to 
implement interoperability. Finally, the cases below are examples of 
the types of issues we have experienced, but these issues arise in most 
other communities as well.
                        type 1: the golden rule
    By far the most common barrier to interoperability, exorbitant 
interface and maintenance costs cause many small practices and 
hospitals (and some large ones) to forego participation in HIE or at 
least providing data to the HIE. The EHR Certification requirements do 
not set parameters for the fees that vendors may charge for 
interoperability, so this is a very common barrier.
    In our experience, typical, acceptable interface costs are below 
$2,500 per practice. However, several well-known vendors charge $10,000 
or more per practice, regardless of practice size, and some charge more 
than $30,000 to $40,000, which for many practices in Oklahoma amounts 
to $3-$5 per patient seen for an entire year.
    Other vendors charge per patient. One vendor in particular has, 
until recently, charged more than $2.00 per patient per year, which 
added nearly $1M in cost to large health systems and prompted an 
avoidance of the standard interface approaches with that vendor. Asking 
a CFO to pay $1M extra just to provide competitors with access to see 
their patient data seems to be a guaranteed way to keep the health 
system to participate in HIE--and this is exactly the effect that this 
per-
patient per-year fee model has had.
    When we question vendors about the exorbitant cost of interfaces, 
we are often told they are technologically complex and labor-intensive. 
While this may be true, the complexity is usually a result of the 
vendor's own decisions about architecture and their implementation of 
the meaningful use interoperability requirements. In addition, it is 
difficult to recommend to our participating providers that they pay 
these fees when a number of well-known EHR vendors have been extracting 
the data from their customer's practices, de-identifying it, and 
selling it for years. Certainly this process is more technologically 
complex than making a standards-based interface for clinical data.
                    type 2: the ``hotel california''
    There is a component of the EHR Certification program called ``data 
portability'' that is intended to help providers to change EHR vendors 
if they like. Vendors are required to enable providers to create a 
batch export of their patient records in a standardized format. It is 
also a very helpful capability for interoperability. Unfortunately, few 
vendors appear to offer this functionality as intended, and so we say 
that the customers of these Vendors have a Hotel California problem--
they can check out other EHR products any time they like, but their 
data can never leave.
    MyHealth has filed complaints about this issue and our initial 
complaints have been found to have merit by ONC and the ACB, but no 
specific timelines have been provided. Thus, doctors using these 
Vendors' EHR products are facing pressure to meet Meaningful Use by the 
end of the year without a clear idea of whether, or when, the product 
will enable them to do so.
                        type 3: the inexplicable
    In some cases, the reasons for data blocking are not clear, and do 
not seem to be linked to any specific technology limitation or business 
driver. Often, given time, the real motivation behind the data blocking 
will become clear and it usually resolves to a vendor-or provider-
driven decision about cost.
    For example, during the install of a major comprehensive EHR 
product in one of our largest health systems, we were told by the 
Vendor's project manager that ``We don't do CCD's, they're just not in 
our DNA''. We pointed out that their product was Meaningful Use 
certified, implying their ability to produce a CCD (a Patient Summary 
of Care file), and, in any case, this was their customer's request. 
Despite an hour of questioning, the project manager remained unfazed 
and simply continued to repeat ``we don't do CCD's, they're not in our 
DNA''.
    This issue remains today, despite the fact that we now get CCD's 
from other instances of this vendor's product. We were forced to build 
and maintain five different HL-7 (an older, less robust protocol) feeds 
to replace the missing CCD. The missing data from this health system 
means that their patients are at higher risk of Adverse Drug Events, 
duplicated testing and imaging (and radiation exposure).
                    type 4: garbage in, garbage out
    All certified EHR's are required to produce Patient Care Summary 
records according to a common format, but many of them fail to include 
the proper structure, clinical content, or standard codes. We have 
never seen a completely correct Patient Care Summary despite processing 
millions of them.
    Poor data standardization and quality prevents data from being 
combined with other records on the patient, creating a messy and often 
inaccurate chart riddled with duplications. Further, this prevents the 
calculation of metrics and care gaps, as well as quality measures, 
compromising the safety and accuracy of clinical decision support, and 
undermining the success of value-based payment models.
               type 5: ehr at the center of the universe
    Increasingly, we are hearing from large health systems using 
certain EHR systems that their EHR vendor provides all of the 
interoperable information they need. These vendors have done an 
excellent job of implementing interoperability with other health 
systems using their EHR products. However, this interoperability does 
not extend beyond the specific vendor's customers, excluding 
independent providers and small hospitals, pharmacists, ancillary care 
services and long term care, etc.--all of which play a critical role in 
the health of patients.
    Most concerning about this belief is that it subverts 
interoperability at the community and State level, creating instead a 
corporate EHR network for interoperability, which is not subject to the 
trust arrangements and policies of the community.
                 type 6: the ``bait and hidden switch''
    In this type of data blocking the vendor achieves certification 
with one feature set and then either hides or eliminates functionality 
when the EHR is deployed in a practice or hospital.
    We pursued interoperability for nearly 4 years with one of the 
Nation's largest ambulatory EHR vendors, but were told repeatedly that 
we must purchase their proprietary ``HUB'' product. In addition to a 
base cost of $40,000, the HUB carries an additional monthly service fee 
of $50-$100 for every provider in every practice--more than doubling 
the cost of HIE services.
    Recognizing that 2014 EHR Certification required them to produce 
the Patient Care Summary files for interoperability, we filed a 
complaint with ONC, which was forwarded to the Accredited Certifying 
Body (ACB) for the Vendor, who apparently forwarded the message to the 
Vendor.
    Almost immediately we received an email from the Vendor indicating 
that they would no longer work directly with our HIE. We were quite 
surprised and concerned, but fortunately, within a few hours, we 
received an email from an executive with the Vendor. Realizing that the 
certification challenge was credible, the executive offered some new 
information, unknown to any other practice or HIE in the country, as 
far as we can tell. It turns out that instead of requiring the purchase 
and implementation of the HUB product, the vendor could make a simple 
``configuration'' change to enable the data to flow out of the system. 
We immediately requested that the configuration change be made in our 
participating practices, and by 10 a.m. the next day we had data 
flowing from three practices, at no additional cost to the providers.
    This EHR Vendor product had passed certification testing with the 
configuration switch turned on, but turns it off by default for every 
installation of the product. Until we filed this challenge, no amount 
of direct questioning of the Vendor support, sales, and implementation 
staff revealed the existence of this ``switch''.
    The follow-on story is also informative. This feels to us like an 
important product defect that would be communicated to customers in any 
other industry. Since most of these installations were funded with tax-
payer dollars, it would seem that the commitment to transparency would 
be even greater. Unfortunately, the Vendor does not appear to be 
communicating this information to their customers, and continues to 
offer the expensive HUB as the only way to get data out of their EHR 
system. So, we have shouldered the burden of informing the public and 
relevant stakeholders, including our HIE colleagues. We have assisted 
several States in making this configuration switch work for them, and 
we are happy to do it--but we continue to ask why a formal and 
transparent communication process is not being required.
    Of particular concern to me has been the clear reluctance on the 
part of the practices to file or participate in the filing of 
complaints against their EHR vendors. Several times, affected practices 
have requested MyHealth to file the formal complaints on their behalf, 
but expressed fear that filing directly could prompt retribution from 
the EHR vendor. I have been surprised to find intimidation of providers 
by their vendors, whether real or perceived, playing such a significant 
role in the data blocking issue.
                            recommendations
    I have several suggestions to address and prevent the issue of data 
blocking.

    1. The HIT Certification program is the strongest lever available 
to ensure Vendor alignment with success of the Nation in achieving the 
optimization of health and quality of life for all Americans. I 
recommend a tuning of the initial certification and an expansion of the 
ongoing surveillance program.

        a.  Initial and ongoing certification recommendations:

              i.  Current testing: EHR's are currently certified based 
        on testing in an ideal, laboratory environment.
             ii.  Expanded Certification Testing: We recommend that 
        certified EHR's have their interoperability functions tested in 
        the field with each deployment of their product in order to 
        maintain certification. In this way, the product can be proven 
        to be interoperable before the ``keys'' are handed over to the 
        provider. This would specifically address Information Blocking 
        Types 2, 3, 4, and 5 above. We are happy to expand on ways this 
        can be accomplished cost-effectively as requested.
            iii.  Meaningful Use 3 Proposed requirements: It has been 
        proposed that Certified EHR's must enable providers to choose 
        standard clinical documents and schedule them for automated 
        delivery to specific locations. Preservation of this 
        requirement is critical to achieving broad interoperability.

        b.  Certification Surveillance program recommendations: As 
        noted above, most progress on addressing the data blocking 
        issue has come through successful use of ONC's Certified Health 
        IT Surveillance program. We propose expansion and amendment of 
        this program in the following ways:

              i. More prominent role: The ONC Surveillance program can 
        be very important in solving these issues, but it must become a 
        more prominent component of the Certification program to have 
        maximal impact. Doctors and hospitals need to know how and when 
        to use it, and Vendors need to know what to expect from it as 
        well.
             ii. Increased Transparency:

                   1.  When a complaint is found to have merit, and 
                changes have been requested of a specific vendor, the 
                customers deserve to know the details and timing for a 
                solution. Posting the adjudicated issues and timelines 
                will enable providers to plan and increase trust among 
                the provider community.
                   2.  An annual Health IT Surveillance report has been 
                produced by the Accredited Certifying Bodies, but the 
                report is only accessible via a Freedom of Information 
                Act request--creating an additional barrier to 
                transparency and therefore trust.

            iii.  Whistle-blower protections: As described above, many 
        providers, especially small clinics and hospitals, are 
        concerned about backlash from their vendors that filing a 
        complaint may generate. Whether these fears are warranted or 
        not, it's important to create an environment where these 
        providers can feel safe in airing their concerns.
            iv.  Independence from Conflict of Interest: Currently, the 
        Accredited Certification Bodies, who are responsible for the 
        Certification program, are also responsible for executing the 
        Surveillance program. This could be perceived to be subject to 
        conflict of interest, since the ACB generates nearly all its 
        revenue from the Vendors that it certifies. For example, an ACB 
        perceived to be overly strict by Vendors could lose its 
        Certification business.

        c.  Lemon law for EHRs: On more than one occasion in our 
        community, providers have invested heavily in an EHR product, 
        only to discover that it does not meet their needs. One small, 
        financially strapped hospital in Oklahoma recently fired their 
        EHR vendor when it became clear that the Vendor would not meet 
        2014 EHR Certification--which would prevent the hospital from 
        meeting its Meaningful Use obligation. Unfortunately, the EHR 
        vendor sued the hospital for breach of contract.
            An appropriately crafted Lemon Law could help to prevent 
        these kinds of issues.
        d.  Transparency in contracting: The contents of EHR vendor 
        contracts are among the best kept secrets in America, and the 
        signatories are often bound by strict non-disclosure 
        agreements. Certain elements of these contracts, and 
        specifically those pertaining to interoperability, should be 
        made transparent to customers and other healthcare 
        stakeholders.

    2. Payment model incentive alignments provide the strongest 
incentive for providers and hospitals to support and enable 
interoperability. In particular, the expansion of value-based payment 
models are prompting providers to look beyond the walls of their 
organization for the patient information they need.

        a.  In the short term, a process measure for interoperability 
        should be employed to help providers and other stakeholders 
        gauge their progress in achieving appropriate levels of 
        interoperability. We have defined several measures that could 
        be of use and would be happy to share them.
        b.  CMS and other Federal partners such as the DoD, VA, and 
        HRSA should begin to place more value on Clinical Quality 
        measures derived from a comprehensive record of the care each 
        patient receives, rather than from a single EHR or site of 
        care. This will further encourage provider participation in 
        meaningful health information exchange, and will significantly 
        improve the accuracy of the quality measures being reported. In 
        Oklahoma, the commercial payers and Medicaid have already 
        recognized the importance of this approach to value measurement 
        and are proceeding to implement it.
        c.  Support the development of regional data aggregation such 
        as HIE's and the implementation of whole-patient quality 
        reporting. These are important infrastructure elements that are 
        needed to support the kinds of measurement described above for 
        value-based payment programs, and also to ensure that patients 
        get comprehensive, safe care no matter where they seek it.

    3. Standards: It may be controversial for me to say this as a Board 
Certified Medical Informaticist, but we have plenty of standards--we 
need to focus on correctly implementing the standards we have right now 
and monitoring their performance. R&D on new standards should continue, 
but they should undergo rigorous testing before becoming a part of the 
certification or meaningful use requirements. The ONC Standards 
Advisory hits the mark well on this issue.
    4. Governance: This is perhaps the most critical issue limiting the 
impact of the tax-payers $30B investment in health IT. In the original 
HITECH act, ONC was called upon to establish the governance for the 
nationwide health information network. Now, more than 6 years later, 
that governance still does not exist, due in part to interpretations of 
limitations on ONC's authority. Thus, there is a vacuum in governance 
for this critical component of America's infrastructure--and that 
vacuum is being filled by various consortia and collaborations of 
vendors and large provider organizations. In order to rapidly advance 
health IT and interoperability, ONC's authority should be made clear, 
and I believe strongly that the correct perspectives to include in that 
governance are:

        a.  Those who receive care (patients, special population 
        representatives);
        b.  Those who deliver care (providers, public health); and
        c.  Those who pay for care (payers, employers, governments).

    Thank you for this opportunity to share my experiences and offer my 
advice. The progress made to date is tremendous, and I am confident 
that with your guidance, health and healthcare in America can become 
the best in the world.

    The Chairman. Thank you very much.
    Dr. Mirro.

  STATEMENT OF MICHAEL J. MIRRO, M.D., FACC, FAHA, FACP, PAST 
   CHAIR, MEDICAL INFORMATICS COMMITTEE, AMERICAN COLLEGE OF 
CARDIOLOGY AND CHIEF ACADEMIC/RESEARCH OFFICER, PARKVIEW MIRRO 
       CENTER FOR RESEARCH AND INNOVATION, FORT WAYNE, IN

    Dr. Mirro. Chairman Alexander, Ranking Member Murray, and 
members of the committee, thank you for the opportunity to 
speak today on this important issue of information blocking and 
the unforeseen problems that have been created and the possible 
solutions that will help improve patient care.
    My name is Michael J. Mirro. I am testifying today on 
behalf of the American College of Cardiology, a 49,000-member 
medical society that is the professional home for the entire 
cardiovascular care team.
    I am board certified in internal medicine, cardiovascular 
disease, clinical cardiac electrophysiology, and geriatrics. I 
have focused the majority of my clinical work on cardiac 
implantable devices in patients with serious heart rhythm 
problems, and my clinical investigation historically has been 
on new and advanced technologies to enhance their function.
    I have worked also in the deployment of informatics tools 
since 1995, assisting in the refinement and development of 
decision support tools to improve point of care of patients 
with congestive heart failure.
    In private practice, my partners and I were early adopters 
of electronic health records, and these systems were 
implemented before the HITECH passage. They were complemented 
by the fact that they had user-centered design as opposed to 
software-centric design, which now occur commonly.
    Additionally, many of the current systems lack clinical 
utility and create substantial practice inefficiencies and 
reduce quality of the patient-physician interaction during an 
office visit.
    I first became aware of information blocking when my 
colleagues in other private practices of cardiology adopted 
EHRs and were forced to spend substantial resources to 
interface with their health system's EHR. Those practices would 
have been able to better financially plan if the cost had been 
disclosed during the contracting.
    Transparency of additional hidden costs or fees within 
contracts with EHR vendors should be evaluated. Many contracts 
between providers and EHR vendors include a gag clause, which 
prevent providers from speaking publicly about the problems 
associated with their EHRs. EHR vendors should not be allowed 
to include such clauses in the contract.
    The delay of information sharing is another form of 
information blocking. I once had a patient who was admitted to 
the emergency room in cardiac arrest. Because of a delay in 
receiving his cardiac history, data critical to the care of 
this patient, it resulted in an unfortunate outcome. The 
patient experienced complications. There was an emergency 
cardiac catheterization, subsequently resulting in a prolonged 
hospital stay. However, he did survive.
    Rapid and secure exchange of health information is 
critical. In some cases, it could mean the difference between 
life and death.
    Data fluidity should mean not only that information reaches 
the provider, but the data is transmitted quickly and securely. 
Many EHR vendors provide the functionality needed but require 
the user to purchase their IT products to make the elements of 
EHR interoperable. Like other products, such as consumer 
electronics, you are able to connect, but you must buy a 
company's specific products in order to do so with ease.
    The ramifications of technology in healthcare that we are 
not able to communicate are serious, resulting in decreased 
care quality and stunting improvements in population health. 
EHR vendor products should be universal and connect with other 
EHRs offered by different companies.
    Another advantage of the free flow of data is to empower 
patients in their care decisions. One of our recent projects 
has been to establish a way for patients who are remotely 
monitored with implantable cardiac devices to receive their 
data.
    Each element of the four companies that make these 
implantable devices are available. However, we have to require 
interface between each vendor in our EHR system. We have to pay 
for that interface to be created.
    Health IT vendors and providers should be incentivized to 
establish networks for patients to monitor their cardiac 
devices particularly, empowering them to actively participate 
in their healthcare decisions. In addition, adoption of public 
data standards should be expected and supported in the best 
interests of patients so the patients can receive their data.
    Many information blocking problems stem from the financial 
incentives of the EHR companies to obstruct data. The HITECH 
Act, along with implementation of meaningful use program, has 
improved data sharing and data liquidity to some degree.
    With that stated, the unintended consequences of meaningful 
use is that the systems were designed to facilitate charge, 
capture, and revenue cycle management and focus less on 
clinical data utility. Although meaningful use programs have 
brought favorable results within the context of data transfer, 
many of the requirements set forth in the program are 
unattainable.
    Recognizing that only 11 percent of physicians have 
attested for Stage 2 meaningful use, I recommend, in concert 
with the ACC, that Stage 3 meaningful use be delayed in its 
entirety.
    In addition to what I have discussed, the College has 
called for many of the same actions recommended by the ONC's 
report of April 2015, and these include the following:

    No. 1, strengthen in-field surveillance of health IT 
certified by ONC;
    No. 2, constrain standards in implementation specification 
for certified health IT;
    No. 3, work in concert with HHS to improve stakeholder 
understanding of HIPAA provisions provided related to 
information blocking; and
    No. 4, work with CMS to coordinate healthcare payment 
incentives and leverage market drivers to reward 
interoperability and discourage information blocking.

