b"<html>\n<title> - REGULATORY DIVERGENCE: FAILURE OF THE ADMINISTRATIVE STATE</title>\n<body><pre>[House Hearing, 115 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n       REGULATORY DIVERGENCE: FAILURE OF THE ADMINISTRATIVE STATE\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                            SUBCOMMITTEE ON\n                       INTERGOVERNMENTAL AFFAIRS\n\n                                 OF THE\n\n                         COMMITTEE ON OVERSIGHT\n                         AND GOVERNMENT REFORM\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED FIFTEENTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                             JULY 18, 2018\n\n                               __________\n\n                           Serial No. 115-92\n\n                               __________\n\nPrinted for the use of the Committee on Oversight and Government Reform\n\n\n\n              [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\n\n         Available via the World Wide Web: http://www.fdsys.gov\n                       http://oversight.house.gov\n                       \n                                  ________\n                                 \n                       \n                      U.S. GOVERNMENT PUBLISHING OFFICE\n                \n31-369 PDF                      WASHINGTON: 2018\n                        \n                       \n                       \n              Committee on Oversight and Government Reform\n\n                  Trey Gowdy, South Carolina, Chairman\nJohn J. Duncan, Jr., Tennessee       Elijah E. Cummings, Maryland, \nDarrell E. Issa, California              Ranking Minority Member\nJim Jordan, Ohio                     Carolyn B. Maloney, New York\nMark Sanford, South Carolina         Eleanor Holmes Norton, District of \nJustin Amash, Michigan                   Columbia\nPaul A. Gosar, Arizona               Wm. Lacy Clay, Missouri\nScott DesJarlais, Tennessee          Stephen F. Lynch, Massachusetts\nVirginia Foxx, North Carolina        Jim Cooper, Tennessee\nThomas Massie, Kentucky              Gerald E. Connolly, Virginia\nMark Meadows, North Carolina         Robin L. Kelly, Illinois\nRon DeSantis, Florida                Brenda L. Lawrence, Michigan\nDennis A. Ross, Florida              Bonnie Watson Coleman, New Jersey\nMark Walker, North Carolina          Raja Krishnamoorthi, Illinois\nRod Blum, Iowa                       Jamie Raskin, Maryland\nJody B. Hice, Georgia                Jimmy Gomez, Maryland\nSteve Russell, Oklahoma              Peter Welch, Vermont\nGlenn Grothman, Wisconsin            Matt Cartwright, Pennsylvania\nWill Hurd, Texas                     Mark DeSaulnier, California\nGary J. Palmer, Alabama              Stacey E. Plaskett, Virgin Islands\nJames Comer, Kentucky                John P. Sarbanes, Maryland\nPaul Mitchell, Michigan\nGreg Gianforte, Montana\nMichael Cloud, Texas\n\n                     Sheria Clarke, Staff Director\n                    William McKenna, General Counsel\n                 Kelsey Wall, Professional Staff Member\n   Katy Rother, Intergovernmental Affairs Subcommittee Staff Director\n                    Sharon Casey, Deputy Chief Clerk\n                 David Rapallo, Minority Staff Director\n                                 ------                                \n\n               Subcommittee on Intergovernmental Affairs\n\n                     Gary Palmer, Alabama, Chairman\nGlenn Grothman, Wisconsin, Vice      Jamie Raskin, Maryland, Ranking \n    Chair                                Minority Member\nJohn J. Duncan, Jr., Tennessee       Mark DeSaulnier, California\nVirginia Foxx, North Carolina        Matt Cartwright, Pennsylvania\nThomas Massie, Kentucky              Wm. Lacy Clay, Missouri\nMark Walker, North Carolina          (Vacancy)\nMark Sanford, South Carolina\n\n\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nHearing held on July 18, 2018....................................     1\n\n                               WITNESSES\n\nMr. James ``Bo'' Reese, President, National Association of State \n  Chief Information Officers; Chief Information Officer, Office \n  of Management and Enterprise Services, State of Oklahoma\n    Oral Statement...............................................     5\n    Written Statement............................................     8\nMr. John Riggi, Senior Advisor for Cybersecurity and Risk, \n  American Hospital Association\n    Oral Statement...............................................    30\n    Written Statement............................................    32\nMr. Robert Weissman, President, Public Citizen\n    Oral Statement...............................................    38\n    Written Statement............................................    40\nMr. Christopher Feeney, Executive Vice President, Bank Policy \n  Institute\n    Oral Statement...............................................    71\n    Written Statement............................................    73\nMr. Oliver Sherouse, Policy Analytics Lead, Program for Economic \n  Research on Regulation, Mercatus Center\n    Oral Statement...............................................    86\n    Written Statement............................................    88\n\n \n       REGULATORY DIVERGENCE: FAILURE OF THE ADMINISTRATIVE STATE\n\n                              ----------                              \n\n\n                        Wednesday, July 18, 2018\n\n                  House of Representatives,\n         Subcommittee on Intergovernmental Affairs,\n              Committee on Oversight and Government Reform,\n                                                   Washington, D.C.\n    The subcommittee met, pursuant to call, at 2:08 p.m., in \nRoom 2154, Rayburn House Office Building, Hon. Gary J. Palmer \n[chairman of the subcommittee] presiding.\n    Present: Representatives Palmer and Raskin.