    In closing, I commend you, Chairman Alexander and Ranking 
Member Murray, and your excellent staff for gathering us today, 
taking this initiative to accomplish specific goals related to 
interoperability and information blocking. Furthermore, I 
applaud the collaborative bipartisan approach and thank you 
again for the opportunity to speak here today.
    I will look forward to the discussion.
    [The prepared statement of Dr. Mirro follows:]
     Prepared Statement of Michael J. Mirro, M.D., FACC, FAHA, FACP
                                summary
                          ehr vendor contracts
     Transparency of additional (or hidden) fees should be 
evaluated.
     EHR vendors should not be allowed to include gag clauses.
                             data fluidity
     Patient information should reach the provider without 
delay in a fast, secure manner.
     EHR vendors' products should be universal and connect to 
other EHRs offered by different companies.
     Health IT vendors and providers should be incentivized to 
establish networks for patients to monitor their devices and to empower 
them to actively participate in their health decisions.
     Adoption of public data standards should be expected and 
supported in the best interest of patients.
                         meaningful use stage 3
     Stage 3 of the Meaningful Use program should be delayed in 
its entirety.
endorsement of actions outlined in onc's april 2015 report to congress 
                        on information blocking
     Strengthen in-the-field surveillance of health IT 
certified by ONC.
     Constrain standards and implementation specifications for 
certified health IT.
     Work in concert with HHS to improve stakeholder 
understanding of the HIPAA provisions related to information sharing.
     Work with CMS to coordinate health care payment incentives 
and leverage other market drivers to reward interoperability and 
exchange and discourage information blocking.
                                 ______
                                 
    Chairman Alexander, Ranking Member Murray, and members of the 
committee, thank you for the opportunity to speak today about the 
important issue of information blocking, unforeseen problems that have 
been created, and possible solutions to help improve patient care.
    My name is Michael Mirro and I am testifying today on behalf of the 
American College of Cardiology, a 49,000-member medical society that is 
the professional home for the entire cardiovascular care team. I am 
board certified in internal medicine, cardiovascular disease, clinical 
cardiac electrophysiology, and geriatrics. [In addition to seeing 
patients, many who suffer from multiple chronic conditions, I also 
serve as Chief Academic Research Officer at Parkview Health System in 
Ft. Wayne, IN where I manage over 90 clinical trials.] I have focused 
the majority of my clinical work on cardiac implantable electronic 
devices in patients with serious heart rhythm problems and clinical 
investigation into new and advanced technology to enhance their 
function. [I have worked extensively on remote monitoring of cardiac 
devices and electronic messaging patients their data from their 
individual device.] I have worked in the development of health 
informatics tools since 1995, assisting in the refinement of clinical 
decision support software to improve point of care quality related to 
congestive heart failure.
    The private practice that my partners and I owned was an early 
adopter of electronic health records. These systems, implemented before 
HITECH's passage, had a user-centered clinical design, as opposed to 
the software centric certified EHR systems of today. Additionally, many 
current systems lack clinical usability and thus create substantial 
practice inefficiency and reduced quality patient-physician interaction 
during an office visit.
    I first became aware of information blocking when my colleagues in 
other private cardiology practices adopted EHRs and were forced to 
spend substantial resources to interface with their health system's 
EHR. These practices would have been able to better plan financially if 
these costs had been disclosed at the outset. [Fortunately, the 
practice was in a financial position to absorb these costs, but many 
other practices are not.] Transparency of additional (or hidden) fees 
within contracts with EHR vendors should be evaluated. Many contracts 
between providers and EHR vendors include gag clauses which prevent 
providers from speaking publicly about problems associated with EHRs. 
EHR vendors should not be allowed to include such clauses.
    The delay of information sharing is another form of information 
blocking. I once had a patient admitted to the emergency room in 
cardiac arrest. [The patient was a truck driver from out of State.] 
Because of a delay in receiving his cardiac history, data critical to 
his care was not available in a timely fashion. The patient experienced 
a complication during the emergency heart procedure resulting in 
prolonged illness. [The support of electronic messaging of standard 
clinical summaries is a critical issue with respect to quality and 
safety of patient care.] Rapid, secure exchange of health information 
is critical and in some cases can mean the difference between a patient 
living and dying. Data fluidity should mean not only that information 
reaches the provider, but that the data is transmitted quickly and 
securely.
    Many EHR vendors provide the functionality needed, but require the 
user to purchase their health IT products to make the elements of the 
EHR interoperable. Like other products such as consumer electronics, 
you are able to connect, but you must buy a specific company's products 
to do so with ease. The ramifications of technology in health care that 
are unable to communicate are serious, resulting in decreased care 
quality and stunting improvements in population health. EHR vendors' 
products should be universal and connect to other EHRs offered by 
different companies.
    Another advantage of the free flow of data is to empower patients 
in their health care decisions. One of my recent projects was to 
establish a way for patients to remotely monitor their implanted 
devices. Each element of the four devices available in the market had a 
different vendor, requiring us to contract with four different vendors 
and pay four different set-up costs to allow patients to accomplish one 
task. Health IT vendors and providers should be incentivized to 
establish networks for patients to monitor their devices, empowering 
them to actively participate in their health decisions. In addition, 
adoption of public data standards should be expected and supported in 
the best interest of patients.
    Many information blocking problems stem from the financial 
incentives of EHR companies to obstruct data. The HITECH Act, along 
with implementation of the Meaningful Use Program, has improved data 
sharing and data liquidity. With that stated, the unintended 
consequence of Meaningful Use is that systems were designed to 
facilitate charge capture and revenue cycle management and focus less 
on clinical data and usability. [The importance of exchanging a 
clinical summary document has been enhanced by this program, but we 
need surveillance of individual vendor behavior.] Although the 
Meaningful Use program has brought favorable results within the context 
of data transfer, many of the requirements set forth in the program are 
unattainable. Recognizing that only 11 percent of physicians have 
attested to stage 2, I recommend, in concert with the ACC, that stage 3 
of Meaningful Use be delayed in its entirety.
    In addition to what I have discussed, the College has called for 
many of the same actions recommended in the Office of the National 
Coordinator's April, 2015 Report to Congress on Information Blocking, 
including:

     No. 1: Strengthen in-the-field surveillance of health IT 
certified by ONC. [The ACC feels strongly that a program such as this 
is needed and that ONC would be the appropriate entity to administer 
such a program. ONC could hire an outside contractor to affirm 
compliance--similar to what CMS has done with the Meaningful Use 
program.]
     No. 2: Constrain standards and implementation 
specifications for certified health IT. [This committee has debated 
whether the Federal Government or the private sector should establish 
common standards, and the ACC believes it should be a combination of 
both. Medical specialty societies are well-equipped to engage in the 
creation of these standards, while the Federal Government is needed to 
oversee enforcement of the standards.]
     No. 3: Work in concert with HHS to improve stakeholder 
understanding of the HIPAA provisions related to information sharing. 
[HIPAA is outdated and in many cases is actually an impediment to 
patient care. The ACC would encourage the committee to reevaluate HIPAA 
in its entirety--including its successes and failures--and whether all 
aspects of HIPAA remain appropriate given today's technology.]
     No. 4: Work with CMS to coordinate health care payment 
incentives and leverage market drivers to reward interoperability and 
discourage information blocking. [As with my example given earlier 
about creating a mechanism to remotely monitor devices, this is proof 
that when coupling providers with innovative companies, we can improve 
the well-being of our patients and reduce costs.]

    In closing, I commend you, Chairman Alexander and Ranking Member 
Murray, and your excellent staff for gathering us today and taking the 
initiative to accomplish specific goals related to interoperability and 
information blocking. Furthermore, I applaud your collaborative, 
bipartisan approach. Thank you again for the opportunity to be here 
today. I look forward to the discussion.

    The Chairman. Thank you, Dr. Mirro.
    Dr. Kibbe

  STATEMENT OF DAVID C. KIBBE, M.D., MBA, PRESIDENT AND CEO, 
    DIRECTTRUST, SENIOR ADVISER, AMERICAN ACADEMY OF FAMILY 
                   PHYSICIANS, WASHINGTON, DC

    Dr. Kibbe. Good morning. Chairman Alexander, Ranking Member 
Murray, and distinguished members of the committee, thank you 
for the opportunity to share my thoughts today.
    Direct exchange was designed by an ONC-led consortium of 
over 50 organizations to replace paper-based mail, fax, and 
courier services with secure electronic messaging between users 
of different electronic health record applications and personal 
health record applications. Direct messaging is very similar to 
electronic mail, email, in that a sender can compose a message, 
attach a file or files, and send the package over the Internet 
to the address of a recipient.
    Because transmissions are encrypted and identity validated, 
this method of sharing data is ideally suited to the handling 
of personal health information, which needs to be protected at 
all times.
    The use of Direct exchange has grown very rapidly. There 
are now over 300 electronic health record vendor products that 
are certified by ONC as Direct enabled, and over 50 health 
information exchanges nationwide provide Direct exchange 
services. DirectTrust members have provisioned nearly 1 million 
Direct addresses and accounts in the healthcare industry, 
enabling Direct exchange at over 40,000 healthcare 
organizations.
    Over 30 million Direct messages have been exchanged in 2014 
and 2015 so far in support of transitions of care and care 
coordination. The Indian Health Services, the Veterans 
Administration, the U.S. Postal Service, and the Centers for 
Medicare and Medicaid Services all have Direct implementation 
programs underway.
    Despite this success, information blocking by healthcare 
provider organizations and their EHRs, whether intentional or 
not, is still a problem for some providers and their relying 
parties. Persisting information blocking problems include local 
electronic health record and provider policies that are not 
standard, EHR product design and/or implementation flaws, lack 
of or inadequate product and service support, and high pricing 
for interoperable-enabled software products and services.
    Time allows me to provide you with just a couple of 
examples. EHRs capable of Direct exchange should accept all 
trusted inbound messages and attachments. However, some 
electronic health record companies' products require that an 
incoming Direct message be accompanied by a particular 
attachment.
    No attachment or not the particular attachment, the inbound 
message is discarded and dropped, often without letting the 
sender know that that has happened. Clearly, this is 
frustrating to relying parties, but it is also not the original 
intent of Direct exchange, which supports transport of messages 
without attachments and with many different kinds of file 
attachments.
    Another example. Believe it or not, although ONC certified 
to send and receive Direct messages, some EHR vendors' products 
are unusable in the field, as has been noted. They lack an 
inbox or a message compose button or some other key component 
that allows the user to easily compose messages and send them.
    In my opinion, the responsibility for assuring secure 
interoperable exchange resides primarily with the healthcare 
organizations, not with EHR vendors and not with the 
Government. Healthcare provider organizations must demand 
collaborative and interoperable health IT tools from their EHR 
vendors to make patient-
centered care routine and ubiquitous as a practice throughout 
all communities in the United States.
    However, there are roles for Government, and I want to list 
a few that we find of high importance. Government can continue 
to shed light on these problems and work with trade groups, 
standards, and policies organizations, as you have done with 
these hearings that I think have been extremely valuable 
already.
    These hearings are setting high expectations for 
interoperability of electronic health records and other 
applications and especially for those that have benefited from 
the subsidies of the meaningful use programs.
    ONC can bring better and improved EHR certification 
processes forward beyond the testing laboratory so that the 
EHR's usability of interoperability features in the field 
becomes part of the public record and can be used in purchasing 
decisions, as my colleague has already mentioned. It is very, 
very important to make that public record available.
    Congress can accelerate multiple Federal agency uses and 
demand for open standard-based interoperability of health IT 
with private sector communities and providers in order to 
remove the demand and lessen the use of fax, e-fax, mail, and 
courier. The savings in documentation and time and cost for 
these Federal agencies, as well as their partners in the 
private sector, would be enormous in a very short period.
    Finally, CMS should continue to link the use of certified 
EHR technology to participation in value-based purchasing 
programs. Doing this makes interoperability and collaboration 
across multiple organizations in multi-vendor environments and 
with patients directly financially rewarding to providers and 
their health IT vendors.
    Demand for collaboration and interoperability is best 
driven by underlying business models and business cases 
supported by good regulation and oversight.
    Finally, I would just like to say I think the memo has gone 
out. Collaboration and interoperability of health IT is 
mandatory. It is no longer nice to have. We still have some 
kinks to work out and some people to deliver that message to, 
perhaps a second round.
    Thank you.
    [The prepared statement of Dr. Kibbe follows:]
            Prepared Statement of David C. Kibbe, M.D., MBA
                                summary
    My name is David Kibbe and I serve as the president and CEO of the 
non-profit trade alliance DirectTrust, and also as senior advisor to 
the American Academy of Family Physicians, the physician membership 
organization representing over 100,000 of the Nation's family 
physicians, residents, and students.
    Because of the added privacy, security, and identity layers of 
Direct exchange, this method of sharing of data between providers using 
different EHRs, and between providers and patients, is ideally suited 
to the handling of personal health information which must be protected 
at all times.
    Interoperable Direct exchange has grown rapidly since becoming a 
required feature of EHR technology certified by ONC in 2014. There are 
over 300 EHRs that are certified as Direct-enabled, and over 50 HIEs 
nationwide provide Direct exchange services. DirectTrust members alone 
have provisioned nearly one million Direct addresses in the health care 
industry, enabling Direct exchange at over 40,000 health care 
organizations. Over 30 million Direct messages have been exchanged in 
2014 and 2015 so far in support of transitions of care and care 
coordination. The Indian Health Services, U.S. Postal Service, Veterans 
Administration, and the Centers for Medicare and Medicaid Services all 
have Direct implementations under way to replace mail, fax, and efax 
communications between these Federal agencies and providers in the 
private sector beginning later this year.
    While it is true that interoperable health information exchange has 
made great progress in the past 2 years, information blocking by health 
care provider organizations and their EHRs, whether intentional or not, 
is still a problem for some providers wishing to use Direct exchange. 
Persisting information blocking problems include: Local EHR and 
provider organization policies; EHR product design and/or 
implementation flaws; lack of or inadequate product/service support; 
and high pricing for HIE-enabled software upgrades.
    In my opinion, the responsibility for assuring secure interoperable 
health information exchange resides primarily with the health care 
provider organizations, not the EHR vendors, and not the government. 
However, there is a role for government to encourage and incentivize 
collaboration and interoperability. Among the actions that government 
can take should be: To continue to shed light on these problems; to 
bring better and improved EHR certification processes forward beyond 
the testing laboratory; to accelerate Federal agency use of and demand 
for open, standards-based interoperable HIE with private sector 
providers and provider organizations; and to continue to tie more 
robust ONC EHR certification and use of certified EHR technology to 
participation in Value Based Purchasing programs.
    The root causes of information blocking are not technological or 
due to a lack of standards for interoperability or EHR capabilities for 
interoperable exchange. As noted in the ONC Report to Congress on 
Information Blocking of April 2015,\1\
---------------------------------------------------------------------------
    \1\ http://www.healthit.gov/sites/default/files/reports/
info_blocking_040915.pdf.

          ``While some types of information blocking may implicate 
        these technical standards and capabilities, most allegations of 
        information blocking involve business practices and other 
        conduct that interferes with the exchange of electronic health 
        information despite the availability of standards and certified 
        health IT capabilities that enable this information to be 
---------------------------------------------------------------------------
        shared.''--(Emphasis added.)

    Therefore, attempts to redress information blocking must address 
the unwillingness of some providers and their EHR partners to share and 
exchange data, and not just the specific technical problems that may be 
encountered in making exchanges run smoothly and reliably. In my 
opinion, that unwillingness originates in the current business models 
of the health care industry in general, wherein fee-for-service payment 
creates disincentives for sharing of health information and rewards 
information hoarding, or at least the delay of timely information 
exchanges. Changes to these payment incentives could do much to reward 
business models where collaboration and interoperability are highly 
valued, and would create conditions for the technological capabilities, 
standards, and infrastructure for interoperable health information 
exchange now in place to be put to much better use.
                                 ______
                                 
                            opening remarks
    Chairman Alexander, Ranking Member Murray and distinguished members 
of the committee, thank you for the opportunity to share my thoughts on 
problems that impede the sharing of health information between and 
among parties authorized to access such information, now often referred 
to as ``information blocking.'' I will offer some near-term suggestions 
to help improve upon the current situation.
    My name is David Kibbe and I serve as the president and CEO of the 
non-profit trade alliance DirectTrust, and also as senior advisor to 
the American Academy of Family Physicians, the physician membership 
organization representing over 100,000 of the Nation's family 
physicians, residents, and students.
    DirectTrust's 150-plus members are a vibrant community of service 
providers, health IT vendors, and health care organizations dedicated 
to the use of interoperable, secure, standards-based health information 
exchange via the Direct standard, as well as other vendor-agnostic 
technologies.
    Direct exchange was designed to replace paper-based mail, fax, and 
efax transmissions of health information with secure electronic 
messaging between users of different software applications, like EHRs. 
Direct messaging is very similar to electronic mail, or email, in that 
a sender can compose a message, attach a file or files, and send the 
package over the Internet. Both sender and receiver need to have Direct 
addresses that usually have the format 
[email protected]
Practice.com, supplied by Health Internet Service Providers, or HISPs. 
The word ``direct'' in the address signifies that both the message and 
attachments are encrypted end-to-end, and that the identities of both 
parties have been validated.
    Because of the added privacy, security, and identity layers of 
Direct exchange, this method of sharing of data between providers using 
different EHRs, and between providers and patients, is ideally suited 
to the handling of personal health information which must be protected 
at all times.
    Interoperable Direct exchange has grown rapidly since becoming a 
required feature of EHR technology certified by ONC in 2014. There are 
over 300 EHRs that are certified as Direct-enabled, and over 50 HIEs 
nationwide provide Direct exchange services.
    DirectTrust members alone have provisioned nearly one million 
Direct addresses in the health care industry, enabling Direct exchange 
at over 40,000 health care organizations. Over 30 million Direct 
messages have been exchanged in 2014 and 2015 so far in support of 
transitions of care and care coordination. The Indian Health Services, 
U.S. Postal Service, Veterans Administration, and the Centers for 
Medicare and Medicaid Services all have Direct implementations under 
way to replace mail, fax, and efax communications between these Federal 
agencies and providers in the private sector beginning later this year.
    DirectTrust members have significant experience with 
interoperability testing and the problems that can impede Direct 
exchange information flows. Indeed, DirectTrust is something of a 
laboratory wherein these problems are routinely identified, 
investigated, and usually solved. Here are some of our collective 
observations on information blocking from an ``on the street'' 
perspective.
                    examples of information blocking
    While it is true that interoperable health information exchange has 
made great progress in the past 2 years, information blocking by health 
care provider organizations and their EHRs, whether intentional or not, 
is still a problem for some providers wishing to use Direct exchange, 
as well as for these providers' clinical partners who want to be able 
to exchange Direct messages and attachments with them.
    Persisting information blocking problems include:

     Local EHR and provider organization policies. For example, 
an EHR might require that an incoming Direct message be accompanied by 
a particular attachment type. No attachment? The inbound message and 
its files are discarded, often without letting the sender know. Which 
is very frustrating to relying parties. Clearly this was not the 
original intent of Direct exchange, which supports virtually any kind 
of file transmission, with or without an attachment.
     EHR product design and/or implementation flaws. For 
example--believe it or not--although certified to send and receive 
Direct messages, some EHR vendors' products lack an ``inbox'' or 
``compose'' button, or other key component needed to allow the user to 
compose messages, attach files, and so on.
     Lack of or inadequate product/service support. If an EHR 
customer can't get service assistance for their product's 
interoperability functions, this inhibits or delays information 
exchange set up and implementation for providers seeking to use 
interoperable health IT.
     High pricing for HIE-enabled software upgrades. While some 
vendors include the costs of upgrading from Stage 1 to Stage 2 features 
and functions, including Direct exchange capability, others make the 
new features a new cost that practices must bear. Clearly, this hurts 
the smaller practices more than it does the bigger institutions.
     Registration and ``whitelisting'' requirements for message 
exchange. Making exchange partners register with the practice's or 
hospital's EHR in effect discourages EHR users from engaging in 
standards-based interoperable HIE. It's a little bit like having a 
phone that requires each caller to fill out a complicated form and 
``apply'' to be able to reach you before you'll accept their call.
     ``HIPAA doesn't allow.'' Perhaps the most significant 
problem of all is faced by patients and consumers trying to use Direct 
exchange to access their medical records, only to be told that HIPAA 
won't allow them to do so. Patients and consumers ought to be able to 
be full participants in Direct exchange and partners with their 
providers in health information exchanges.
              the role of government to encourage health 
                          information exchange
    In my opinion, the responsibility for assuring secure interoperable 
exchange resides primarily with the health care provider organizations, 
not the EHR vendors, and not the government. Health care provider 
organizations must come to realize that acting in the best interest of 
patients is to assure that health information follows the patient and 
consumer to whatever setting will provide treatment, even if that means 
in a competitor's hospital or medical practice. And they must demand 
collaborative and interoperable health IT tools from their EHR vendors 
to make this routine and ubiquitous as a practice in every community in 
the United States.
    However, there is a role for government to encourage and 
incentivize collaborative and interoperable health information 
exchange. Among the actions that government can take to help overcome 
the kinds of continuing problems I have mentioned above should be:

     To continue to shed light on these problems, and work with 
trade groups, standards and policies organizations, and others to set 
expectations for interoperability of EHRs and other applications 
certified as interoperable, especially those that have been federally 
subsidized within the Meaningful Use programs. Let's ``Finish what we 
started before moving to more complex solutions that may or may not 
work.''
     To bring better and improved EHR certification processes 
forward beyond the testing laboratory, so that the utility and 
usability of interoperability features of ONC certified EHR products in 
the field becomes part of the public record, and can be used in 
purchasing decisions. Collaboration and partnership with non-profit 
trade groups to achieve this goal would be advisable.
     To accelerate Federal agency use of and demand for open, 
standards-based interoperable HIE with private sector providers and 
provider organizations, thereby removing reliance on paper-based mail, 
fax, efax, and courier for these Federal programs.

    Examples include Veterans Health Administration referrals to and 
from private sector medical practices and hospitals; Veterans Benefits 
Administration health information exchanges with private sector medical 
practices and hospitals; the use by Medicare, Medicaid, and State 
agencies of interoperable HIE for communications with private sector 
providers and provider organizations for limitation of fraud, payment 
adjudication, claims attachments requests, and other administrative 
transactions now done via fax and mail.
     To continue to tie more robust ONC EHR certification and 
use of certified EHR technology to participation in Value Based 
Purchasing programs, wherein interoperability and collaboration across 
multiple organizations in multiple-vendor environments is financially 
rewarding to providers and their health IT vendors. Demand for 
collaboration and interoperability is best driven by underlying 
business models and business cases supported by regulation and 
oversight.
                                summary
    Information blocking is a persistent and real problem faced by 
providers, provider organizations, and patients who wish to share and 
exchange health information between and among parties authorized to 
access such information, and to use that information to improve quality 
and care coordination.
    Progress is being made, and, at its root the causes of information 
blocking are not technological or due to a lack of standards for 
interoperability or EHR capabilities for interoperable exchange. As 
noted in the ONC Report to Congress on Information Blocking of April 
2015,\1\

          ``While some types of information blocking may implicate 
        these technical standards and capabilities, most allegations of 
        information blocking involve business practices and other 
        conduct that interferes with the exchange of electronic health 
        information despite the availability of standards and certified 
        health IT capabilities that enable this information to be 
        shared.''--(Emphasis added.)

    Therefore, attempts to redress the root causes of information 
blocking must address the unwillingness of some providers and their EHR 
partners to share and exchange data, and not just the specific problems 
that may be encountered in making exchanges run smoothly and reliably. 
In my opinion, that unwillingness originates in the current business 
models of some health care provider organizations, and the health care 
industry in general, wherein fee-for-service payment creates 
disincentives for sharing of health information and rewards information 
hoarding, or at least the delay of timely information exchanges. 
Changes to these payment incentives could do much to reward business 
models where collaboration and interoperability are highly valued, and 
where the technological capabilities, standards, and infrastructure for 
interoperable health information exchange now in place would be put to 
much better use.

    The Chairman. Thank you.
    Dr. Black.

  STATEMENT OF PAUL M. BLACK, MBA, PRESIDENT, CHIEF EXECUTIVE 
         OFFICER AND DIRECTOR, ALLSCRIPTS, CHICAGO, IL

    Mr. Black. Thank you.
    Chairman Alexander, Ranking Member Murray, distinguished 
members of the committee, thank you for the opportunity to 
share my perspectives on the critical topic of the impediments 
to health data exchange and the best ways to address them. It 
is a true honor to be here.
    You have my written statement, which I will summarize in my 
remarks today.
    My name is Paul Black, president and CEO of Allscripts, the 
largest developer of health information technology, including 
electronic health records, revenue solutions, population 
health, and information exchange services.
    More than 180,000 physicians, including those in 45,000 
ambulatory practices, 2,700 hospitals, and 13,000 post-acute 
facilities utilize Allscripts solutions to connect clinical and 
business operations within their organizations and throughout 
their communities. We employ 7,000 team members and have 
offices in 16 different States, including Illinois, North 
Carolina, Vermont, Georgia, Massachusetts, as well as people 
working in all 50 States.
    Congress and the American people have wisely made the 
investment in the advancement of health information technology 
toward a vital goal--confirming that this country's citizens 
are receiving the best care. Information exchange across vendor 
platforms and care settings is now required to meet that goal.
    Tomorrow, connected healthcare networks won't be built by 
one company or by technologists alone, but by all of us. 
Allscripts decided years ago to invest in an open approach to 
connectivity. Our corporate vision is granted in our dbMotion 
connectivity EMR-
agnostic platform, and our philosophy, which has led to the 
development of a large network of external certified software 
developers who build apps based on our open application program 
interface, or APIs.
    While current narrative on interoperability is often 
negative, we note that there are many examples of providers who 
have established community-wide connectivity and who are 
connecting patients to their records, preventing disease and 
saving money.
    Thankfully, with today's technologies, changing EHRs isn't 
necessary in order to provide medical professionals with access 
to information, though not all stakeholders have embraced our 
position that replacing systems is an inefficient way to 
establish data exchange. There are many factors that need to be 
tackled ultimately to build an open, connected network of 
health.
    No. 1, we need to maximize the standards development, 
building on progress to date and encouraging adoption of 
standards-based approaches by everyone. Congress' role is to 
give stakeholders guidance on what is expected and create 
reasonable timelines.
    We need agreement on the so-called ownership of patient 
data. We need a way to identify each individual patient in the 
system, which we think is very vital. And last, we need greater 
transparency in the areas of interoperability and within health 
IT, and we must achieve this interoperability transparency.
    It is true that not all stakeholders seem to be equally 
motivated to make information liquid. Sluggish exchange largely 
stems from one massive gap, the lack of a strong business case 
for interoperability in healthcare. The payment system that has 
been in place for decades does not motivate them to create an 
interconnected healthcare environment.
    Recent legislation, such as the replacement of SGR and 
reform, such as ACOs, are great steps, and continuing to think 
about the relationship between payments and care coordination 
can only strengthen this imperative. We encourage Congress to 
allow recent laws and regulations to play out before additional 
interoperability legislation is passed.
    The same advice applies to standards development work. 
There should be some time allowed for the fine-tuning of 
existing standards, such as Direct, even when we explore new 
ones. Congressional attention would be best served in directing 
ONC to drive consistent adoption in implementation of the 
standards rather than focusing on the need to create new ones.
    Last, Mr. Chairman, I note that you said previously that 
the best way to solve the problems around interoperability 
would be for the health IT industry to do something itself. I 
share this view. We have a real obligation here, along with 
other provider organizations that we support.
    I feel strongly that this is doable, and I challenge all of 
my colleagues today to continue working together with us, with 
you, the provider stakeholders, the ONC, and the patient 
community that have so much to offer in this conversation until 
we have achieved success.
    Thank you again for the opportunity to be here.
    [The prepared statement of Mr. Black follows:]
                Prepared Statement of Paul M. Black, MBA
    Chairman Alexander, Ranking Member Murray, distinguished members of 
the committee, thank you for the opportunity to share my perspectives 
on the critical topic of impediments to data exchange and the best ways 
to address them across the health system. It is a true honor to be 
here.
    My name is Paul Black, and I serve as the president and chief 
executive officer of Allscripts. Allscripts is the largest developer of 
health information technology for this country's healthcare providers, 
including Electronic Health Records, revenue cycle management software, 
and population health and information exchange services. More than 
180,000 physicians, including those delivering care in 45,000 
ambulatory practices; 2,700 hospitals; and 13,000 post-acute care 
facilities and homecare agencies utilize Allscripts solutions to 
connect the clinical and business operations both within their 
organization and within their community. We employ 7,000 team members 
and have offices in 16 different States, including Illinois, North 
Carolina, Vermont, Georgia, and Massachusetts, as well as people 
working in all 50 states.
    I was invited here today to speak about interoperability and 
concerns about information blocking, and as more independent doctors 
use our software to treat patients than any other commercially 
available product, I'm pleased to share recommendations with you on 
this topic. This is important for two reasons: if a stakeholder were to 
intentionally get in the way of information exchange, (1) it would be 
bad for patients, and (2) it could be anti-competitive. Period.
    Congress and the American people have wisely made an investment in 
the advancement of health information technology, all oriented around 
one goal: ensuring that this country's citizens are receiving the best 
possible care--both from a quality and cost perspective. Robust, open 
information exchange across a multitude of vendor platforms and care 
settings is critical to ensuring that we meet that goal for America's 
patients. An increased level of transparency and cooperation is needed 
to meet this challenge--health information technology developers, 
caregivers, employers, payers, pharmaceutical companies, health systems 
and the government must all work harder together to solve this problem. 
Tomorrow's healthcare networks won't be built by one company alone, or 
even by health information technology developers alone, but by all of 
us.
    Allscripts has been working with healthcare professionals across 
the spectrum of care for many years during a period in which health 
care and health IT have evolved at a tremendously rapid rate. The 
changes that have been required have been challenging--they have 
disrupted systems that have been in place for decades. But we realize 
that innovation arises from disruption, and we have embraced it.
    Several years ago, Allscripts made a decision to invest in an OPEN 
approach to connectivity--one that is grounded in our dbMotion 
connectivity platform and a philosophy which has led to the development 
of a large network of certified software developers outside of the 
company who build apps based on our open APIs. From North Shore LIJ--
the largest private integrated delivery network in the country--to 
thousands of independent, single provider practices who make up the 
backbone of care in this country, we partner with physicians and other 
professionals nationwide who are taking this opportunity to innovate 
with us.
    And while the narrative on information exchange is largely negative 
in conversations in Congress and in the media, it is important to note 
that there are many examples of providers who have worked through the 
process of establishing connectivity and are making it work. These 
providers are changing lives by preventing disease and saving money. 
Organizations like Holston Medical Group, which has offered to connect 
all providers in NE Tennessee and SW Virginia and is already working 
with Allscripts to facilitate data exchange between 25 different EHR 
systems used by two hospitals and 1,200 physicians in more than 50 
groups (either already connected or in process). University of 
Pittsburgh Medical Center, which has set up a connected network of 22 
hospitals, 4,000 physicians, imaging centers, labs and others using 
dozens of different health information technology systems. Citrus 
Valley Health Partners in California, Baylor in Texas . . . that's 
another 1.5 million patient lives, and the list goes on. In fact, while 
it is clear there is still effort required, our clients demonstrate 
every day that information exchange can lead to quantifiable and 
demonstrable improvements in care delivery.
    It is true, however, that today not all stakeholders in the 
healthcare industry seem to be equally motivated to make information 
liquidity a reality. While the money spent through HITECH and other 
congressional investments have helped the industry to realize 
measurable benefits from the rapid adoption of electronic health 
records--an important success that shouldn`t be overlooked--clinical 
data exchange is not where it needs to be. There are many factors that 
need to be addressed for us to ultimately be successful:

     We need to expand the standards development process, 
building on the real progress underway with guidance from government 
and allowing the private sector to continuously develop, adopt and 
modify new standards;
     Key constituencies, such as public health registries, 
labs, State health information exchange organizations and others who 
are not following available standards in their work, should be required 
to do so;
     State laws and regulations must be harmonized, 
particularly those related to privacy and security, patient consent and 
other similar topics;
     Legal and liability concerns among providers about how the 
data will be used outside of patient care must be addressed;
     We need to get beyond the focus on how data is transmitted 
and agree on what and how data is stored;
     Activation strategies are needed to increase use of health 
IT by patients and their caregivers, while also generating 
accountability for their health outcomes;
     We need a national patient matching strategy--a way to 
identify each individual patient. This is a real challenge to both 
robust data exchange and patient safety, and Congress needs to stop 
blocking progress on this critical issue; and
     Finally, generally, greater transparency around 
interoperability and health IT among virtually all stakeholders must be 
achieved.

    Beyond all that, though, the sluggish progress we're discussing 
today most closely stems from one critical deficit: the lack of a 
strong business case or a true market driver for interoperability.
    At the end of the day, healthcare in most environments is a 
business where margins must be considered and the bills paid, and the 
current payment system simply does not provide appropriate financial 
motivation for providers to truly be invested in creating an 
interoperable healthcare environment; this is especially true given 
that the burden of cost falls to them almost exclusively.
    Healthcare providers are genuinely committed to providing the best 
care they can to patients, of course, but in many instances, the common 
reality of running on only a few days' cash-flow often trumps loftier 
goals. Much as CMS policy has already had a marked impact on hospital 
re-admission rates by associating them with payments, creating a direct 
relationship between payment and data exchange would have the same 
result. This could be the strongest step taken to create a genuine 
imperative for interoperability.
    H.R. 2, the Medicare Access and CHIP Reauthorization Act of 2015 
(MACRA), is a good start in the right direction, but Congress needs to 
ensure that alternative payment models envisioned in this reform are 
rolled out appropriately. The good news is that the expansion of 
delivery reforms is already motivating accelerated electronic data 
exchange progress. We see this in ACOs, and demonstrations like the 
Comprehensive Primary Care Initiative, which Allscripts supports as the 
technology provider for a very sizable percentage of the participants. 
Simply put, they create a use case for health IT that focuses on 
clinical value and less on what level of visit they can code. We have 
already seen real change result within our client base from new 
approaches at CMS and within the commercial payer space, and I expect 
that will accelerate as MACRA is implemented.
    For this reason, given the volume of new programs that have been 
and are being rolled out along with Meaningful Use Stage 3, which we 
expect to push the industry further in terms of interoperability, we 
encourage Congress to allow the impacts of these recent changes to play 
out further before additional legislation is passed specific to 
interoperability. There is an opportunity to see what adjustments 
providers make in response to the new payment models and what steps 
they start taking to maximize the new revenue opportunities.
    Generally, the same recommendation applies to standards development 
work--it is important that there be time for maturation and the fine-
tuning of elements that are already being embraced by the industry (for 
example, Direct and CDA), and there is no need to toss aside approaches 
that are working. This doesn't preclude exploring new and innovative 
approaches in an appropriately transparent manner, but the work done 
with standards development is not intended to have a lifetime of 2 
years or 5 but longer than that so it's important to move thoughtfully. 
I do understand the eagerness of Congress, the Administration and 
industry stakeholders to move rapidly because everyone is keen to see 
the results, but looking to standards as a panacea for the challenges 
still ahead of us will only result in usability complaints from 
providers as immature technologies are mandated by the government. 
Congressional attention would be best served in directing ONC to drive 
greater standards adoption and consistency of implementation of those 
standards, rather than focusing on the need for all new standards.
    Further, it is important to witness what innovation comes from the 
private sector, generally, in response to the recent legislative and 
regulatory activity, as well as client requests. There are exciting 
technologies and services in development now and on the product road 
maps for the next several years based on what our clients have 
requested of us, and I think we can all agree that we want to avoid a 
prescriptive, heavy-handed statutory or regulatory mandate in which the 
government becomes the de facto product manager for our industry as a 
whole.
    Another important consideration in this conversation about 
information liquidity are the physician practices (small and large) and 
independent hospitals who have been pressured to move off of their 
current Electronic Health Record system--Allscripts in some cases--to 
one used by the large enterprise health system in their area. Sometimes 
the change is compelled through conversations about referrals, for 
example; threats not to include people in data networks; or even just a 
steady drumbeat of pressure, and it's often done under the auspices of 
increased interoperability.
    In actuality, with today's technology, changing systems just isn't 
necessary in order to provide physicians and other medical 
professionals with access to the information they need. The rip-and-
replace strategy emphasized by some in the industry is many years 
outdated given the advanced data exchange capabilities that are out 
there. Allscripts' dbMotion platform provides an advanced semantic 
engine that aggregates and normalizes all clinical content across a 
connected community into a single view, accessible within whichever EHR 
the provider uses, to enable them to find relevant information quickly 
while with the patient. This technology is in use across numerous 
communities in the United States and overseas, including the entire 
country of Israel, and in each environment, it's connecting dozens of 
different vendors successfully and directly changing the care decisions 
being made because of the additional information that's available.
    Many people have termed what I just described--the pressure to 
change systems--as data bullying; others, data blocking because one 
involved party isn't committed to establishing connectivity between 
current systems and in some instances, will even put up indirect 
roadblocks. This raises what I believe to be a fundamentally important 
issue--what, exactly, is the definition of data blocking? The ONC 
report on information blocking stated that it occurs when persons or 
entities knowingly and unreasonably interfere with the exchange or use 
of electronic health information, but it also notes that the extent to 
which such information blocking is impeding the effective sharing of 
electronic health information is not clear because much of the evidence 
is anecdotal and difficult to interpret. This is an issue that really 
must be addressed before even implicit data blocking can be addressed.
    An additional factor at play is the commoditization of data that is 
occurring everywhere within the industry. Through our partnership with 
our clients, one thing has become clear. Healthcare is mirroring a 
trend seen virtually everywhere in business--attempts to access and/or 
control data are driving many of the dynamics that are being discussed 
today. The topics that are raised in the meetings I have with clients 
every day are all about the power of data. ``Big data'', population 
health, personalized medicine, quality-driven reimbursement and 
information exchange--each a conversation about data and its enormous 
potential. Until there is greater clarity regarding the so-called 
``ownership'' of the data, this will continue to be a significant 
factor in negotiations around interoperability.
    I will note, too, that this committee's use of its oversight 
authority has had important effects already in driving undesirable 
behavior out of the industry, and we encourage continued attention in 
the coming years as health information technology is used not only as 
envisioned within the EHR Incentive Program but also for other 
important purposes, such as population health and personalized 
medicine.
    Last, Chairman Alexander has said previously that the best way to 
solve the problems around interoperability would be for the Health IT 
industry to do something itself. I share the view that we have a real 
responsibility here, along with the provider organizations that we 
support, and I feel strongly that this is doable. I challenge all of my 
colleagues to continue working together with us, with you, the provider 
stakeholders, the ONC and the patient community that have so much to 
offer in this conversation until we have achieved success.
    Thank you again for the opportunity to be here today.