\n    Mr. Palmer. The Subcommittee on Intergovernmental Affairs \nwill come to order. Without objection, the presiding member is \nauthorized to declare a recess at any time.\n    The Federal Government has long been associated with \nentrenched bureaucracy, separated by agencies and ignorant of \nthe realities of the average American's life. Federal agencies \nimpose regulatory requirements under a siloed organizational \nstructure that is program by program, department by department, \nwith very little interagency coordination. This committee is \nwell aware of the impact of Federal agencies' failure to \ncoordinate between themselves and non-Federal stakeholders.\n    For the last 8 years, the Government Accountability Office \nhas issued an annual report on overlapping, duplicative, and \notherwise wasteful Federal programs. And to date, addressing \nthe problems that GAO highlights in these reports has saved \nover $175 billion. Addressing the remaining could save tens of \nbillions of dollars more. And I might even argue, in some cases \nhundreds of billions of dollars more.\n    In other words, the failure of Federal agencies to \ncoordinate has wasted hundreds of billions of dollars of \ntaxpayer money over the last decade.\n    But the impact of the failure of the administrative state \ndoesn't stop there. The lack of interagency coordination has \nled to a steady accumulation of divergent regulatory mandates \non States and the private sector. Despite often seeking similar \nresults, Federal agencies impose conflicting regulations that \nforce the regulated entities, like State agencies and private \nsector businesses, to focus heavily on compliance rather than \nimproved outcomes.\n    Although the panel comes from different sectors, missions, \nand backgrounds, there is remarkable consistency in their \ntestimony about the burdensome effects of a divergent \nregulatory regime.\n    Today Federal regulations touch nearly every aspect of \ndaily life, and those regulations have become so complex that \neven the regulators can't agree what the requirements are or \nhow to comply with them.\n    As a result, these divergent regulations drastically \nincrease the overall cost of the intended operations and \ndeviate from the intended purpose of the regulations \nthemselves. According to the Competitive Enterprise Institute, \nFederal regulations cost the economy nearly $2 trillion \nannually.\n    And what I like to point out, I have some colleagues who \nidentify that as a hidden tax. It really isn't. At least a tax \ngoes to build a road or a bridge or has some good purpose in \nmany cases. A regulatory cost is just a hidden cost that weighs \ndisproportionately heavily upon low-income families. I think \nthat averages almost $15,000 per household.\n    Likewise, State governments also experience a drain on \nresources and State autonomy due to regulatory divergence. \nState officials from the National Association of State Chief \nInformation Officers have shared multiple accounts with the \ncommittee on duplicative and inconsistent audit requirements \nimposing significant burdens on States without any substantive \nbenefit.\n    One State's chief information security officer reported \nthan an audit of the same data security enterprise yielded \ninconsistent results across multiple Federal agencies. \nUnfortunately, this has become a regular feature of the State \npartnership with the Federal Government.\n    It is our duty to the American people to explore \nopportunities to harmonize our current regulatory standards. To \ndo this, Federal agencies, along with State governments and the \nprivate sector, need to come together to develop means of \ncommunication and cooperation to mitigate future duplicative, \ninconsistent, and obsolete regulations.\n    We are fortunate today to have with us a panel that can \nhelp us better understand the challenges imposed by these \nFederal regulatory standards. I thank the witnesses for being \nhere today.\n    And at this point, I would like to yield to my friend and \ncolleague from Maryland, the ranking member, Mr. Raskin, for \nhis opening statement.\n    Mr. Raskin. Mr. Chairman, thank you. It's always a pleasure \nto be with you, Chairman Palmer.\n    I'm planning to surprise everyone by becoming the first \nAmerican politician in history to defend regulation in its \nentirety: the notice and comment period, the hearing process, \nregulatory enforcement, the whole kit and caboodle.\n    Let's start with terminology. A regulation is just a fancy \nname for a rule, and we all live according to rules. Every \nfamily has rules, every household, every sport, every school, \nevery road, every highway, every institution, every economy, \nevery government, every nation, every corporation, every State, \ncounty, city, and town.\n    And, indeed, Congress itself and every committee has rules. \nI get 5 minutes to do my opening presentation no matter how \nbrilliant it is, not 6 minutes, not 4 minutes, but we've got a \nrule about it. The rule gives us a fair allotment of time and \nmakes each of us free to use it. We will probably invoke dozens \nof rules as we go about our business in the House today.\n    But the rules targeted for criticism in this hearing are \nthe rules that Federal agencies adopt to enforce the laws that \nwe pass in Congress. The laws and the rules reflect the values \nof the people and implement our social priorities.\n    Look at what agency rules do. The Department of Labor's \novertime rule says that hourly wage workers must be paid time \nand a half when their bosses ask them to work more than 40 \nhours a week. That's a rule which gives dignity and fairness to \nworkers.\n    The Federal Aviation Administration's 24-hour rule says \npassengers forced to cancel airline ticket reservations with 24 \nhours of purchase must get a full refund. Another FAA rule says \nthat passengers who miss their flight must be given standby \naccess if they arrive within 2 hours of the missed flight on \nthe next flight.