    Senator Enzi [presiding]. Thank you.
    We will go to Senator Murray.
    Senator Murray. Thank you very much.
    Dr. Kendrick, you have personal experience working with 
providers in Oklahoma to make sure they are able to exchange 
electronic health information. I regularly hear from providers 
about information blocking, and HHS reported to Congress in 
April that in many cases, they have limited tools to find out 
when information blocking is actually occurring.
    To make matters worse, we have heard testimony that in 
order to use health IT, providers often have to sign contracts 
that include gag clauses, which prohibit them from disclosing 
technical problems or unfair pricing. Health IT is certified by 
the Federal Government because it stores and transmits 
information that is used to save lives, and users should be 
able to report safety problems.
    In your experience, can you talk to us about how easy it is 
to address unfair and unreasonable barriers to information 
exchange?
    Dr. Kendrick. That is a big question. I like to refer to it 
as ``death by 1,000 cuts'' because there are so many ways that 
the free flow of information about patients for their benefit 
can be blocked.
    The motivations are various. On the provider side, as 
several of the panelists have recommended, moving to value-
based payment models really does a nice job of aligning the 
incentive of the providers in the patient's favor to make sure 
that their record is available wherever and whenever it is 
needed.
    On the vendor side, however, there are lots of other 
motivations at play, and to keep it to less than an hour, I 
would say that perhaps the most critical thing we can do is to 
get governance for the nationwide Health Information Network 
correct because until we do, Congress will be dealing with this 
issue year after year after year.
    By getting governance correct, I mean getting a body that 
includes those who receive care, those who deliver care, and 
those who pay for care to help guide this network. They don't 
need to have the technological knowledge. They can be supported 
by vendors and so forth, but that is where you are going to 
get--that is the eye--that is the right perspective to have in 
this.
    They will be able to set policies, because those three 
perspectives matter. They will be able to set policies that 
ensure that those contracts are transparent, that ensure that 
the standards that we have today can be used and that we move 
when we are ready to the next set of standards.
    Senator Murray. Do you think we need some tools or 
protections to ensure that individuals can safely report on 
unfair market practices without fear of repercussions?
    Dr. Kendrick. Yes, absolutely. It has only been within the 
last year that we have begun to leverage ONC's surveillance 
system, surveillance program for EHR certification. It has made 
a world of difference.
    In almost every issue we have filed, because we don't want 
to waste people's time, and we really--we exhaust every 
opportunity with the vendor and the provider to get the data 
moved. Almost every issue we filed has been found to be 
credible and has brought into question an EHR vendor's 
certification.
    Senator Murray. OK, thank you. That is very helpful.
    Dr. Kendrick. Sure.
    Senator Murray. Dr. Kibbe, let me turn to you. You 
testified that it is important for providers to have good 
information about how electronic health records worked in the 
field. In particular, you noted that information from this type 
of real-world testing could improve the purchasing decision of 
providers.
    Dr. Mirro also testified that ONC should support a 
strengthened in-the-field surveillance program and that 
technology developers must disclose additional fees they charge 
for sharing information between providers. I was actually glad 
to see the administration propose to include those two policies 
in their 2015 certification rule, but what types of information 
do you expect in-the-field surveillance to cover?
    Dr. Kibbe. Yes, so thank you.
    My comments would very much piggyback on David's comments. 
The confusion in the marketplace now among providers and 
provider organizations with respect to what their products are 
supposed to deliver in terms of interoperable exchange and 
particularly via Direct is a big problem, and there is no place 
where provider organizations can go to see how a particular 
product operates in the field.
    I mentioned that some of them are very good. Their products 
and features are familiar. People can begin to use them without 
any training. There are others where they don't even have an 
inbox for the messages to be sent to, and obviously, they can't 
operate very well if they don't have those features.
    That is the kind of information that the marketplace needs 
to make better decisions, not necessarily because they want to 
switch their products to another product. They don't 
necessarily want to do that. They want their product to be 
better.
    Senator Murray. Right.
    Dr. Kibbe. This would put pressure on the marketplace and 
end that confusion.
    Senator Murray. OK. I really appreciate that response, and 
I need to go join Senator Alexander at Appropriations markup. 
We are going to keep this hearing going, but I appreciate 
everybody being here, and I will be back shortly.
    Senator Enzi. Thank you.
    Since Senator Cassidy also has to go to another meeting, I 
will defer my turn for questions to him.

                      Statement of Senator Cassidy

    Senator Cassidy. Thank you, Senator Enzi.
    Dr. Kendrick, you are very explicit, saying that there are 
companies which hide functionality in order to basically bill 
for the same thing. You do not mention the company. Which 
company is it?
    Dr. Kendrick. This particular company was eClinicalWorks.
    Senator Cassidy. eClinicalWorks. Mr. Kibble, you also spoke 
specifically of companies blocking and imply that it was not 
justifiable. Which companies are they?
    Because I meet with these companies, and they deny it. They 
are saying we are not doing it. It has been a little bit hard 
to get people on the record so that when I meet with them I can 
channel you into that discussion. Mr. Kibble, can you kind of 
comment on who you see the offenders as?
    Dr. Kibbe. That is Dr. Kibbe. But that is OK.
    Senator Cassidy. I am sorry. I can't see your thing. I 
apologize.
    Dr. Kibbe. That is all right. Yes, I think that it is no 
secret in the industry that there are two companies in 
particular, electronic health record companies, very leading 
companies, Epic and eClinicalWorks, which both have over the 
course of the years, even before Direct exchange, developed 
their own proprietary messaging systems.
    One of the reasons why they have perhaps found it difficult 
to adopt Direct for their customers is because of their 
business model. I respect that business model, but I also feel 
that it is important for them not to create the problems in the 
marketplace that Dr. Kendrick has mentioned.
    I would also mention that eClinicalWorks is a member of 
DirectTrust, and we are working with them on this problem.
    Senator Cassidy. I met with Epic, and they deny information 
blocking. They say that they no longer require transfer fees 
and that if there is an issue of information blocking, it is 
because, oh, the hospital in Montana doesn't know that the 
hospital in Baton Rouge is a member or da-da, da-da-da, and I 
can make a very plausible argument.
    What should I ask them next time if I am in the room with 
them, and you were to give me the question to ask?
    Dr. Kibbe. Yes, I would ask them what are their customers 
telling them, asking of them? Because I know for a fact that 
their customers are putting pressure on them to be more 
transparent and easier to work with other vendors' products.
    Senator Cassidy. That does not necessarily imply a business 
model which is information blocking. It could just suggest that 
the technology of their software is not meshed with the 
technology of the others.
    Is that a fair statement?
    Dr. Kibbe. Yes, and I would not say that either one of the 
companies that I have mentioned has a business model based on 
information blocking. That is not what I am saying.
    I am saying that they have in some cases implemented Direct 
exchange in ways that benefit their customers, but not 
necessarily exchange partners outside of their own customer 
base.
    Senator Cassidy. Dr. Kendrick, you are the guy, frontline 
man, with all these FPs. What would you add to this?
    Dr. Kendrick. It would be nice to have a metric of 
interoperability, some way to measure, for example, in what 
percent of a patient's visits was there a complete record 
available from all sources. If we had that, then we could 
actually put a number to it.
    We don't right now. I would really encourage us to get to 
that point because then you could really quantify. I can say 
that, yes, sometimes the provider is user involved, but 
generally when value-based payment models come to town, that 
shifts.
    With the vendors, we have noticed some change in the last 
few months--probably as a credit to these hearings and as a 
start.
    Senator Cassidy. Let me interrupt because I am almost out 
of time. Dr. Mirro, you spoke of something. I am a physician. I 
still practice, and I have a young resident working with me now 
who points out some literature that an intern spends 40 percent 
of her time documenting and only 8 minutes per day per patient.
    That just blows my mind, 40 percent documenting, 8 minutes 
per day per patient. The patient should feel cheated because 
the patient has been cheated.
    You mentioned, Dr. Kendrick, let me bounce off the two of 
you, that we should have no more standards. I am thinking we 
should have a standard that the electronic medical record is at 
least as time efficient as a paper record because, otherwise, 
we will not have 15 minutes with a patient, we will have 6 or 
7.
    Dr. Kendrick. One option I have raised is that----
    Senator Cassidy. Dr. Mirro, I haven't heard from you.
    Dr. Kendrick. Oh, go ahead.
    Dr. Mirro. Yes. Actually, well stated. I could tell you 
that in the field so that the fundamental problem is these 
systems all suffer from the fact that they are built on 
administrative datasets. Their meaningful use has really been a 
catalyst for charge capture revenue cycle management, what the 
systems are based on, and not clinical data capture.
    A lot of the systems then have to be morphed or redesigned 
to collect clinical data.
    Senator Cassidy. I am out of time. Let me just interrupt. 
If we separated billing or charges from clinical data, that 
could make efficiency and make it more work for the patient?
    Dr. Mirro. Also user-centered design. I think the systems 
are built by software developers, and they are easily usable by 
a software developer, but they are not easily usable by 
clinicians. We need to have more user-centered designed built 
in the system.
    The vendors do know this and are working for solutions. 
This is not volitional, but they do know who their customer is, 
and their customer is usually the CFO of the health system.
    Senator Cassidy. Got you.
    Dr. Mirro. It is not a patient. It is not a doctor. It is 
the CFO. That is who they are selling to. That is why they are 
designed the way they are.
    Senator Cassidy. Thank you very much. I yield back.
    Senator Enzi. Thank you.
    Senator Franken.

                      Statement of Senator Franken

    Senator Franken. Thank you, Mr. Chairman.
    I am going to pick up a little bit where Senator Cassidy 
started. Dr. Kendrick, you noted in your testimony that the 
biggest obstacle that your members face in trying to share 
patient data across payers and providers is liberating data 
from their EHR systems.
    I have asked a number of my constituents about information 
blocking. Is it happening? Why? Who is to blame? I have gotten 
very different responses, depending on whom I am talking to.
    A common theme I picked up on is that those healthcare 
providers who are using the same EHR don't think information 
blocking is happening, even when they are part of competing 
health systems, and the information blocking example No. 5 that 
you have aptly named ``EHR at the center of the universe'' 
helps explain this.
    If one EHR vendor is designing a technology that is not 
completely compatible with other systems and using its market 
clout to pressure providers to buy its product, doesn't this 
raise some serious legal concerns about anticompetitive 
behavior?
    Dr. Kendrick. I am no lawyer. I am just a doctor.
    Senator Franken. Humble.
    Dr. Kendrick. I find it ironic that large vendors who claim 
huge amounts of interoperability are primarily exchanging data 
with themselves, with other installations of their own product. 
There needs to be some truthiness to that.
    Senator Franken. I want to ask you another question that 
was kind of in your answer to Senator Murray. Because your 
testimony also highlights the new healthcare payment and 
delivery systems, those models, the success that they have had 
in incentivizing the coordination of information and improving 
health, the coordination of patient care, and in eliminating 
market incentives for providers to hoard their patients' health 
data because they are being paid for outcomes.
    Based on this experience with the Comprehensive Primary 
Care Initiative that you write about, a multi-payer medical 
home model being tested by CMS's Innovation Center, how can we 
focus more on these value-based reforms instead of just 
compliance with meaningful use?
    Dr. Kendrick. I am glad you asked that. Earlier, the 
comment was made that perhaps we should delay Stage 3 of 
meaningful use, and I want to make sure it is clear that there 
are actually two programs.
    There is the meaningful use program, which affects the 
doctors, and there is the EHR health IT certification program, 
which moves forward the technology. I would certainly say that 
the technology needs to continue to move forward, but that the 
rapid deployment of these value-based payment models may well 
help to accomplish the things that were intended in Stage 3 of 
meaningful use anyway but will do so with the full and vested 
interest of the providers being onboard.
    I would not want to slow down progress on the technology 
side because the EHR vendors certainly have some ground to 
cover, especially to support value-based payment models. If we 
can get the accelerated adoption of value-based payment models, 
the providers will be very much in support of interoperability.
    Senator Franken. In Minnesota, we like value-based models 
because we are good at them, and we kind of lead the country in 
that. I want to keep incentivizing--I want to keep implementing 
those as smartly, as intelligently, but as quickly as we can 
and robustly as we can.
    We were getting to talking about standards, and I think 
there is some dispute here about whether the industry does its 
own standards or whether the Government dictates these 
standards, but can't we put in standards for operability, 
interoperability?
    What is the dispute here? I mean, why? Can I hear both 
cases? I know I am out of time.
    Mr. Black. I will take a swing at that. The Government has 
put standards in place, which we have been talking about today, 
about what is required inside of, if you will, a packet of 
information that goes back and forth from an Allscripts system 
to a Cerner system to an Epic system. Those standards actually 
have a great deal of information that make the exchange of that 
information possible and make that important to be consumed by 
the caregiver.
    What we are working on and what I think that the debate is 
about is, there is an electronic exchange of information. If 
people are blocking that, punish them. They should not do that.
    The standards allow us, even if someone is trying to block 
that, for us to auger in and get that data out anyway, and then 
we can liberate or emancipate, or whatever the word is going to 
be, to go get that data. We actually do that each and every 
day.
    We connect to over 350 different electronic medical record 
systems in the United States. ONC certified a lot of systems to 
be certified for MU2--MU1 and MU2. We connect to over 350 of 
them in practice today.
    That is an important thing to get the connectivity done. 
Once you have them connected, however, you have to put the 
context of the way it was connected in practice.
    Senator Franken. Sorry to cutoff your answer, but I am way 
over my time, and if there is a really short response to that?
    Dr. Kibbe. Yes, one very short response is finish what we 
have done before we do something new. I think that is what you 
are hearing pretty loud and clear here.
    We have got standards. We have infrastructure for the use 
of those standards. It is working. It could be better. Don't go 
off and do something entirely new until we have got that job 
done.
    Senator Franken. OK. Thank you.
    Sorry. Sorry, Mr. Chairman.

                       Statement of Senator Enzi

    Senator Enzi. It is OK. I would remind the Senators that 
you can submit questions. These people have agreed that they 
would handle ones in writing. That is part of testifying, and 
that gives us an opportunity to ask even more technical 
questions that might bore the entire audience. I am used to 
doing accounting hearings.
    [Laughter.]
    I understand that. This whole topic fascinates me. I have 
been on the High-Tech Task Force for a long time, and when we 
first started talking about interoperability, we talked about 
Australian railroads. How, when you get to the middle of the 
country, you have to change from one train to another because 
the railroad tracks are different sizes where they meet up in 
the middle.
    We wanted to make sure that with health IT that the 
railroad tracks would meet, and people would have access to 
information. I have kind of a science fiction version of what 
we need to achieve in all of this, and I picture the day when I 
would be able to have a card in my wallet that has every bit of 
my medical information on it, every X-ray, every MRI, 
everything.
    That would be a lot of data, but I have watched what the 
data transition has been. I would even have access to this card 
so that I could record trips that I went on or bug bites that I 
got or falls that I have had so that any doctor that is taking 
care of me would have access to all of that information. It 
wouldn't be a matter of them getting a hold of somebody to have 
the record transferred.
    I once fell down and had a bad ankle, and I got an X-ray. 
They said there wasn't a problem, but a few days later, I was 
in Wyoming, and I was still having a problem. So, I went to the 
doctor, and they said, ``Well, we will have to do an X-ray.''
    I said,

          ``Oh, no, no. I had an X-ray.'' They said, ``Well, it 
        would be too hard for us to get that one. We will have 
        to charge you for another one.''

    I have a whole series of questions here that I am not going 
to have a chance to ask. I will be submitting questions.
    Dr. Kendrick, I was particularly interested in your 
comments about the need for a lemon law, and I won't have you 
expand on that at this moment.
    Instead, I would like to know what you see as some of the 
incentives now for information sharing across providers and 
settings and how the market responds to that? How do you see 
vendors responding to these market forces?
    Dr. Kendrick. I think the message we get from our 
providers, as we try to connect them--in fact, I was on the 
phone with a physician group just yesterday kind of arguing 
with their vendor about the $40,000 fee and the 9-month 
timeline to get the interface built. I think the providers have 
bought in. They are ready to do value-based payment models, but 
they can't get their technology to keep up with them in moving 
that direction, which is why I cautioned against slowing the 
certification process.
    Even if MU3 was to slow down, the certification and the 
improvements in technology need to continue because I do think 
that the vendors have a big job. They have got a huge job, and 
they are critically important.
    At the end of the day, they are serving those who deliver 
care and receive care and need to meet their requirements.
    Senator Enzi. Dr. Mirro and several of you mentioned the 
need to have Stage 3 delayed. There is a security component 
here. Do you think your patients understand what data you have 
access to and what the protections might be for them and their 
personal health information?
    It is a difficult balance in some of these situations, but 
what risks do you see?
    Dr. Mirro. Certainly, the privacy and security concerns are 
of utmost importance to patients and that we certainly do 
everything we can to protect their personal health information. 
A lot of my work is focused on delivering content to patients 
and in a secure fashion, specifically from remote devices, as I 
had in my testimony.
    Patients are concerned about the privacy security. There is 
the encryption and secured file transfer protocols that 
certainly, as of today, seem to adequately protect the 
patient's information and particularly when we transmit this 
data to what we call a personal health record, where the 
patient can virtually store all of their information and access 
it.
    Right today, we do have adequate security privacy. Could it 
be better? Absolutely. I am not a cybersecurity expert. I am 
just a doctor. There are people working on this, and I think 
that everyone is concerned about the privacy security.
    Dr. Kibbe. My concern is data hackers will have Senator 
Enzi's collection of data before I will have it or the patients 
will have it at this rate. Security is a big problem, and it 
has to be dealt with on a very, very strong basis going 
forward.
    I do think we are doing a pretty good job in terms of 
transport. Direct exchange is encrypted and identity validated 
before the exchange can go back and forth. That is not as much 
of a problem.
    The issue around Stage 3 meaningful use, and I would agree 
with Dr. Kendrick on this, is that we don't want to put any 
barriers to innovation in health information technology in the 
standards development. We do--and I am speaking for the 
American Academy of Family Physicians now, we do want to delay 
Stage 3 meaningful use until we get the merit-based incentive 
payment system reorganized to go forward because there should 
be alignment between those payment--those value-based payment 
systems and whatever happens with respect to further 
development of meaningful use.
    Right now, I think your providers are saying, wait a 
minute, there is almost no relationship anymore between many of 
the objectives and metrics in Stage 3 meaningful use and the 
payment systems that we are being asked to comply with and to 
do well under.
    Dr. Mirro. I just wanted to make one other comment. If we 
had update the HIPAA Act and unique patient identifier, that 
would help. Actually, not just the unique patient identifier 
but have some two-factor authentication, such as facial 
recognition or retinal scan. Patients, we will clearly know 
that we are dealing with the patient. We have that matched 
adequately.
    The vendors spend a lot of effort and resources in 
probabilistic matching, which is also a problem with any kind 
of health information exchange.
    Senator Enzi. Thank you. My time has expired.
    Senator Baldwin.

                      Statement of Senator Baldwin

    Senator Baldwin. Thank you.
    I want to thank the Chair and Ranking Member for this 
entire series of hearings. They have been very instructive.
    I also want to say that as a fellow member of the 
Appropriations Committee, I withheld going down there. Please 
excuse me when I depart immediately following the questions and 
I may submit some for the record in addition.
    I absolutely share the Chairman and Ranking Member's 
commitment to finding the way to address deliberate data 
blocking. There are a couple of questions that I wanted to get 
into, starting with Dr. Kibbe and Dr. Kendrick.
    In your testimonies, you suggest that we need to increase 
transparency for all stakeholders to help address some of the 
problems that we see with data blocking and promote 
interoperability. I wanted to get a little bit more granular 
about how we create this transparency.
    What exactly needs to be measured and reported by 
healthcare providers, as well as obviously by EHR vendors, for 
us to determine if data blocking is occurring or if progress is 
actually being made?
    Dr. Kibbe. I will take the first crack at that. One thing 
that was very, very useful when e-prescribing was being 
integrated into electronic health records, and what we are 
seeing now is analogous to that in some ways. We are seeing 
health--Direct information messaging and transport of files 
integrated into electronic health records.
    One of the things that would be very helpful, which was 
done with e-prescribing, is for people to actually see the 
software. Is it immediately easy to use? Is it familiar? Are 
pieces lacking? Et cetera, et cetera.
    This was done with e-prescribing largely because of the 
industry's backing of that. I have been a proponent of getting 
our industry to do the same thing. That is one example.
    Senator Baldwin. Transparency with technological 
capabilities and software is part of----
    Dr. Kibbe. Yes.
    Senator Baldwin. OK.
    Dr. Kibbe. Being able to see what you get and what you 
would buy if you used it.
    Senator Baldwin. Dr. Kendrick.
    Dr. Kendrick. There are three things.
    No. 1, the section of contracts dealing with 
interoperability needs to be transparent, at least that part, 
because there are so many hidden things in those contracts.
    No. 2, the process around surveillance should be 
transparent, at least when a complaint is found to have merit. 
Everybody is innocent before proven guilty in that model.
    And No. 3 is, I alluded to earlier, we need a good metric 
for interoperability, a measure or two, a number that we can 
look at. We have got a couple of numbers we use in our health 
information exchange, which are a little bit complex to go into 
here, but I would be happy to share details on those.
    Senator Baldwin. If you would, I would love to have you 
answer that in more detail because obviously, transparency and 
metrics is going to be helpful. I suspect in some of the data 
gathering that you are talking about, we are going to be 
comparing apples to oranges, and we will really need to figure 
out a way to make the data that is, we hope, provided in a more 
transparent way relatable to one another.
    There has been a number of folks who have talked about how 
a move to value-based payment models is going to improve the 
very topic that we are talking about. I wonder if you could 
just take a moment, given that there are acknowledged instances 
where it is the healthcare providers that are unwilling to 
share the data because of economic incentives.
    If you could sort of walk through why our current fee-for-
service system discourages and other similar business models 
discourage health systems from exchanging data, and whether in 
our payment system reform that is ongoing and we certainly will 
receive a lot of future attention, what Congress could be doing 
to help address that aspect of data blocking?
    Dr. Kibbe. In a word, risk. Because if you don't have risk 
for patient outcomes, then in a fee-for-service model, we 
duplicate tests. We don't coordinate care very well because we 
are not responsible or held responsible for the costs that are 
incurred when the handoffs are made poorly.
    Senator Baldwin. In fact, sometimes rewarded for that?
    Dr. Kibbe. We are sometimes rewarded. In most communities 
in America, the healthcare system is multi-vendor. There are 
Allscripts and Epic and Cerner and eClinicalWorks, and all 
those different vendors are out there. There are people who 
don't use electronic health records at all, like home health, 
for example, or long-term care facilities may not have those.
    What happens in a community that is starting to do 
accountable care is they recognize they have got to connect 
with all those people. Therefore, collaboration and 
interoperability becomes a must, not a nice to have.
    Dr. Mirro. Could I comment on that just for a second? 
Because we are in a fee-for-service system, the systems are 
designed around charge capture, as I mentioned, in 
administrative datasets. Whereas, if we would go to a value-
based purchasing model, now the system is really focused on 
clinical data capture. They become much more usable by 
clinicians.
    The nurses and doctors are all struggling on the usability 
issues of these systems, and the reason is it is a reflection 
of the payment model.
    Senator Baldwin. Thank you. I will submit additional 
questions for the record.
    The Chairman [presiding]. Thanks, Senator Baldwin.
    I am going to wait until the end. Senator Bennet will be 
next.

                      Statement of Senator Bennet

    Senator Bennet. Thank you, Mr. Chairman. I appreciate the 
hearing very much and the testimony of all the witnesses.
    It is obvious that there is a lack of adequate oversight 
when it comes to the adoption of interoperable electronic 
health records. Ultimately, it is the providers and patients 
who suffer the most.
    In Colorado, I have heard both rural and urban providers 
complain about the cost, the time, and compliance issues they 
have had with electronic medical health records and the 
vendors.
    Dr. Mirro, in your testimony, you discuss the lack of 
governance around who is in charge of making sure that these 
electronic health records are interoperable. You also discuss 
our inability to take action against vendors who make 
interoperability difficult for providers and patients.
    To you and the other panelists, who should be in charge of 
this process, and what additional steps should Congress take to 
make that happen?
    Dr. Mirro. I think ONC should provide that surveillance 
oversight, and Dr. Kendrick gave some examples of that. We need 
to have more transparency about the surveillance system and 
which vendors are really on the watch list, if you will, so 
that health systems and clinicians can connect. You see what is 
going on.
    The system that is in place just needs to be strengthened. 
I don't think we need to develop a new system. More 
transparency on the process and also exposure of the few bad 
actors.
    Because I think, far and away, the majority of vendors are 
actually all trying to do the right thing. They are definitely 
concerned about patient safety and personal health information 
and protecting that and behaving the right way. We could do 
more to just encourage that.
    A surveillance system that is working and functional would 
help improve that.
    Senator Bennet. Does anybody else have a view?
    Mr. Black. We are also getting together as a vendor 
community where we are building our own standards for the 
patient identification issue that is important for all of us. 
Identifying the correct patient is a big piece of making sure 
that as a clinician, I actually trust the source system that is 
sending me clinical information about somebody.
    If I have a doubt about the fact that it is really Bob 
Jones, I probably won't administer the care that I think they 
deserve based on the information I received from a source that 
may not be 100 percent verified or trusted.
    We are getting together through different organizations in 
order to come up with a set of standards by which we can 
identify at a national basis the patient, and we are doing that 
independent of any regulations or, excuse me, independent of 
any Government oversight.
    We just think it is a problem that has to get solved. It is 
a problem that has been punted down the road, and we are saying 
it needs to be done.
    Dr. Kendrick. I run a nonprofit health information 
exchange, and we have tremendous success in addressing some of 
these issues. Our governance is those who receive care, those 
who deliver care, and those who pay for care.
    Everyone else is supportive to those three types of 
stakeholders. Those perspectives, I believe, are the ones that 
matter and the ones that should be guiding these efforts.
    Senator Bennet. On behalf of the providers in my State and 
those that all of you represent who face a multitude of 
requirements and compliance issues around electronic health 
records, what do each of you think is the most important thing 
for us to understand from the provider's perspective when 
crafting and making changes to the current health IT policies?
    Mr. Black. I spend a lot of time on the road with our 
clients, and they are very concerned about the comment that was 
made earlier in these proceedings about the amount of time that 
they spend entering data into the system. Was that data 
important about the care of the patient?
    If it is administrative data, if it is data that be 
compliant with a set of administrative things that were, if you 
will, ``pushed down by the Government,'' that is where they 
complain. It is not always apparent to them that these things 
that we are collecting are important.
    There is a lot of quality information that we are 
collecting that are important. It may not be important to their 
specific practice, but it is important to that population that 
they serve both from a quality metric standpoint, but also from 
a future research basis, which, depending upon who you talk to, 
which constituent you are working with, that may not be as 
obvious to them at that time.
    Dr. Kibbe. Yes, what we hear is it has been too much, too 
fast, with not enough time to reflect and to digest the things 
that we have learned about what works and what doesn't work. 
That is really the bottom line.
    That, and focus on the issues that are really important and 
are relevant to future value-based payment systems. Those are 
roughly, in order of importance, interoperability, the ability 
to report on outcomes and report on quality, and third, 
security.
    Those are the three critical issues that we need to pay 
continuing attention to before we go off and do a whole lot of 
other things that may be very worthwhile, but are too much, too 
fast, and without enough resources and time to digest it.
    Dr. Mirro. As a physician who does provide care to 
patients, I can tell you the usability issues, as Paul pointed 
out, are huge in every system. We have to get that right, and 
it is because there is too much time in documentation to 
satisfy meaningful use. It has deteriorated the quality of the 
office visit for the patient.
    We are spending more time with documentation. You are 
turning very highly trained clinicians into clerical people, 
basically. That is what happens.
    One of the unintended consequences of this, shortage of 
healthcare in rural America. I live in a rural area. The health 
system I work for has seven hospitals, but we are very close--
we are in farm area, and the older physicians in these rural 
towns are just retiring at a rapid rate. It is accelerated by 
just this very fact.
    We need to do usability testing in some way in the 
certification process.
    Dr. Kendrick. I would just add one thing. I completely 
agree with my colleagues. The one thing I would add, though, is 
in these new models of payment, physicians are increasingly 
being judged, and rightfully so, by the satisfaction their 
patients have with their care. It might be time to have 
satisfaction scoring for the vendors.
    Senator Bennet. Thank you, Mr. Chairman.
    The Chairman. Thank you.
    Senator Whitehouse.