\n    A lot of Federal rules save human lives and protect public \nhealth. The National Highway Transportation Safety \nAdministration's Gulbransen rule requires dramatically improved \nrear visibility in new cars, which is why so many people in \nthis room and in our country have backup cameras on their \ndashboards now. Although President Bush signed it into law in \n2008, the rule was unnecessarily delayed and went into effect \nin 2018.\n    Named for 2-year-old Cameron Gulbransen, who was killed \nwhen a car accidentally backed up over him, this rule has \nalready begun to significantly lower the number of deaths and \ninjuries, roughly 250 deaths and more than 12,000 injuries a \nyear that were occurring from accidents caused by vehicles in \nreverse. The rule compels use of a technology that had been \navailable for a decade but was opposed by the auto industry, \nwhich tried to keep it as an optional luxury add-on item.\n    Everyone knows that the seatbelt rule has saved tens or \neven hundreds of thousands of lives since it was adopted in \n1983 despite vehement protests that this was overregulation or \nhyper-regulation when it was first adopted.\n    Like these, most Federal rules are commonsense protections \nof vital freedoms that we cherish as Americans. Freedom from \nair pollution and water pollution. Freedom from dangerous \nconsumer appliances. Freedom from workplace discrimination and \nexploitation. Freedom from predatory business practices and \nmonopolies.\n    Moreover, rules have made our people freer and our country \nsafer, healthier, cleaner, more just, more equitable, and more \nsecure.\n    Yet President Trump and my GOP colleagues in the House have \nmade destroying government rules one of their top priorities, \nand they have made of deregulation a mindless political fetish.\n    But they target only certain kinds of rules. The \nadministration hates rules that get in the way of corporate \npower. They want to get rid of rules that restrict Wall Street \nand the finance industry. They want to scrap rules that enforce \nthe Clean Water Act and the Clean Air Act and rules that \nrestrict the freedom of polluters.\n    They love other kinds of rules. They want rules that \ninterfere with women's rights to make their own healthcare \ndecisions and decisions about birth control and reproduction. \nJust this past May, the administration issued a gag rule that \nblocks recipients of Federal family planning funds from \ncounseling or advising women about abortions, and also \ncompelling expensive physical, financial, and programmatic \nsegregation between units that provide such counseling and \nthose that do not.\n    They pile rule upon rule in the SNAP program to impose a \nkind of bureaucratic extremism which makes it impossible for \npeople to access nutritional benefits that they need.\n    So regulations, like statutes or ordinances or \nconstitutions, are just forms of law. They can be good, they \ncan be bad. They can be efficient, they can be inefficient, \nfair or not. But my colleagues invite us to believe that \nFederal regulation is, in general, categorically burdensome and \ncostly. That's false, and we've got a way to show it.\n    The Office of Management and Budget annually issues a \ncongressionally mandated report that identifies the costs of \ngovernment rules on the private sector and the estimated \nfinancial benefits produced for the American people. Every year \nthis report shows objectively that the economic benefits of \nFederal rules far outweigh the cost.\n    Quite shockingly, the administration tried to bury this \nyear's report, releasing it 2 months late, almost certainly \nbecause its findings undercut everything the President has \nstated about government rules.\n    The report found that last year Federal rules imposed \naround $5 billion in costs on businesses. At the same time, \nthey resulted in more than $27 billion in benefits to the \npublic. The regulatory benefits to taxpayers are more than five \ntimes the cost of these rules.\n    The costs of an America without any Federal rules are not \nhard to imagine, but they are impossible to accept. Cars \nwithout backup cameras or seatbelts. Peanut butter made in \nunsanitary conditions. Banks and hedge funds freed from rules \nof prudential lending. Coal mines that poison coal miners and \ncollapse on human beings with impunity. Predatory payday \nlenders operating without a CFPB checking them. Out-of-control \ndata breaches. And so on.\n    This deregulatory project in our economy and environment is \nrisky and dangerous. We cannot risk American lives and our \nenvironment because the President wants to reward large \ncampaign donors while using the regulatory bogeyman to try to \ndestroy democratically chosen rules.\n    Let's think pragmatically and not ideologically. Let's \nremember that Federal rules are just America's rules. And when \nit comes to building a strong democracy, laissez isn't fair.\n    Thank you very much, Mr. Chairman.\n    Mr. Palmer. I thank the gentleman.\n    I'm pleased to introduce our witnesses.\n    Mr. James ``Bo'' Reese, president of the National \nAssociation of State Chief Information Officers, and Chief \nInformation Officer, Office of Management and Enterprise \nServices, State of Oklahoma.\n    Mr. John Riggi, senior advisor for cybersecurity and risk \nfor the American Hospital Association.\n    Mr. Robert Weissman, president of Public Citizen.\n    Mr. Christopher Feeney, executive vice president of the \nBank Policy Institute.\n    And Mr. Oliver Sherouse, policy analytics lead for the \nProgram for Economic Research on Regulation at the Mercatus \nCenter.\n    Welcome to you all.\n    Pursuant to committee rules, all witnesses will be sworn in \nbefore they testify. Please stand and raise your right hand.\n    Do you solemnly swear or affirm the testimony you're about \nto give is the truth, the whole truth, and nothing but the \ntruth, so help you God?\n    The record will reflect that all witnesses answered in the \naffirmative.\n    Please be seated.\n    In order to allow time for discussion, please limit your \ntestimony to 5 minutes. And your entire written statement will \nbe made part of the record.\n    As a reminder, the clock in front of you shows the \nremaining time during your opening statement. The light will \nturn yellow when you have 30 seconds left and red when your \ntime is up. Please also remember to press the button to turn \nyour microphones on before speaking.\n    The chair now recognizes the gentleman, Mr. Reese, for 5 \nminutes.\n\n                       WITNESS STATEMENTS\n\n                STATEMENT OF JAMES ``BO'' REESE\n\n    Mr. Reese. Thank you, Chairman Palmer and Ranking Member \nRaskin and members of the subcommittee. Thank you for inviting \nme to testify before you today on the burden of Federal \nregulations and their impact to State governments.\n    My name is Bo Reese, and I serve as the chief information \nofficer, or CIO, for the State of Oklahoma. I also serve as the \npresident of the National Association of State Chief \nInformation Officers, or NASCIO.\n    All 50 States and three territories are members of NASCIO, \nand we represent the interests of government-appointed State \nCIOs who acted as the top IT officials for State government.\n    Today I would like to provide the subcommittee an overview \nof how Federal regulations hamper the ability of State CIOs to \noffer effective and efficient technology and IT services. I \nwill also touch upon how the complex Federal regulatory \nenvironment is duplicative in nature, contributes to \ninconsistent Federal audits, and drives cybersecurity \ninvestments based on compliance and not risk, which is the more \nsecure approach.\n    State CIOs act as the technology and IT provider for State \nagencies. State agencies administer Federal programs, like \nMedicaid, SNAP, unemployment insurance, and in so doing \nexchange data with Federal agencies. Because of this \nintergovernmental relationship, Federal agencies impose rules \non State agencies and all their requirements in audits which \nthen flow to State CIOs who provide IT services to State \nagencies.\n    Compliance with the multitude of Federal regulations is \nburdensome on States, especially those like Oklahoma that have \nconsolidated or unified our IT service delivery. IT unification \nhas resulted in $372 million in cost savings and avoidance for \nOklahoma.\n    Before IT unification, Oklahoma was supporting 129 email \nservers in State government, 76 different financial systems, 22 \ntime and attendance systems, and 30 data center locations. \nAfter the 5-year IT unification process, we were able to reduce \nredundancies and leverage economies of scale, further enabling \nthe hundreds of millions in savings and cost avoidance.\n    The biggest hurdle we faced in achieving IT consolidation \nwas compliance with Federal regulations. Our Federal agency \npartners are regulating the States not in a streamlined \nfashion, similar to the way we now operate, but in a siloed way \nthat impedes our ability to operate effectively. States must \ncomb through thousands of pages of Federal regulations to \nensure that they are in compliance while administering Federal \nprograms.\n    And even though many Federal regulations are similar in \nnature, they each have minor differences, which then requires \none-off adjustments for each Federal regulation. This obscures \nthe goal of IT consolidation, which ultimately produces savings \nfor taxpayers.\n    We certainly understand the importance of regulations and \nare not advocating their wholesale elimination. The problem is \nnot that there is regulation, but that Federal requirements are \norganized by Federal individual program and do not follow the \nindustry-recommended approach, which would regulate cyber \nthreats by their risk.\n    The siloed Federal regulatory approach is carried forward \nin the Federal audit process. Audits are conducted program by \nprogram and not holistically. This means that my office \nresponds to the same audit questions multiple times, again and \nagain, year after year.\n    For example, in Oklahoma, the IRS audited one State agency \nmultiple times because it viewed different programs as distinct \nand separate entities. My office had to answer hundreds of \nquestions, attend multiple audit meetings, and deliver \nadditional explanatory material multiple times for one State \nagency.\n    This wasteful and inefficient process is repeated time and \ntime again across many different State agencies for each \nFederal regulatory entity, not to mention the fact that several \nauditors had different results even though they examined the \nsame audit environment.\n    A great example of this inefficiency is, in 2016, the State \nof Oklahoma performed 14 audits over 8 months on the same IT \nenvironment. In 2017, we had 11 audits that took us 7 months \nand all of our resources to perform.\n    Ultimately, we believe that there is a more efficient and \nholistic way of ensuring data security and allowing States to \nimplement IT consolidation plans that have proven to generate \ncost savings.\n    We would like your assistance in getting Federal regulators \nto the table with the State CIOs so that we can harmonize \nregulatory environments and streamline the audit process \ntogether.\n    To this end, NASCIO members have already started the \nprocess of identifying the differences with two major \nregulations. And I have a great example of what we've performed \nalready today. The IRS Publication 1075 and the FBI-CJIS are \nthe two that we compared.