                    Statement of Senator Whitehouse

    Senator Whitehouse. Satisfaction scoring for the vendors, 
they would love that.
    Thank you all for being here, and thank you for this 
hearing, Mr. Chairman and Senator Murray. I really appreciate 
it.
    A quick question to begin with. Dr. Kendrick, you mentioned 
hidden things in the contracts. There were reports to ONC that 
gag clauses in some of the vendor contracts prohibit the 
provider from actually complaining about what is wrong in the 
contract.
    Can anybody on this panel see a single reason why those 
contracts should have gag clauses in them?
    Mr. Black. I cannot.
    Dr. Kendrick. No.
    Senator Whitehouse. Four noes. OK, let the record reflect 
that.
    Thank you very much.
    Mr. Black. You are welcome.
    Senator Whitehouse. I am concerned about the meaningful use 
program having kind of outlived its original usefulness, and to 
the question of how it might be redirected, there are two 
things that I hear a lot from my home State. One is that there 
has been precious little support for health information 
exchanges compared to support for and testing of doctors and 
whether they have got the equipment running on their desk 
right.
    That makes it kind of a bank shot, to use a pool metaphor, 
at supporting health information exchange when, in fact, if you 
have really vibrant health information exchange, it becomes an 
almost inevitable part of anybody's business model because it 
is working well.
    I think we have got it upside down between the extent to 
which we support health information exchange versus the extent 
to which we put mandates and responsibilities and equipment and 
credits and everything onto doctors' desks.
    The second is that two of the key transactions in the 
healthcare equation, one is the loop between skilled nursing 
facilities and hospitals, which is a very unproductive loop. 
The second is patients who have significant behavioral health 
issues for whom necessarily their behavioral health provider is 
their medical home because it is their behavioral health 
provider who makes it possible for them to negotiate the rest 
of the system.
    Leaving out behavioral health and leaving out skilled 
nursing facilities seem like very significant oversights. 
Starting with Dr. Kendrick, I would like to ask you to comment 
on--I know you run an HIE, so I am particularly interested in 
yours. We have got a really good one in Rhode Island. Laura 
Adams runs CurrentCare very, very effectively, and we are 
pretty much out front with you guys on this.
    I would be interested in the panel's thoughts on those two 
questions. If you could just keep them brief and fill in later, 
I have got another question I would like to fit in, too.
    Dr. Kendrick. OK. I will try to be brief on these. One, 
transitions of care are critical. Agreed.
    Senator Whitehouse. Particularly those skilled nursing 
facility and behavioral health omissions.
    Dr. Kendrick. Yes, particularly those. One thing we need to 
recognize, at least as a clinician, when I write an order to 
transition a patient from one place to another, that is 
generally the action that makes it happen. That is an order.
    Currently, we don't track that as an order, right? We fax 
something somewhere or we send a secure email somewhere, but I 
don't know what happened to it after it got sent. I don't know 
that it got--the patient showed up. I don't know that the loop 
got closed and the record got back to me.
    I would recommend that we shift our thinking around 
transitions of care to start thinking about them as an order 
that gets tracked with a status, just like a prescription or a 
lab test or anything else.
    Senator Whitehouse. Should we move our focus more toward 
health information exchange support, as opposed to----
    Dr. Kendrick. That would be the appropriate clearing house, 
so to speak----
    Senator Whitehouse. For that?
    Dr. Kendrick [continuing]. For those orders, I would 
suggest.
    Senator Whitehouse. Got it.
    Dr. Kendrick. Your second question, your second question 
was about--remind me.
    Dr. Mirro. Behavioral health.
    Dr. Kendrick. Oh, behavioral health. On behavioral health, 
we have actually----
    Senator Whitehouse. Why are they outside of meaningful use 
when they, in fact, are the medical home for----
    Dr. Kendrick. Right.
    Senator Whitehouse [continuing]. That set of patients?
    Dr. Kendrick. We have most of the community mental health 
centers in our State connected or connecting to the health 
information exchange, despite the fact that we have to jump 
through incredible hoops to meet the provisions of 42 CFR that 
permit--that prevent certain data from moving----
    Senator Whitehouse. We are doing it, too, and it is a 
nightmare, and it is not supported by the meaningful use 
program.
    Dr. Kendrick. It is really--if you could fix something, 
please fix that.
    Senator Whitehouse. OK.
    Dr. Kendrick. Because those patients are getting cheated.
    Senator Whitehouse. I am about to be out of time. Let me 
offer two things. One, I share the experience that Senator 
Bennet had of going around my State and having doctors' 
offices, having hospitals, having skilled nursing facilities, 
having people say, ``Oh, my God, what a nightmare to go to 
electronic health record.''
    If you ask them the next question, ``Would you go back?'' 
They all say, ``Oh, my God, no. Thank God, we got through 
that.''
    Mr. Black. Right. Right.
    Senator Whitehouse. ``But this is really a big, big 
improvement for us.'' While it was painful, it was--I am 
getting a lot of nodding heads from the panel as well.
    The second thing is that I heard what Mr. Black said about 
the quality reporting and the burden of that. That is really 
important, and I would suggest to you that it has a patient 
component as well.
    If we load up the system, as I think we have, with a whole 
broad array, a multiplicity, a babble of quality reporting, 
then it creates a huge burden for the doctors who have to meet 
the regulatory burden. Also it blunts or blurs any kind of a 
public signal that doing badly on the quality reporting ought 
to on occasion.
    Somebody comes up with a really bad quality report on 
something, and the next thing they are saying, ``Yes, but I got 
these other five really good quality reports.''
    Mr. Black. Right.
    Senator Whitehouse. The whole thing just turns into a mess. 
I would encourage you and ask it as a question for the record 
to make recommendations on how we could simplify the quality 
reporting so that it has real consumer impact, in addition to 
any questions about undue regulatory burden.
    Mr. Black. There are a lot of quality ratings that are out 
there today. There are star ratings that are out there that are 
actually pretty effective at being able to do that. You can 
rate the institution. You can rate the provider. You can rate 
the organization.
    There is actually a fair amount of that data that are out 
there, and that data wouldn't come across again had you not 
done the broad mass adoption of these systems. That is what MU1 
did.
    While it was tough, while it was hard, while $30 billion 
was spent, there is no way we could have these conversations 
about any of the rest of these things, including HIEs, if 
they--they have to connect to something. They have to connect 
to the electronic medical record that is in that doc office or 
that hospital.
    To me, that was a great amount of money that was spent, a 
lot of time and effort. But you hit the promise of this, which 
is that you can interconnect these. You can get data. You can 
get quality information. And you can rate them.
    Over time, because of a consumer focus, there will be a lot 
of transparency on these data that are going to force 
additional changes in behaviors from providers and 
organizations in order to become more relevant to consumers.
    Senator Whitehouse. Thank you, Chairman.
    The Chairman. Thank you, Senator Whitehouse.
    Mr. Black, who owns my personal healthcare information?
    Mr. Black. You do.
    The Chairman. Thank you.
    No. 2, is there a consensus or are there surveys about the 
actual percentage of time that physicians spend on 
documentation? Anyone know of that?
    Dr. Mirro. I could probably answer that. Actually, I am 
part of a Federal grant that is coordinated by the University 
of Nebraska, and there are several sites. Duke University, 
University of Nebraska, Christiana Healthcare in Rhode Island 
is participating also.
    The Chairman. Do we know what the percentage is?
    Dr. Mirro. Yes. It is, at least from that experience, the 
data that we have, preliminary data because we are in the midst 
of this grant, we are spending well over 15 minutes per office 
visit. We have a 15-minute office visit. There is quite a bit 
of variation between individual clinicians, right?
    We have some high users that maybe will only spend 5 
minutes documenting.
    The Chairman. So 30 percent?
    Dr. Mirro. At least 30 percent.
    The Chairman. Do any of you know of any other surveys, 
reputable surveys about the time doctors spend?
    Dr. Kendrick. I can't give you anything reputable, but I 
can tell you my department, my academic department runs the 
electronic health record system for the university. The 
majority of notes are signed between 10 p.m. and midnight.
    The Chairman. Yes.
    Dr. Kendrick. That is the busiest 2-hour window for 
documentation.
    Dr. Kibbe. It is a real problem.
    The Chairman. Mr. Black, of the people you work with, do 
you have any idea?
    Mr. Black. It depends on the specialty type. In some cases, 
people will say they are actually faster with electronic 
medical record, and other people will say it takes them more 
time because of the charging of the other documentation that is 
provided, and they actually are doing it versus, as was said 
earlier, perhaps a clerical staff.
    The Chairman. There has been some discussion about delaying 
meaningful use 3, about whether it is a good idea, whether it 
is a bad idea, whether to delay part of it, whether to delay 
all of it. I would like to ask each of you if you would 
summarize for me what you think the answer to that question is.
    Assume you were Secretary Burwell and you had it within 
your power, and you are looking ahead, and you are saying, 
``OK, we have two big rules coming down in September or so,'' 
which are going to establish the rules of the game, which will 
be implemented, which will go into effect, what, in a couple of 
years, something like that?
    Mr. Black. Correct.
    The Chairman. You have Mayo Clinic, as I mentioned earlier, 
saying, ``all right, we are going to spend $1 billion over the 
next 4 years, 500 employees, to finish the job.'' You have 
others saying, ``we are terrified by the prospect'', and you 
have half the docs not--paying penalties rather than 
participating.
    What would you move forward with, and what would you slow 
down in not to stop electronic healthcare records, but to gain 
the largest amount of buy-in and most effective use of it so 
that providers look forward to using it rather than dreading 
it?
    Then if you--and then after you are through, if you have 
time, if you would send me your written suggestion for that, 
that would be helpful to me. Dr. Kendrick, can we just go down 
the line?
    Dr. Kendrick. Sure. I indicated earlier that meaningful 
use, in my mind, is separate from the EHR certification 
program, and I very much would recommend against slowing down 
the EHR--the advances in the EHR health IT certification 
program.
    There are some--there were important gaps----
    The Chairman. Because vendors need to be--and others need 
to be able to rely on that and go ahead and do their work on 
that. Is that right?
    Dr. Kendrick. Because we still--we have all heard we need 
improvements in workflow, and we need improvements in other 
components. In particular the next round of certification 
requirements, as proposed, fix some specific holes in 
interoperability that were in the last round.
    The Chairman. OK.
    Dr. Kendrick. That I would proceed with. I tend to agree, 
though, that when major programs through MACRA and others are 
coming down the pike, it would be great if we could synchronize 
those efforts, have one set of measures, have one approach.
    I would only add one additional item, and that is these new 
payments models, this approach we are taking depends heavily on 
assessing value correctly. That means measuring value 
correctly. Our current architecture will measure value in a 
single practice, and the same patient can appear in several 
different doctors' measure, right?
    What we care about as a nation is what is the health of an 
individual, and is it being improved? To do that, we have to 
measure at a higher level with the patient's complete record 
available.
    I recommend that that needs to be a part of things going 
forward, or we will miss the boat on value-based payment, and 
we will be arguing over measures that aren't valid.
    The Chairman. Dr. Mirro.
    Dr. Mirro. As I testified, we want to delay Phase 3 
meaningful use in its entirety. Phase 2 only----
    The Chairman. Does that mean including the certification 
standard? So you disagree with Dr. Kendrick on that?
    Dr. Mirro. I actually do agree with Dr. Kendrick on the 
certification side. On the eligible provider side, I am 
referring to, we definitely need to delay Phase 3 meaningful 
use. Phase 2 we only have 11 percent of eligible providers 
attesting right now.
    We have to actually analyze the impact of Phase 2 
meaningful use on improvement and care and its impact within 
the efficiency of the health system because we have created 
incredible inefficiencies, as we have just discussed, with 
usability and workflow issues. We really have to digest the 
impact of Phase 2 meaningful use and continue to strive to 
simplify the requirements.
    The Chairman. Dr. Kibbe.
    Dr. Kibbe. Yes, we would recommend an immediate moratorium 
on Stage 3 until Stage 2 is fixed. I agree with my colleagues 
in the sense that there are parts of Stage 2 that need to be 
fixed and improved so that more providers and eligible 
hospitals can participate in Stage 2 before we go on to 
anything called Stage 3.
    In particular, the certification needs to be focused on and 
made better. Interoperability needs to be focused on and made 
better. The quality reporting we have talked about needs to be 
made better, and the security side of Stage 2 also needs to be 
fixed.
    The Chairman. Fix Stage 2 before we move on to Stage 3?
    Dr. Kibbe. Indeed.
    The Chairman. Mr. Black.
    Mr. Black. It is important that there is a bunch of 
information that is going to be gained out of these electronic 
medical records that are going to be further extended by MU3. I 
would suggest that we keep on the path we are on. We think it 
is going to be in the 2018 timeframe. That is a long time from 
now.
    I need time to prepare for that, and so the sooner that we 
can get the specifications. We have to be done with those and 
get certified prior to these folks rolling them out. For me, it 
is important to get advance notification.
    There is a lot more patient information than patient 
benefit, the consumer benefit as a result of some of the 
regulations that I have seen around MU3. I also think from an 
interoperability standpoint, there is a lot of API exposure 
that we welcome the rest of the organizations to be exposed to.
    The Chairman. API exposure?
    Mr. Black. Yes, sorry. There are requirements in there for 
all vendors to expose more of their application programming 
interfaces. Allow third parties to innovate on top of platforms 
to allow other people to be able to go in and extract data out 
of their systems. That is what we do today.
    The Chairman. Build that for----
    Mr. Black. That is a piece of the proposed legislation that 
we would support as well. We think it is good for America to 
have access at a detailed level to electronic medical records 
versus being reliant upon a specific vendor to give that to 
you.
    The Chairman. Thank you.
    If each of you could, even if it is just 1 page, just say 
if I were Secretary Burwell, here is what I would do this fall, 
that would be helpful to me and to other Senators.
    Senator Cassidy wanted to ask another round of questions, 
and he knows a lot about the subject, and I thought that was 
good. Why don't we--I will go first to Senator Murray and see 
if she has questions, then to Senator Cassidy and if Senator 
Whitehouse has some. Then we will conclude the hearing.
    Except, Senator Enzi, you may have----
    Senator Enzi. No, no, I have learned as much as I can 
handle right now.
    [Laughter.]
    Mr. Black. Any accounting questions?
    The Chairman. All right. We will start with Senator Murray.
    Senator Murray. I would just submit any additional 
questions, but I do really do appreciate this panel and the 
information you are providing us. It has been a lot. We 
appreciate it.
    The Chairman. Thank you.
    Senator Cassidy.
    Senator Cassidy. Mr. Black, when we spoke earlier, and you 
mentioned how you all have apparently your product, semantic 
interoperability.
    Mr. Black. Yes, sir.
    Senator Cassidy. Wherever you go as a patient, there is an 
integration of the blood pressure in a standard format. You 
also mentioned in an earlier conversation that one person may 
mention weight in kilos, and the other person in inches, and 
the other person in feet and inches. How can you get--I am just 
asking, how do you get semantic interoperability?
    Because we are told we have to have a standard----
    Mr. Black. Right.
    Senator Cassidy [continuing]. That everybody use the same 
standard before we can have that and yet, apparently, you have 
accomplished. I am asking how can that be?
    Mr. Black. Yes, even inside of--we attached, as I said, 
over 350 different electronic medical records today. Even 
though you may have one client who has one electronic medical 
record vendor, they actually may have different instances of 
that.
    Let me give you an example. We have one client, very large 
client, who has 44 different instances of the same electronic 
medical record vendor established across 186 different 
hospitals. You would think that by us plugging in and trying to 
determine a male/female status, that would be a very easy 
interface.
    In fact, because of the flexibility of the system, there 
are 25 different ways in which as you plug in, you read that 
information, it actually comes back to us in a different 
manner. We have to take that information and harmonize that 
information to make it say either male or female.
    It sounds very easy, but I am just telling you, the 
information systems the way that they are out there, the way 
that they are designed, the way that they are implemented can 
vary widely even inside of just one.
    Most places I go to have anywhere from 300 to 700 different 
systems. Our largest client today has 100 electronic medical 
records----
    Senator Cassidy. With that said, are you able to harmonize 
without--apparently, you are.
    Mr. Black. We are.
    Senator Cassidy. Because you have semantic 
interoperability. There is some way to do a workaround aside 
from having everybody sit down and say we are going to call it 
meters, or we are going to call it----
    Mr. Black. Right. We take it, as I say, God is on the side 
of computers, and we are going to figure it out. There are 
algorithms you can say to read this SNOMED file and convert it 
to CPT. Take the CPT file, convert it to ICD-9. Take this ICD-
9, convert it----
    Senator Cassidy. Got you. How do you define data blocking? 
Because you mentioned in your testimony, we must, and so how 
would you?
    Mr. Black. I would define it by somebody who knowingly is 
out blocking the data. The definition of that would be very 
difficult to enforce, but I do believe that there is very--a 
lot of people are not knowingly doing it. But to the extent 
that we had practices in the past, which this committee 
actually because of the questioning that you had, actually got 
some suppliers to change the way that they charge for that. 
That is extraordinarily important.
    The light that you are shedding on this has actually been 
very well received----
    Senator Cassidy. Let me ask each of you if you can submit 
for the record your definition of data blocking because that is 
important to us going forward.
    Next, on the House side, there is a bill, part of 21st 
century is a portion which says that if someone is found to 
data block, that they would be decertified. If you are a doctor 
and you just paid all this money and now your product is 
decertified, it is actually the physician that loses.
    If it is a small practice in Iowa or in Bunkie, LA, you are 
stuck. Is there some way to enforce a you can't data block and 
if you do, you are busted without busting the doc? Dr. Kibbe?
    Dr. Kibbe. Yes. Part of the problem there is we are kind of 
in an all or nothing State right now, right? We need a better 
certification program so that in-the-field usability of these 
products is testable. If there are problems, they are available 
early, and the vendors and the users of those products have a 
chance to fix it.
    Senator Cassidy. That doesn't help those who have already 
purchased?
    Dr. Kibbe. No, it would because it would expose the vendors 
whose products are having problems or in usability early enough 
that they would have a chance to correct that----
    Senator Cassidy. OK. Let me go back to Dr. Kendrick. Dr. 
Kendrick, you mention that there are these gag orders. I had to 
press you to tell me that it was eClinicalWorks that is getting 
certified with a package which they then pull out and hide and 
then charge $10,000 in order to have access to.
    If you are under a gag order, you can't really say, ``Oh, 
my gosh. I am paying 10K a year for something which I should be 
getting for free.''
    How do we--you could have a gag order. You are doing a beta 
test, and you can't report that it is a dog. Do you follow what 
I am saying?
    Dr. Kendrick. Yes, in my written testimony submitted, it 
says that we are finding a fair amount of almost intimidation 
among the folks we work with, the practices we work with, that 
they are afraid to file these things themselves. Maybe because 
of a gag order, maybe because of experience. Certainly when we 
filed one complaint recently and it got forwarded to the 
vendor, we got a note almost immediately from the vendor saying 
that they wouldn't work with us anymore.
    Thankfully, an executive at the corporation decided it was 
worth that this really could be an issue. I would say in terms 
of--transparency has got to be there, and in terms of dealing 
with the next----
    Senator Cassidy. Should we outlaw gag orders? Should we 
have legislation that says, ``my gosh, if you have got a dog, 
you can say I heard it bark''?
    Mr. Black. Please.
    Dr. Kendrick. I think we should.
    Senator Cassidy. OK.
    Dr. Kendrick. I would just add that in terms of dealing 
with the decertification, if you take away that threat, then 
there is no reason for an organization to comply, and I would 
suggest that perhaps the EHR vendor that becomes decertified 
should be compelled to reduce their prices to their practice--
--
    Senator Cassidy. How do we hold the doc harmless if she has 
bought a product which is now decertified? How do we keep her 
from being punished? Do we have a money back guarantee?
    Dr. Kendrick. That is where I was going is maybe the EHR 
vendor has to reduce its fees or charge no fees until they are 
certified again.
    Senator Cassidy. We would allow a grace period for the 
physician to continue with the decertified record?
    Dr. Kendrick. We have to make the data portability real. I 
need to be able to strike my data and move on to another 
vendor.
    Senator Cassidy. OK. Thank you for allowing a second set of 
questions.
    The Chairman. Thank you for your participation.
    Senator Whitehouse.
    Senator Whitehouse. Senator Cassidy, put me down as a 
cosponsor----
    [Laughter.]
    Senator Whitehouse [continuing]. On your legislation to 
restrict these gag orders, and we will work together on that. I 
am having a very enthusiastic agreement from the entire panel 
on that point.
    I had just one specific question since I get another round, 
and this has to do with Dr. Kendrick's written testimony with 
respect to the part of ONC's certification program that 
requires data portability. The quote I have from your testimony 
is that few vendors appear to offer this functionality as 
intended, and I would like you to have the next couple of 
minutes to elaborate on what you meant by ``few vendors appear 
to offer this functionality as intended.''
    Dr. Kendrick. The reason we came across this functionality 
is because it is another option for interoperability. 
Unfortunately, Stage 2 of meaningful use required that the 
standard document be created and that the provider be able to 
export it, but not that the exporting of that document be 
automated.
    Many vendors buried that export three buttons down, three 
menus down, and force a manual process. Until the next round of 
EHR certification comes out and hopefully fixes that, we are 
stuck with other options that are written into the policy. One 
of those is data portability.
    Senator Whitehouse. Just so I understand it, what we would 
like to see--what CurrentCare has accomplished in Rhode Island 
is that the record is kind of automatically populated with 
data. If you go out and have a CAT scan or if you pick up a 
pharmaceutical or get a test of some kind, it loads more or 
less automatically----
    Dr. Kendrick. It moves where it needs to go automatically. 
Right, right.
    Senator Whitehouse. Exactly. What you are saying is if that 
doesn't happen, somebody has to page through several----
    Dr. Kendrick. Right.
    Senator Whitehouse [continuing]. Screens and then hit 
``send'' before it----
    Dr. Kendrick. What happened is, we discovered the data 
portability clause, which is the requirement that a batch 
export be possible of these CCDA files, these standard files, 
and we can do that on a nightly basis and use it.
    Unfortunately, when we have gone to now several vendors to 
say where is your batch export functionality, they can't 
demonstrate it to us, and many have to come in and actually 
rewrite code to make it happen. We filed a complaint, and the 
first one of those has been found to have merit.
    It did require some pretty significant conversation between 
ONC and the certification body because, remember, the 
certifying body tests, ONC writes the test. The question was 
whether the test adequately tested that functionality, and so 
things slipped through the door.
    Senator Whitehouse. Got it. OK.
    Thank you, Chairman. It is a technical issue, and it can 
drive people into a state of stupor.
    Dr. Kendrick. Sorry.
    Senator Whitehouse. It is also really, really important, 
and the panel has been terrific.
    The Chairman. We need to see if we can come to some 
consensus here on the committee about what we think about this. 
Senator Murray and I had breakfast with Secretary Burwell 
today, and we talked a little while about it. Of course, 
Secretary Burwell and the President are very interested in 
changing the way physicians are paid, value-added, and you are 
saying there is a relationship between that and better use of 
this.
    Those are relevant things, but there are big decisions to 
be made. If any adjustments are to be made, they probably need 
to be made this fall, and I don't want to recommend adjustments 
that are not the right adjustments to make. We want to complete 
our work on this by this fall and understand that there are 
steps. If there are four or five steps that can be taken to 
make the electronic healthcare system work better and if they 
require legislation we can deal with that early next year.
    If it is something the Secretary can do, we can talk with 
her about it and let her do it. That would be much more 
preferable to do it that way because it could get done more 
rapidly.
    Let me ask, this is an off-the-wall question, and it may 
sound like a really stupid question. I am old enough not to 
worry about things like that. Should we be defining--are we 
being too ambitious with interoperability?
    Should we say that we should have interoperability to just 
an extent? If what we are really talking about is making sure 
that information, let us say about me, is available at all the 
places where I might have gotten healthcare.
    What if a rural doctor somewhere where I might have gone 
after a fishing trip says I will send you--if you are going to 
go see your doctor next week, I will fax it to him? I will 
FedEx it to him. I will keep it according to a certain standard 
that you tell me to keep.
    Why in this age of communication where we have many 
different ways of getting information to people, when the usual 
time that you need information about your healthcare, I would 
assume, is a scheduled appointment with a physician or a 
hospital, where a doctor in some other place would have time 
either to fax the information he or she has or to Fed Ex it by 
the next day or UPS it?
    Or maybe, maybe we just say that interoperability ought to 
apply to this much information and these kinds of data, and it 
is too ambitious to try to go beyond that. It is just we just 
can't do that in a system as big and diverse as ours. Is that a 
really ridiculous question, or is there an easy answer?
    Dr. Kibbe.
    Dr. Kibbe. Let me--there is an easy answer. Because doctors 
and the hospital systems and medical practices don't want to go 
outside their electronic health record to exchange health 
information. They want to work within that electronic health 
record interface.
    The Chairman. Oh, I don't know that is true. I know some 
very good doctors who keep a separate drawer filled with 
written information about their patients.
    Dr. Kibbe. They may do that. When the information flow is 
required to go from one place to another, you really don't want 
to go to a separate Web browser over here or go to a fax 
machine over here. That is inefficient. That is extra 
documentation. That is extra cost for everybody.
    One of the things that I meant in my fixing of the Stage 2 
meaningful use is that we have an infrastructure, we have 
standards, and we need to fix those and make them a little 
better.
    For example, a Direct message ought to be acceptable with 
any kind of attachment, not just a CCDA. A PDF document, a Word 
document, a file image. Those ought to all be acceptable means 
of transfer of documentation from within the electronic health 
records' current standard for exchange.
    Mr. Black. I don't think you spent $30 billion, we did. You 
have to take it to the next level. Otherwise, you are going to 
have just a great, big, huge community and country full of 
silent information that is not expandable, and it doesn't 
really benefit the patient.
    In order to get that information to an interoperable manner 
through an HIE, whatever it has to be, in order for it to be 
used, though, by a clinician, you have to have all the 
information about that patient, irrespective of which EMR that 
they are in across the community.
    Then when I log in to my patient and my patient is in front 
of me today, I want to see that there is additional information 
in the community about that patient that is going to change my 
mind. At the University of Pittsburgh Medical Center today, we 
sit on top of Epic and Cerner, and when they click on the 
community view, that clinician, 60 percent of the time, makes a 
different clinical decision because of the fact they saw the 
totality of the patient's record, not just what was inside of 
EMR 1 or EMR 2.
    The Chairman. OK.
    Mr. Black. We now have 100 of them attached to that, I can 
promise.
    Dr. Kendrick. The issue--I would zoom out just a little bit 
and say, or a lot and say that this--the health of America and 
the success of our industries in the world depends on solving 
this issue appropriately. If I were to compare healthcare to 
banking, it is about 1965 in healthcare.
    We just don't have electronic transactions like we need 
them. We have lots and lots of labor force dedicated to things 
that haven't been done manually in banking for decades, and we 
won't be able to compete on the world stage as a nation and 
have a healthy workforce if we don't solve this.
    The efficiency gains from interoperating electronically far 
exceed the paper processes.
    Dr. Mirro. I agree with my colleagues wholeheartedly, and 
we cannot have enough interoperability. Remember, we are trying 
to have a patient-centric electronic record. It is actually 
about the patients, and that is we want to get to that stage 
where the patient is holding all their information, and we have 
patients that are using a highly functional personal health 
record so that their data is stored in a PHR, and that could be 
accessible from any site, even rural America.
    The Chairman. I thank all of you for coming. I would ask 
once again if you could send me in 1 or 2 pages of what you 
would do if you were Secretary Burwell if faced with decisions 
about these two rules that come down in September about 
electronic healthcare records. I would appreciate it very much.
    The hearing record will remain open for 10 days. Members 
may submit additional information for the record within that 
time.
    Thank you for being here. The next HELP Committee hearing 
will be Wednesday, July 29.
    The committee will stand adjourned.
    [Additional Material follows.]