\n    We hope to engage with our Federal partners further and \nappreciate the subcommittee's support in reducing the \nregulatory burden on States.\n    In closing, I would like to thank the subcommittee for the \nopportunity to testify on this important issue, and also like \nto express our gratitude to Chairman Gowdy for initiating the \nGAO study on the State impact of Federal regulations in October \nof last year.\n    I look forward to your questions, and thank you.\n    [Prepared statement of Mr. Reese follows:]\n    \n    \n    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Palmer. I thank the gentleman.\n    The chair now recognizes Mr. Riggi for his testimony.\n\n                    STATEMENT OF JOHN RIGGI\n\n    Mr. Riggi. Good afternoon. My name is John Riggi, and I \nappreciate the opportunity to testify on behalf of the American \nHospital Association today.\n    Every day hospitals and health systems confront the \ndaunting task of complying with a growing number of Federal \nregulations. While Federal regulation is necessary to ensure \nthat healthcare patients receive safe, high quality care, in \nrecent years, clinical staff--doctors, nurses, and caregivers--\nfind themselves devoting more time to regulatory compliance, \ntaking them away from patient care. Some of these rules do not \nimprove care, and all of them raise costs.\n    Last fall, the AHA issued a report entitled ``Regulatory \nOverload,'' and I appreciate the opportunity today to discuss \nthe findings. The major findings include that health systems, \nhospitals, and post-acute care providers must comply with 629 \ndiscrete regulatory requirements across nine domains.\n    The four agencies that promulgated these requirements--the \nCenters for Medicare and Medicaid Services, CMS; the Office of \nthe Inspector General, Office for Civil Rights, OIG OCR; and \nthe Office of the National Coordinator for Health Information \nTechnology, ONC--are the primary drivers of Federal regulation \nimpacting these providers.\n    However, providers also are subject to regulation from \nother Federal and State entities which are not accounted for in \nthis report.\n    Health systems, hospitals, and post-acute care providers \nspend nearly $39 billion a year solely on the administrative \nactivities related to regulatory compliance in the nine domains \ndiscussed in the report.\n    An average-sized community hospital of 161 beds spends \nnearly $7.6 million annually on administrative activities to \nsupport compliance with the reviewed Federal regulations. That \nfigure rises to $9 million for those hospitals with post-acute \ncare beds.\n    Nationally, this equates to $38.6 billion each year to \ncomply with the administrative aspects of regulatory compliance \nin just these nine domains.\n    Looked at in another way, regulatory burden costs $1,200 \nevery time a patient is admitted to a hospital.\n    An average-sized hospital dedicates 59 full-time equivalent \nemployees to regulatory compliance, over one-quarter of which \nare doctors, nurses, and pulling clinical staff away from \npatient care responsibilities.\n    The frequency and pace of regulatory change make compliance \nchallenging and often results in duplication of efforts in \nsubstantial amounts of clinician time away from patient care. \nAs new or updated regulations are issued, a provider must \nquickly mobilize clinical and nonclinical resources to decipher \nthe regulations and then redesign, test, implement, and \ncommunicate new processes throughout the organization.\n    Providers dedicate the largest proportion of resources to \ndocumenting conditions of participation, CoPs, adherence, \nbilling and coverage verification processes. Meaningful use has \nspurred provider investment in IT systems, but exorbitant costs \nand ongoing interoperability issues remain. Quality reporting \nrequirements are often duplicative and have inefficient \nreporting processes, particularly for providers participating \nin value-based purchasing models.\n    Again, this creates inefficiency and consumes significant \nfinancial resources and clinician staff.\n    Fraud and abuse laws are outdated and have not evolved to \nsupport new models of care. The Stark Law and the Anti-Kickback \nStatute, AKS, can be impediments to transforming care delivery.\n    While CMS has waived certain fraud and abuse laws for \nproviders participating in various demonstration projects, \nthose who receive a waiver generally cannot apply it beyond the \nspecific demonstration or model.\n    The lack of protections extending care innovations to other \nMedicare or Medicaid patients and commercially insured \nbeneficiaries minimize efficiencies and cost savings realized \nthrough these types of models and demonstration projects.\n    A reduction in administrative burden would enable providers \nto focus on patients, not paperwork, and reinvest resources in \nimproving care, improving health, and reducing costs.\n    We have several general recommendations to reduce \nadministrative requirements without compromising patient \noutcomes:\n    Regulatory requirements should be better aligned and \nconsistently applied within and across Federal agencies and \nprograms and subject to routine review for effectiveness to \nensure the benefit for the public good outweigh additional \ncompliance burdens;\n    Regulators should provide clear, concise guidance and \nreasonable timelines for the implementation of new rules;\n    Conditions of participation should be evidence-based, \naligned with other laws, industry standards, and flexible in \norder to support different patient populations and communities;\n    Federal agencies should accelerate the transition to \nautomation of administrative transactions, such as prior \nauthorization;\n    Meaningful use requirements should be streamlined and \nshould be increasingly focused on interoperability and \ncybersecurity risk considerations without holding providers \nresponsible for the action of others;\n    Quality reporting requirements should be thoroughly \nevaluated across all programs to better determine what measures \nprovide meaningful and actionable information for patients and \nproviders and regulators;\n    Post-acute care rules should be reviewed and simplified to \nremove or update antiquated, redundant, and unnecessary rules;\n    With new deliver system and payment reforms emerging, \nCongress, CMS, and the OIG should revisit the Stark Law and AKS \nto ensure that statutes provide the flexibility necessary to \nsupport the provision of high quality care.\n    Thank you for the opportunity to provide an overview of \nAHA's view on regulatory burden. We appreciate the committee's \nfocus on this topic. And I look forward to your questions.\n    [Prepared statement of Mr. Riggi follows:]\n    \n    \n   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Palmer. I thank the gentleman.\n    The chair now recognizes Mr. Weissman for his testimony.\n\n                  STATEMENT OF ROBERT WEISSMAN\n\n    Mr. Weissman. Mr. Palmer and Mr. Raskin, thank you very \nmuch for the opportunity to speak today. I wanted to make three \ngeneral points and, assuming I talk fast enough, add a footnote \nin.\n    The American regulatory system has made our country \nstronger, better, safer, cleaner, healthier, more fair, and \nmore just. It's something we should be celebrating, trying to \nimprove, but not attacking with evidence-free allegations.\n    As Mr. Raskin pointed out, the benefits of regulation, \nFederal regulation, even monetized and corporate-friendly \naccounting systems, vastly exceed the costs. We know that \nbecause of the OMB reviews of the costs and benefits of \nsignificant regulations issued each year. Every single year \nsince the agency started conducting that study in 2001, \nbenefits have vastly exceeded costs at minimum of a range of 2 \nto 1 and typically up to 12 to 1.\n    Critics of regulation too often focus on costs to the \nexclusion of talking about the benefits. No agency adopts a \nrule for the simple purpose of imposing costs. There's always a \nrationale and reason, and the benefits have to be taken into \naccount. The $2 trillion figure that is routinely cited is not \nbased on careful analysis, as my testimony describes in some \ndetail.\n    It's worth focusing also for a moment on the American \nHospital Association study, which fell into this same problem \nof focusing exclusively on the cost of regulation without \ntalking about the benefit. It acknowledges that there may be \nsome patient benefits, but doesn't actually try to monetize \nthose costs.\n    The study does not show that there are duplicative \nregulations. The study does not acknowledge the benefits in \nmonetary terms to patients. The study does not disclose its \nmethodology or how its survey was calculated. So there's every \nreason to assume that the cost estimates are inflated.\n    Most importantly, what the study fails to do is acknowledge \nwhy it is that the government imposes a host of regulations on \nthe healthcare sector. It's primarily to deal with two \noverarching problems: poor quality of care and massive fraud.\n    250,000 people die every single year in this country from \nmedical malpractice, making it the third highest single cause \nof death in this country. By any metric, we perform at often \nthe worst of all rich countries in quality of care.\n    Quality of care regulations are aimed at trying to improve \nthat situation. Fraud consumes 3 to 10 percent of all \nhealthcare spending in the United States, according to the FBI. \nAt the low end, $80 billion a year.\n    Those regulations are designed to cut down on rampant \nfraud. They have a purpose. They are inadequate. They're \nobviously not doing the job. It would be much worse off if \nthose rules, by and large, were not in place.\n    The second point I wanted to make was about the issue of \nregulatory duplication. I think it is the case that much of \nwhat's complained about in the area of duplication is really a \ndisguised complaint about regulation itself.\n    That said, there are obviously, in a complicated \nbureaucracy, in a complicated economy, overlapping rules and \nregulations and massive regulatory gaps. So for sure better \ncoordination is desirable. It doesn't really make sense to \nblame that problem on the administrative state, though.\n    Let's talk for a moment about cybersecurity. It is the case \nthat there are massive gaps in cybersecurity and privacy \nprotections in this country. That's because there is no \noverarching American cybersecurity framework or privacy \nprotection law.\n    We absolutely need that. I detail some components of what \nwould be desirable in such a framework. That may not cure all \nthe problems that are being discussed today by area \nspecialists, but it would for sure deal with many of them.\n    The third thing I wanted to highlight is that, although \nthere has been a very partisan discussion about regulation in \nthe Congress for now going on almost a decade, there is a \nshared agenda that's available if members are eager to pick it \nup.\n    I think the key elements of reform packages that would have \nbipartisan support would focus on transparency, limiting \nregulatory delay, enhancing regulatory enforcement without \nregard to adopting new rules but making sure everyone plays by \nthe same rules, and focusing on the revolving door of people \nleaving from regulatory agencies and going into regulated \nindustry, and back and forth.\n    Finally, my footnote. Yesterday my organization, along with \n100 other organizations, petitioned OSHA to adopt a heat \nstandard to protect indoor and outdoor workers from extreme \nheat. More than 1,000 people die every near in this country \nfrom extreme heat. Many of them are workers, especially \nagricultural workers.