                          ADDITIONAL MATERIAL

       American College of Cardiology, Heart House,
                                 Washington, DC 20037-1153,
                                                     June 16, 2015.
Hon. Lamar Alexander, Chairman,
HELP Committee,
U.S. Senate,
Washington, DC 20510

Hon. Patty Murray, Ranking Member,
HELP Committee,
U.S. Senate,
Washington, DC 20510

    Dear Chairman Alexander and Ranking Member Murray: The American 
College of Cardiology (ACC) is a 49,000-member medical society that is 
the professional home for the entire cardiovascular care team. The 
mission of the College is to transform cardiovascular care and to 
improve heart health. The ACC leads in the formation of health policy, 
standards, and guidelines. The College operates national registries to 
measure and improve care, provides professional medical education, 
disseminates cardiovascular research and bestows credentials upon 
cardiovascular specialists who meet stringent qualifications. The ACC 
also produces the Journal of the American College of Cardiology, ranked 
No. 1 among cardiovascular journals worldwide for its scientific 
impact.
    The ACC has a vested interest in complete interoperability of 
health information technology not only because of its diverse 
membership of cardiovascular care team members including physicians, 
nurse practitioners, nurses, and practice administrators, but also 
because of its operation of five hospital-based, one outpatient, and 
two multi-specialty clinical data registries.
    The College would like to applaud you and your respective staff for 
taking the initiative and working to accomplish specific goals related 
to interoperability of EHRs. The College appreciates the opportunity to 
provide input and encourages you to address these pertinent issues.
    The ACC views the following as key priorities that should be 
addressed related to EHR interoperability:
                          vendor data blocking
    Issue: The ACC has been on the record with the Senate HELP 
Committee in bringing the issue of ``vendor data blocking'' to the 
forefront and the College is appreciative of the committee's 
responsiveness and eagerness to address this issue. The ACC views 
vendor data blocking as one of the largest barriers to EHR 
interoperability. EHR vendors charge exorbitant fees to transfer data 
from hospital to hospital or hospital to physician office, undermining 
the very purpose of EHRs. Many times, hospitals are in a better 
financial position to incur these costs. Physician practices, which are 
typically smaller and have fewer resources, are not in the position to 
absorb these costs.
    Example: For each patient, cardiologists are often required to 
reference several tests to obtain a complete understanding of a 
patient's condition. These required tests are sent to various labs, 
each of which operates its own separate EHR system, often administered 
by different vendors. In order to fully exchange information, EHR 
vendors charge physician practices upwards of $20,000 to fully 
interface with each lab's EHR system. While this is usually a one-time 
fee, many physician practices cannot absorb these unexpected startup 
costs. In order to provide appropriate and effective levels of care to 
their patients, these providers face fees to interface with necessary 
ancillary systems to facilitate the transfer of data between settings. 
Once the connection is established, there are often additional charges 
for the exchange of information. The College feels these exorbitant 
fees must be brought under control.
    Solution: The ACC acknowledges that an initial fee to establish a 
connection could be appropriate. Our concern lies with the amount of 
fees these vendors have arbitrarily established. Perhaps a solution 
could be for vendors to work these fees and others into the initial 
agreement signed with physicians, including (but not limited to) 
bundling open application programming interface (API) costs into the 
overall maintenance fees. This would require vendors to be up front and 
transparent with their pricing both at the time of purchase and 
throughout the use of the implemented EHRs and the peripheral elements 
included in these contracts. Additionally, it would be ideal to know up 
front the costs associated with purchasing interfaces to exchange with 
another vendor's EHR. Penalties should also be established for vendors 
whose actions prohibit the exchange of data under any circumstances, 
which leaves the practice without options to solve the problem. The ACC 
looks forward to working with the committee to determine the most 
appropriate way to address this issue.
                        effective ehr standards
    Issue: The Office of the National Coordinator for Health 
Information Technology (ONC) has attempted to establish effective 
common EHR standards since the passage of the Health Information 
Technology for Economic and Clinical Health (HITECH) Act in 2009. The 
Certified EHR Technology (CEHRT) criterion (2011, 2014, and the 
proposed 2015 criteria) aims to set a floor for certification to avoid 
stifling innovation while still working to require EHRs to meet the 
specific needs of clinical settings. With the current EHR standards in 
place, clinicians not only face continual challenges exchanging the 
simplest elements of data between EHRs--that have all met the EHR 
standards in place at the time of their certification--they also face 
basic usability issues. Despite these issues, there is still a widely 
felt concern that if effective common EHR standards were to be 
established, they would be too prescriptive and would stifle 
innovation.
    Example: As a part of certification, EHRs are tested to meet 
varying criteria and specific definitions. The criteria are tied to 
components of the Meaningful Use program such as computerized order 
entry, secure messaging, and e-prescribing. Definitions address other 
items of the Meaningful Use program as well, such as how a ``base EHR'' 
is defined, along with other items such as how patient health 
information is captured and how to import, calculate, and report 
clinical quality measures. This is in addition to base requirements 
relating to privacy and security, accessibility-centered design, and 
safety-enhanced design. Once the EHRs are certified and implemented, 
many times data received by a certified EHR from other certified EHRs 
populates in inappropriate fields or the data is received in a format 
that is unusable. For example, a clinician may receive a chart mapping 
a patient's blood pressure rather than individual data points. Another 
example is that clinicians in the outpatient setting frequently refer 
their patients to a hospital across the street from their office for 
procedures. The inpatient setting, however, often uses a different EHR 
and the different systems cannot communicate. When patients are 
admitted to the hospital, clinicians have to print out their notes and 
send a copy to the hospital so the notes from the clinic can be 
incorporated into the hospital's electronic records for the inpatient 
setting. This information is often scanned and inserted into the 
hospital's EHR as a PDF and is therefore far less usable. Thus, in 
order to truly achieve health information exchange these providers and 
their small clinics are forced to incur additional fees to replace 
their outpatient EHR vendor to match the hospital's system and make the 
records interoperable.
    Solution: The ONC should provide a clearer path to certification 
that includes an enhanced focus on usability and interoperability. 
These standards could include the ability for systems to connect with 
multiple Health Information Exchanges (HIEs). The most important aspect 
of a standard is that they be clinically relevant and useful, as would 
occur if the standards were created in cooperation with specialty 
societies such as the ACC. Through its rigorous process of creating 
clinical guidelines, societies such as the ACC are well-equipped to 
make these specific determinations as to what standards need to be 
applied and how they should be applied. In addition to adjusting the 
certification criteria, thorough testing must be performed not just of 
the EHR itself but in exchanging information with other EHRs and other 
actors in the health IT sphere such as HIEs and registries. This can 
lead to the higher level of bi-directional data exchange that we need 
in order to achieve the true benefits of health information exchange.
             post-certification surveillance of ehr systems
    Issue: Since the passage of the HITECH Act in 2009, the Federal 
Government has invested over $30 billion in EHRs. Currently, no 
programs exist to ensure that existing EHRs are functioning properly. 
Implementation of a post-certification surveillance program of EHRs 
would add value to the Federal Government's already substantial 
investment and set the Nation on a path of complete interoperability of 
EHRs.
    Solution: The ACC requests that ONC or the HHS Secretary conduct 
post-certification surveillance of EHRs to properly evaluate what 
elements are effective and what elements are not working with respect 
to basic usability and interoperability functionalities providers 
require of EHRs. This includes the removal of contract gag clauses to 
enable documentation by the Federal Government of any data portability 
issues and to provide for further transparency in pricing. It should be 
clearly stated that the burden for upgrades would pass to the EHR 
vendors rather than physician practices or hospitals. Additionally, a 
quarterly report from the Federal Government summarizing the 
surveillance findings would further aid in fixing usability and 
interoperability issues of CEHRT. The ACC applauds CMS for launching 
the initiative to collect feedback via email from patients, clinicians, 
and others whose health data was stymied.
               reevaluation of hipaa and security of data
    Issue: The ACC operates five hospital-based, one outpatient, and 
two multi-specialty clinical data registries within a suite of 
registries collectively known as the National Cardiovascular Data 
Registry (NCDR). As a result of the Health Insurance Portability and 
Accountability Act (HIPAA), hospitals and health systems within which 
the NCDR conducts business require security contracts to transmit data. 
The ACC understands that certain measures must be taken to comply with 
HIPAA and ensure data security. However, HIPAA has resulted in overly 
risk-averse interpretations of an almost 20-year-old law that was based 
largely on paper data storage. This in turn has created unnecessary 
demands from multiple layers of compliance officers with several layers 
of review which may not actually be relevant or afford the best 
protections in a digital, mobile-enabled environment.
    Example: Compliance officers from larger health systems and 
academic medical centers require NCDR to complete over 40 pages worth 
of security questionnaires that are unique to their own institutions. 
It may be possible for larger vendors with large numbers of staff to 
accept this as a cost of doing business, but for society-operated 
quality improvement programs and startups, these practices are 
extraordinarily burdensome and stifle innovation by creating barriers 
that only the largest entities can reasonably overcome.
    Solution: The ACC has been on the record requesting the 
reevaluation of the Health insurance Portability and Accountability Act 
(HIPAA) and its appropriateness in a 21st Century digital landscape. 
Technology has changed substantially since HIPAA was originally adopted 
in 1996. The ACC urges Congress to convene a hearing to reevaluate the 
role of HIPAA, including its successes and failures and whether all 
aspects of HIPAA remain appropriate given today's technology.
            delay of meaningful use stage 3 in its entirety
    Issue: The Centers for Medicare and Medicaid Services (CMS) 
released a notice for proposed rulemaking on March 20, 2015 outlining 
the third and final stage of the Meaningful Use Program to be in place 
starting in 2018. The proposed changes increase thresholds for 
objectives and measures to an unattainable level in an aspirational 
attempt to achieve greater care quality through the use of health 
information technology.
    Example: The Health Information Exchange objective (#7) of the 
Stage 3 proposal requires program participants to provide or retrieve a 
summary of care record when their patient moves to or from their care, 
and calls for the participants to incorporate summaries of care from 
other providers into their EHR using the functions of certified EHR 
technology. This is required for a certain percent of transitions that 
is far too high given the existing problems outlined in previous 
examples of this letter and the lack of solutions currently in place. 
In full disclosure, other issues exist with this objective and the 
other seven objectives proposed.
    Solution: The College has provided comments to CMS on this proposal 
outlining our concern with the overreaching requirements. In light of 
these concerns, the College has called for a delay in the 
implementation of Meaningful Use Stage 3 in its entirety. Delaying only 
certain parts of Meaningful Use Stage 3 would cause further confusion 
around the program and lead the government to veer off the current 
course of reducing complexities of the program. Given the lack of 
participant data available from Meaningful Use Stage 2 coupled with the 
data exchange issues that already exist, it is not feasible to 
implement the increased demands of the program in 2018. Time is needed 
to reevaluate the issues participants are facing in Stage 2 of the 
program and to develop and enact solutions.
    The ACC applauds you and your respective staff for taking the 
initiative to accomplish specific goals related to interoperability of 
EHRs and commends you for your collaborative approach. On behalf of the 
entire cardiovascular care team and the patients who we serve, the 
College appreciates the opportunity to provide input on these concepts 
and encourages you to address these very pertinent and closely 
connected issues. For additional information on the perspectives of the 
ACC, please contact Charles Cascio ([email protected]) and Lucas Sanders 
([email protected]).

            Sincerely,
          Kim Allan Williams, Sr., M.D., FACC, FAHA, FASNC,
                                                         President.
                                 ______
                                 
   Response by David C. Kendrick, M.D., MPH, to Questions of Senator 
    Alexander, Senator Murray, Senator Enzi, Senator Casey, Senator 
                      Baldwin, and Senator Cassidy
                           senator alexander
    Question 1. If you were Secretary of the Department of Health and 
Human Services and were faced with decisions about the Meaningful Use 
Stage 3 rule and the 2015 Edition Certification rule, what would you 
do?
    Answer 1. I would pause the roll-out of the Meaningful Use Stage 3 
program until the measures and expectations placed on providers can be 
synchronized and coordinated with MACRA, PQRS and other related 
programs which have the potential to create massive duplication of 
effort and confusion. By coordinated, I mean the following:

    1. The various programs (PQRS, MACRA, and MU) will all be unified 
from a timing, target, scope, content, and measurement perspective. To 
the extent that the programs are not fully integrated, at least all 
required measure and utilization reporting should be synchronized 
across the various Federal programs.
    2. CMS should continue to fund and maintain the creation of 
measures and the measure bundles that support consistent valid 
implementation of the measures through the Quality Data Model. This 
work is foundational to the assessment of value and assuring that the 
U.S. tax dollars are being spent wisely in healthcare. Without this, 
all previous investments in changing healthcare will be in jeopardy as 
we will have a system for which we cannot measure the impact, 
preventing iterations toward improvement.
    3. The Federal partners in healthcare delivery should be subject to 
the same requirements for reporting and interoperability as every other 
organization--a majority of the care funded by DoD, IHS, and VA is 
provided in the private sector and the private sector cannot deliver 
high value care and services without appropriate and timely access to 
accurate data about the patients they are treating. The Federal 
partners should participate in the Health Information Exchanges that 
are relevant to the care of their patients. The current approach to 
interoperability, through a federated connection, is not responsive 
enough to be relevant to clinical care. It can take several minutes to 
retrieve a single patient record, by which time the provider has 
usually moved on to the next patient. BY participating instead in the 
State and regional level HIE efforts, the Federal partners will be 
assured that their patients are getting the same benefits from 
interoperability as the other patients in the community, including 
fewer adverse drug events, reduced duplicate lab testing and imaging, 
and improved coordination of care. Surely the America's active duty 
military, veterans, and tribal members deserve the same chance at 
receiving high quality care as any other American and active 
participation in local/regional Health Information Exchanges is an 
important step.
    4. An important concept in Stages 2 and 3 of meaningful use is the 
notion of the transition of care (ToC) from one setting (such as a 
hospital) to another (such as a long-term care facility). 
Unfortunately, CMS' original approach to this measure, which required 
that a secure email be sent to the next provider in the transition was 
not successful and CMS has recast the requirement in the Amended 
Meaningful Use Stage 2 regulations that were released on 10/6/2015. The 
new requirement is much improved because it allows the sending/
referring provider to send the patient records by other electronic 
means, such as to a Health Information Exchange. However, the burden of 
ensuring that the receiving provider actually looks at the data on the 
referred patient remains on the shoulders of the sending/referring 
provider, who is actually penalized in the measure if the receiving 
provider fails to check the patient record. This is not the way 
healthcare works. Once the sending/receiving provider has made the 
current records available to the receiving provider, his or her 
obligation has been met. It is the obligation of the receiving provider 
to check the records on the patient before making diagnostic and 
treatment decisions--not the referring provider. This may seem like a 
minor point but in reality this single suggested policy change could 
have the most impact of anything else that could be done to drive 
interoperability as well as improving healthcare. On the other hand, 
without it, the incentives for providers to demand the complete, 
interoperable medical record on each patient they see will remain low. 
Please consider this alteration to the Transitions of Care policy in 
the amended MU2 and certainly in MU3.