\n    Supporting our petition was Raudel Felix Garcia, the \nbrother of Audon Felix Garcia, a California farmworker who died \nfrom excessive heat in the fields. Raudel told the story of his \nbrother's death yesterday in a teleconference we had in \nwrenching detail and pleaded with Federal regulators to take \nsteps to make sure that no one else died such a needless death.\n    It was a crucial reminder both in that particular area, but \nmore generally, that life and death is at stake in regulation, \nthat real people are affected and protected and need strong \nregulatory protections. And I hope this Congress can ensure \nthat that is delivered to them.\n    Thank you very much.\n    [Prepared statement of Mr. Weissman follows:]\n    \n    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Palmer. I thank the gentleman.\n    The chair now recognizes Mr. Feeney for his testimony.\n\n                STATEMENT OF CHRISTOPHER FEENEY\n\n    Mr. Feeney. Chairman Palmer, Ranking Member Raskin, and \nmembers of the subcommittee, thank you for inviting me to \ntestify today. My name is Chris Feeney. I'm the executive vice \npresident of the Bank Policy Institute and president of our \nTechnology Policy Division, BITS.\n    Cybersecurity is a top-of-mind issue for every one of our \nCEOs, and the industry has been and remains committed to making \nthe investments necessary to protect our critical \ninfrastructure broadly. We embrace the trust that our customers \nconfer in us and take the job of protecting customers and their \ndata seriously, including valuing their privacy.\n    Our industry is heavily regulated. In the U.S. alone, we \nhave 9 independent Federal regulators, 3 self-regulatory \norganizations, and 50 State banking, securities, and insurance \nagencies. Regulations include extensive cybersecurity oversight \nand comprehensive data protection standards, such as those in \nthe 1999 Gramm-Leach-Bliley Act.\n    The cybersecurity requirements across the industry are very \ndiverse in terms of size, type of business, and geographic \nfootprint. Yet we have validated that over 80 percent of the \ncyber issuances are common across all regulators.\n    For the financial sector, it becomes a tangible problem \nwhen those tasked with creating cybersecurity rules approach \nregulations with their own variations, addressing the same \ncyber requirements with different approaches and language.\n    To analogize this, think of the impact on your safety if \nair traffic controllers didn't use English as a common language \nand instead pilots were required to use their native language \nfor every airspace they pass through. This would be challenging \nat best, require extensive training, and introduce unneeded \nrisk.\n    This is the dilemma we face today with variations on cyber \nstandards, requirements, and expectations without any \nappreciable benefit to security. These requirements lead to \nmisuse of scarce cybersecurity experts' time, taking them away \nfrom protecting our technology and the customers who count on \nus daily to access ATMs, to write checks, and to pay mortgages.\n    When a chief information security officer at one of our \nlargest firms estimates that 40 percent of their time is spent \ntrying to unravel the web of cybersecurity regulation rather \nthan focusing on protecting systems, that's a serious problem.\n    We face similar complexity in the area of data breach, \nwhich has no uniform standard, and we are seemingly entering \ninto a complex environment of conflicting requirements related \nto privacy as regulation develops around international \nrequirements, emerging State requirements, and potentially \nlocal requirements, such as those being discussed in Chicago.\n    For technology and cybersecurity experts, consistency, \nrepeatability, and improved security require a common technical \nand operating architecture, a common language, and a common \nframework to achieve the highest degree of protection.\n    In a 2017 Financial Stability Board publication, U.S. \nmember agencies self-reported that 10 different Federal schemes \nof cyber regulation were in place and that 43 different \npublicly available cybersecurity issuances were about to be \noffered.\n    We want to be clear. The financial industry supports the \nneed for cyber regulation and the industry's multi-billion-\ndollar investments here to improve our capabilities and satisfy \nour regulations. These investments have contributed to \ndeveloping the highest standards for cybersecurity, data \nsecurity, and customer expectation.\n    Individually these regulations have merit. However, when \none regulation is laid over another and another, it saps both \nthe time and focus from executive leadership and those whose \ntime and job it is to defend and operate our businesses. And \nmore specifically, firms are already burdened by a shortfall of \nskilled cyber professionals and they must take resources away \nfrom protecting their platforms to interpret the language of \ndivergent regulation.\n    Ultimately, we hold ourselves accountable for protecting \ncustomers, our systems, and for compliance with the regulatory \nprocess. You might be surprised to hear me say that the \nsolution is not fewer regulations but instead rationalized and \nharmonized regulation around a common approach and a shared \nlanguage.\n    BITS and our industry partners have developed a model cyber \nframework. The foundation of this effort centers on the NIST \nCybersecurity Framework which is used across multiple \nindustries, Federal and State government, and with support from \nboth the Obama and the Trump administration.