    When a combined MU3/MACRA/PQRS strategy rolls out, ideally there 
will be a single program for providers to work with, one that is 
designed and tested with significant provider, patient and payer input 
and can align well with the current drive toward multi-payer value-
based payment models such as the Comprehensive Primary Care initiative.
    However, I would push forward with the 2015 Edition Certification 
program, and especially the interoperability components and the new 
process of certifying that the EHR actually works in the field as it 
did when being certified ``in the lab''. We must get beyond the 
interoperability limitations and loopholes in the 2014 Certification 
program which are enabling EHR vendors and occasionally providers to 
skirt their interoperability responsibilities. Elements that should be 
emphasized in the 2016 Certification program and launched immediately 
include:

    1. Data interoperability will be sufficient to enable the owner of 
the EHR to elect to participate in HIE and configure their system to 
export data of their choosing structured and coded to current 
standards, based on an automated trigger of their choosing and deliver 
it securely to a location of their choosing. Appropriate triggers would 
include the referral of the patient to another provider, completion of 
an encounter note, sign off on a new lab or imaging test result, and 
other clinical events that should be communicated with other members of 
the patient's care team. Appropriate locations for the exported data to 
go would include a health information exchange, secure email, public 
health program, or registry.
    2. Data export formats will include standard message types (HL-7 
2.x) as well as document types (HL-7 3.0's CCDA 2.x standard) and 
documents to support external evaluation of quality and value (QRDA1 
files with complete coded data), etc. At a minimum, all file & message 
types required for MU, PQRS, MACRA, and any other mandated reporting 
programs should be able to be exported at no cost and delivered as 
above in 1.
    3. The interoperability described above should be rigorously tested 
and validated by the Certification Bodies both in the development lab 
at the EHR vendor (where they are tested today) AND in the field when 
the product is deployed in a provider practice or hospital (where it is 
not tested today, and most commonly fails to meet interoperability 
expectations).
    4. Vendors should be required to support credential exchange 
standards such as SAML and OAUTH which enable doctors' and other 
providers' workflow to move seamlessly among different vendor products 
in the course of treating each patient and conducting their other care-
related work such as quality assessment and utilizing decision support. 
This is critical to enabling innovation to continue in the Health IT 
space, even though a few large vendors claim large swaths of the 
territory.
                             senator murray
    Question 1. You testified that you have personal experience working 
with providers in Oklahoma to make sure that they are able to exchange 
electronic health information. I regularly hear from providers about 
information blocking, but the Department of Health and Human Services 
reported to Congress in April that in many cases they have limited 
tools to find out when information blocking is occurring.
    Answer 1. Yes, that is correct--this is a very complex issue, and 
it takes expertise in the field of medical informatics, focused 
attention, and a desire to fix the problem, all of which are rarely 
available in busy medical practices. In addition, one must have access 
to the vendor product at the practice level to identify the issues. 
There are dozens of ways that an EHR vendor can (intentionally or 
unintentionally) prevent interoperability from occurring. Further, many 
practices I encounter are actually too afraid to report their vendor--
fearing repercussions such as poor service, higher bills, or delayed 
responsiveness to critical issues. Any of these can put a practice or 
small hospital out of business and this fear is clearly limiting the 
filing of formal complaints. I listed six common ways data blocking can 
occur in my testimony, but there are many others.
    Since it is impossible to think of all the ways that data blocking 
can occur, effective surveillance and enforcement is required. Ideally, 
ONC should receive sufficient funding to provide visible and active 
enforcement of the requirements in the Certified Health IT program in 
order to protect the tax-payers' investment in health IT. These funds 
should be used to make the existing ONC Certified Vendor Surveillance 
program more robust. The success that MyHealth has had in identifying 
and pursuing remediation with vendors whose products fall short of the 
required capabilities has been limited to only a few vendors and has 
required inside knowledge of the workings of ONC and the Accredited 
Certifying Bodies as well as significant time focused on the tracking 
and reiteration of our complaints. Furthermore, the critical knowledge 
we gained about unlocking an EHR vendor system through the Surveillance 
program has not been publicly communicated--rather that burden has 
fallen to our small non-profit organization. While we are happy to help 
our peers and others seeking interoperability it would seem that ONC 
should be tasked with publicizing the results of Certified Vendor 
Surveillance activities just as they publish the list of certified 
products.
    The Accredited Certifying Bodies, the private organizations 
contracted by ONC to implement the Certification program, are also 
currently tasked with conducting the Surveillance program. Because 
these ACB's are dependent on the vendors they certify for most of their 
revenues, there seems to be a potential conflict of interest created by 
the assignment of the ACB's to also conduct the product Surveillance 
program. Whether driven by conflict or not, the current Surveillance 
activities seem much less substantial than they should be. The 2014 
Surveillance report by the ACB's (which has not been made publicly 
available as far as I can tell) was disappointingly thin on details and 
action, especially given the tenor and rate of complaints that we hear 
from providers regularly.

    Question 2. This committee has also heard testimony that, in order 
to use health IT, providers often have to sign contracts that include 
``gag clauses,'' prohibiting them from disclosing technical problems or 
unfair pricing. Health IT is certified by the Federal Government 
because it stores and transmits information that is used to save 
lives--users should be able to safely report problems without facing 
any sort of repercussions.
    Answer 2. Agreed. These gag clauses are certainly a part of the 
problem. We recently surveyed our member organizations to gather the 
data on the costs they faced when connecting their EHR to MyHealth's 
Health Information Exchange. The reports ranged from $0 to $40K + 
ongoing monthly fees. This was concerning, but even more concerning was 
the fact that most of the providers and other organizations we surveyed 
reported that they could not divulge the cost due to contract 
restrictions (gag clauses).

    Question 3. What tools and protections are needed to ensure that 
individuals can safely report on unfair market practices regarding the 
use of health IT, without fear of repercussions?
    Answer 3. Expanding and encouraging ONC's certified technology 
Surveillance program (as described above) is very important. Publicly 
reporting significant findings of this surveillance program is also 
very important. Like any good enforcement program, whistle-blower 
protections should be put into place, and cases should be promptly and 
professionally handled. In our experience, even when a vendor is forced 
to correct a shortcoming in their technology, the remediation time 
window is so long (months to more than a year) that it adversely 
affects the practice and other stakeholders anyway, and no compensation 
is offered to the affected practices or entities while the remediation 
is being performed. In some cases, the practices have been forced to 
pay the additional ``product'' fees the vendor originally requested 
even though we know the vendor's product has been found to be defective 
and the obligated fix is working its way through the system.
    A successful Surveillance program must have teeth--that is, ONC 
must have the power and a mechanism to withdraw certification if 
necessary. In theory, this is currently possible, but in reality this 
is rarely done because of concern for the impact of decertification on 
those providers that use the decertified products. This creates a ``too 
big to fail'' scenario with EHR vendors. These implications should be 
addressed clearly in the Certification program. There are several ways 
to address this:

    1. Require the decertified vendor to continue to provide services 
to the practices but discount their fees to offset the Medicare or 
Medicaid penalties the practice will incur by not meeting Meaningful 
Use. If the loss to the provider exceeds the feeds then actual 
financial compensation could occur.
    2. An insurance product could be required of Certified Vendors (or 
even made available to practices) that would enable the providers to 
change vendor products should the Certification of their existing 
systems be withdrawn or should the vendor go out of business. This 
could be a means of supporting the ``lemon law'' I proposed in my 
previous testimony.
                              senator enzi
    Question 1. What is the greatest barrier in obtaining access to 
data from the perspective of vendors?
    Answer 1. I suppose that the EHR vendors would cite the complexity 
of the MU Certification process, the cost of connecting their products 
to HIE's in various communities, and the highly variable levels of 
sophistication among the HIE vendors and HIE organizations. While I 
agree that these elements all play a factor, one simple fact makes me 
question the real significance of these issues. It has been known for a 
long time (decades in some cases) that many of the large EHR vendors 
aggregate data from their customers and resell de-identified data to 
researchers, pharma, and other organizations interested in big 
healthcare data. Most practices and hospitals sign agreements with 
these vendors that contain fine print that grants the EHR vendor the 
rights to that de-identified clinical data. Very few providers, in my 
experience, are aware of this practice. This common practice, which 
requires all of the same activities as interoperability, makes me 
skeptical about vendor complaints that interoperability is ``too hard'' 
or ``too expensive''.

    Question 2. Is this challenge technical in nature, rooted in 
custom-designed EHR's? What, in your opinion, would be the simplest way 
to address this problem?
    Answer 1. There are two potential sources of data blocking: (1) 
Provider data blocking and (2) Vendor data blocking.
    Provider data blocking: As noted in my testimony, with the rise of 
value-based and risk-sharing payment models, provider opposition to 
interoperability seems to be melting away, because the incentives to 
have the complete medical record available wherever and whenever needed 
for care are now shared among the patient and all providers they choose 
to involve in their care.
    Vendor data blocking: Unfortunately, these incentive realignments 
do not seem to have affected Vendor data blocking. In our recent 
experience, the greatest barriers to broad interoperability are EHR 
vendor policies and business practices around interoperability, not 
technical challenges. While it is true that many of the largest EHR 
vendors are still running highly proprietary code written in the 1980s 
and 1990s, and some are still using database products from the 1970s, 
the basic capabilities needed for appropriate levels of 
interoperability have existed for a long time and frankly work quite 
well if they are used.
    As described above, most vendors are quite capable of extracting 
clinical data, standardizing its structure and exchanging it with other 
organizations as evidenced by decades of resale of de-identified 
clinical data to third parties by many EHR vendors. Despite this 
extensive experience, EHR vendor capabilities for data exchange and 
quality of the exported data remains quite poor and non-compliant with 
the Certification Criteria. Thus, one can only conclude that the 
correct incentives are not in place to warrant these vendors to 
participate fully in interoperability.
    The simplest solution to this problem is iterative, not sweeping--
this is, it builds on the work already begun rather than ripping and 
replacing with some other new, potentially more expensive approach.

    1. As recommended above, the 2015 EHR certification program should 
be allowed to proceed, because it contains a number of provisions that 
should increase the interoperability capabilities of the EHR vendors 
and improve the Surveillance program.
    2. The Certified EHR Surveillance program at ONC should be 
adequately funded, as noted above. In particular, vendors should be 
required to demonstrate that each install of their product is 
interoperable by making a connection to a standard test server operated 
by the Certification Program or perhaps a local health information 
exchange organization certified by ONC, and transmitting the required 
standard documents on a few dozen test patients. This level of testing 
would provide assurance to the practice or hospital and their patients 
that the EHR product has the capabilities and is properly configured 
for interoperability. This concept has been referred to previously as 
``field testing'' for interoperability and would go a long ways toward 
assuring that the technical capabilities are not a limitation.
    3. Making the patient, rather than the practice or provider, the 
frame of reference for quality and value measurement: By emphasizing 
(and even requiring) the use of interoperable data on each patient in 
quality reporting and other value assessment, CMS and others can shift 
vendor and provider incentives away from data blocking toward improved 
health data interoperability.

    Making this change to focus measurement on the patient is also 
critical for the success of value-based payment models. New value-based 
payment models for healthcare are showing some promise that savings can 
actually be achieved while quality is maintained or improved. For 
example, CMMI's Comprehensive Primary Care initiative has shown 7 
percent and 5 percent cost savings over the last 2 years in Oklahoma. 
However, all value-based payment models depend completely on having the 
ability to measure Value accurately.
    Unfortunately, those of us practicing medicine and working with 
clinical information daily have come to recognize a significant 
methodological flaw in CMS's current approach to value assessment which 
calls the validity of most of today's value assessment into question. 
Although an exhaustive discussion of this is not possible here (happy 
to provide more details if there is interest), the basic issue is that 
the current measurement approach uses the wrong frame of reference. 
Just as adopting the correct frame of reference is important to solving 
basic physics problems, so too is adopting the proper frame of 
reference critical to correctly measuring value in healthcare. 
Unfortunately, most current CMS projects adopt the doctor or the 
practice as the frame of reference for measurement, when in reality, 
the proper frame of reference is the patient. To choose any other frame 
of reference than the patient is to risk repeatedly counting the same 
(and especially the sickest) patients over and over as they see 
multiple doctors and hospitals. In addition, only by centering 
measurement on the patient can the impact of team-based care and 
effective care coordination be measured and reported accurately and 
without methodological issues. We have demonstrated this approach to 
measurement in Oklahoma as part of the successful Comprehensive Primary 
Care Initiative, and it makes a significant difference in the results.
    The achievement of these three items and especially item #3 will 
create a marketplace whose natural tendencies are toward, rather than 
away from, interoperability.

    Question 2. When you work with vendors, providers, and ONC to 
resolve issues, do you see there being a need for a more defined 
process to facilitate those interaction?
    Answer 2. The CEHRT Surveillance program was originally conceived 
to provide such a defined process but until the last year or so has not 
been an active program. ONC appears to be making strides in 
strengthening the Surveillance program but funding for the effort seems 
limited. As recommended above, a strong, transparent, and responsive 
Surveillance program with real ``teeth'' will go a long ways toward 
reducing EHR data blocking. We would be happy to contribute specific 
experiences and suggestions for improving and expanding the 
surveillance program.
                             senator casey
    Question 1. In the absence of a straightforward method of patient 
matching like a national patient identifier, health IT uses complicated 
algorithms to match patient records from multiple locations and 
providers. Algorithms include data such as name, date of birth, 
address, and social security number. Pennsylvania has a significant 
Amish population and many Amish people don't have Social Security 
numbers or phone numbers. Additionally, many older female patients 
share a Social Security number with their husbands and many are widows, 
making matching of their records challenging. As a result, hospitals 
like Geisinger in Danville, PA have had to develop unique and 
complicated ways of matching patients that are not always highly 
reliable.
    How does lack of reliable method of patient matching contribute to 
difficulties in sharing information? Are there additional sub-
populations for which patient matching is especially difficult? What 
are the implications for care of the patient? What, in your view, is 
the best solution?
    Answer 1. Assuring accurate patient identity is critical to the 
health and well-being of the patients we serve. Unfortunately, the 
political will to implement a nationwide patient identifier has not 
existed since the passage of HIPAA authorized it. Nevertheless, there 
are many things that can be done to address this issue. In particular, 
electronic master patient indexes (eMPI's) have become important tools 
for resolving identity at regional and State levels, and many HIE's 
around the country have these tools and several offer them to local 
doctors, hospitals and other providers as a source of truth against 
which patient registrations can be searched. In addition, State and 
regional eMPI's can provide active feedback to providers about patient 
identities that may have errors or need resolution. By correcting data 
at the source, the accuracy of patient identity throughout the entire 
healthcare system is improved. We have seen that this approach can be 
quite successful, with close to 99 percent of all patient identities 
accurately matched between organizations without human intervention. 
The remaining patient identities must be matched to the correct patient 
with human intervention. In the case of a State or region, this is 
manageable. However, it is probably premature to attempt to construct a 
national eMPI because the trust does not yet exist at a national level, 
and further the number of manual interventions required would be in the 
millions, requiring significant staff.
    Our experience at MyHealth confirms the concerns outlined in the 
question about specific missing data (like social security numbers). In 
addition, we often see patients with rapidly changing addresses, phone 
numbers, and even last names. We carefully monitor the identity of 
twins, triplets, quadruplets, etc, because they often have very similar 
first names and identical last names, dates of birth, addresses and 
phone numbers. Having a single medical ID does not necessarily help 
with these kinds of issues. A single medical ID could be helpful--it is 
after all just one more data point on the patient. However, in our 
experience, even with a national identifier, all of the logic and 
capabilities of an eMPI will still be required to accurately maintain 
identity.
    For regions/States which have implemented eMPI's, the challenge of 
maintaining accurate patient identity is greatly reduced. In order to 
optimize this approach, some regions have included State registration 
data such as that from State DMV's or identity from credit agencies 
such as Equifax and others.
    This does leave the challenge of maintaining patient identity on a 
national level, but a strong regional/State-level eMPI infrastructure 
will enable the optimization and exchange of patient identity at a 
national level as well. By optimizing identity where patients receive 
most of their care (near their homes), the issue of national patient 
identity becomes much more manageable. As States and regions work with 
one another to exchange interoperable health data, they are addressing 
these issues of identity management as well, so this issue may already 
be on its way to solution.
                            senator baldwin
    Question 1. In your testimonies, a number of you suggest that we 
need to increase transparency for all stakeholders to help address some 
of the problems we see with data blocking and to promote 
interoperability.
    How do we create this transparency; what needs to be measured and 
reported by providers and vendors for us to determine if data blocking 
is occurring or if progress is being made?
    Answer 1. Creating transparency is important. I would offer three 
ways of achieving transparency of the data blocking issue, and suggest 
that these approaches are also essential to curing the data blocking 
issue:

    1. Further emphasize (and fund) the ONC Certification Surveillance 
program with included language about transparency of findings and 
public communication of results.
    2. Establish a nationwide measure of interoperability. This metric 
is constructed using existing data sources and would be based on the 
premise that every patient deserves to have their complete, 
longitudinal medical record available wherever and whenever it is 
needed for decisions about their healthcare. This single metric can be 
applied to specific types of clinical encounters and events to track 
and monitor our progress as a nation toward interoperability. A few 
months of research would be required to rigorously validate the metric 
but it will provide enormous insight and motivation toward 
interoperability once available. We have prototyped such a measure and 
it seems quite feasible to roll out broadly within a year.
    3. Measure value at the correct frame of reference: the patient. As 
noted above, value-based payment models must be based on value 
assessments that take into account each patient's entire experience of 
care, not just the pieces of experience that occur in each practice or 
with each individual doctor. If payment policy shifts to reward 
reporting metrics based on multi-sourced/complete data on each patient 
rather than just individual practice perspectives, sophisticated 
interoperability will spread quickly because it will have a clear 
business case for providers and vendors.
                            senator cassidy
    Question 1. How do you define data blocking?
    Answer 1. I would define data blocking as any factor, whether 
intentional or unintentional that prevents a patient from having their 
complete, longitudinal medical record available wherever and whenever 
they or their healthcare team needs it for decisionmaking about their 
health. Admittedly this is an outcome-based definition of data 
blocking, but I find it helps avoid the loopholes and semantic issues 
that have thus far enabled vendors and others to thwart attempts at 
true healthcare data interoperability. Unintentional causes of data 
blocking should be identified and pursued for correction, which can be 
greatly facilitated by the creation of an Interoperability Metric as 
described above. Intentional causes of data blocking need to be 
identified (again, using an Interoperability Metric) and brought to 
light using smart policy (to align incentives away from data blocking, 
for example) and enforcement of regulations (such as the ONC 
Surveillance program).

    Question 2. In the context of certification, how do you penalize 
the vendor without penalizing the physician?
    Answer 2. As described above in more detail, it makes sense that, 
because the EP or EH has purchased a product that has been 
``certified'' by a government agency, it is not fair to penalize them 
for subsequent failures of that product, including the potential 
revocation of the product's certification. The purchase and 
implementation of an EHR product is a massive, expensive and complex 
task for any healthcare organization, and is usually second only to 
(and often exceeds) the cost of their physical facilities. In today's 
healthcare marketplace, the EHR is central to the success or failure of 
the organization.
    For these reasons, it seems logical that significant consumer 
protections and risk mitigation should exist for purchasers of these 
systems. Among these should be:

    1. Requirement that a vendor who loses their certification, even if 
only temporarily, must cover any MU penalty losses to their customers, 
first through discounts on licensing fees, and then through future 
service or actual monetary compensation.
    2. Establishment of insurance products to mitigate the extreme cost 
and market share loss experienced by practices and hospitals who must 
make an unexpected EHR vendor change. Practices or hospitals could then 
require that their vendor be ``bonded'' against such an unexpected 
event, similar to the way risk is mitigated in the construction 
industry today.
    3. Make Vendor contracts, including as much as possible the Total 
Cost of Ownership, transparent, and encourage a competitive, consumer-
driven marketplace which will ultimately be much more conducive for 
success as well as continued innovation.
    4. Be very careful not to ``over design'' the requirements of 
certified Health IT (and the required uses of that IT)--the 
requirements should be written to focus on the desired outcome rather 
than prescribing exactly how the outcome should be achieved. If we 
eliminate the potential for innovation then we have failed utterly in 
our efforts to improve health and reduce costs.

    Unfortunately, many EP's and EH's are being penalized now for not 
meeting MU requirements even though they invested in Certified health 
IT. Putting in place policies that ensure that health IT is an open 
marketplace with sufficient transparency to enable the consumers (in 
this case doctors and hospitals, but eventually patients as well) to 
drive the success or failure of the vendors will be the best and most 
permanent fix.

    Question 3. Should ``gag clauses'' in contracts be made illegal?
    Answer 3. Yes. I can't think of a single way that these gag clauses 
improve patient care, reduce costs, or improve the practice of 
medicine.

    [Whereupon, at 11:50 a.m., the hearing was adjourned.]

                                  [all]