\n    The financial sector used this standard to develop a sector \nprofile. And importantly, we developed a solution by working \nwith our regulators, gathering their input, incorporating their \ndiagnostic statements, and tailoring the solution so that we \ndon't force a one-size-fits-all approach to managing cyber \nrisk.\n    There are clear benefits of this approach for the \nregulatory agencies, such as examinations that can be tailored \nto institutional complexity, and for financial firms, such as \noptimizing the use of cybersecurity professionals' time and \nalso enabling more effective use of fintech innovators who can \nmeet requirements and expectations more efficiently.\n    Congress has been vocal in encouraging regulators to pause \nany additional cyber regulation, and we ask that Congress now \nsupport and encourage the use of the sector profile.\n    In the spirit of this committee's broad remit, we also ask \nthat Congress work to develop uniform Federal standards for \ndata breach notification and a common privacy standard before \nwe enter into a 50-State and 50-variation environment similar \nto what we face today in cyber. We must ensure these issues do \nnot fall prey to jurisdictional battles, and we need to work \ntogether to maintain the cyber integrity of the U.S. financial \nsystem.\n    Thank you, Mr. Chairman, and I look forward to your \nquestions.\n    [Prepared statement of Mr. Feeney follows:]\n    \n    \n    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Palmer. I thank the gentleman.\n    The chair now recognizes Mr. Sherouse.\n\n                  STATEMENT OF OLIVER SHEROUSE\n\n    Mr. Sherouse. Chairman Palmer, Ranking Member Raskin, and \nmembers of the subcommittee, thank you for the chance to speak \nto you today about the important and often overlooked problem \nof duplicative regulations and regulatory standards.\n    My testimony today will focus on one cause of regulatory \nduplication, the incomprehensible scale of the administrative \nstate. And I will also present two ways my colleagues and I are \nworking to reduce that problem. First, through the application \nof text analysis and machine learning in our QuantGov project; \nand second by developing an open, machine-readable, and data-\nfirst standard for rulemaking documents called XRRL.\n    Now, my job is policy analytics, and what that means is \nthat I teach computers to read policy documents, and especially \nregulation. We have to use computers because the administrative \nstate has grown to an incomprehensible size. And I mean that \nliterally. There are simply too many rules for any one person \nto understand.\n    So using text analysis and machine learning, my colleagues \nand I have created a dataset called RegData to quantify Federal \nregulation.\n    Now, RegData tells us that today there are more than 103 \nmillion words in the Code of Federal Regulations, including \n1.08 million individual regulatory restrictions, so that's \nwords and phrases like ``shall'' and ``must'' that indicate a \nparticular mandated or prohibited activity.\n    That means that if you were to read the Code as your full-\ntime job, it would take you 3 years, 111 days, and a bit past \nlunchtime the next day. By the time you'd finished, of course, \nyou would need to immediately start figuring out what had \nchanged since you started. And that's no easy task since the \nCode increases by an average of more than 1.4 million words \nevery year.\n    So since reading the Code is impossible, data tools like \nthose we have produced for the QuantGov project can help us \nbegin to make better sense of the administrative state. \nRegData, in fact, does more than count total words and \nrestrictions. It attributes them to the individual agencies \nthat write them and predicts which industries will be affected \nby them.\n    All of our data is freely available, and our website \nfeatures a daily updated interactive tracker of Federal \nregulation which users can break down by industry and by \nagency.\n    And we do the same thing for regulation currently being \ndeveloped with our RegPulse dataset, which examines rules as \nthey are published in the Federal Register. And as with \nRegData, we have built a daily updated interactive tool that \nallows users to see which industries have more or fewer \nrelevant rules coming into effect over the next several years \nand what those rules are.\n    With QauntGov we are producing these kinds of data and \ninteractive tools for a growing set of jurisdictions and policy \ndocuments. The software we used to produce QuantGov is also \nopen source and freely available for anyone to use or build on.\n    For a more comprehensive understanding of the \nadministrative state, however, we should reexamine the medium \nby which regulations are made. The current process is made for \npaper, paper rules and analyses published in a paper Federal \nRegister and compiled into a paper Code of Federal regulations.\n    Even the electronic versions of these documents essentially \nmimic the paper-based system in use since the Administrative \nProcedure Act of 1946. Seventy years later, it is time for an \nupgrade to an open, machine-readable, and data-first standard \nformat for regulatory documents.\n    A standard format could liberate the information that's \ncurrently trapped in pretty dense prose about who regulations \nwill affect and how and transform that information into \naccessible data.\n    That data can be used by Congress to ensure effective \noversight. It can be used by regulators to avoid duplication \nacross agencies and potentially even across jurisdictions. It \ncould facilitate the review of regulatory programs to fix those \nthat are broken and to recognize those that are successful. And \nit can be used by businesses and individuals to ensure that \nthey know what the law is and how to follow it.\n    My colleagues and I are currently developing such a \nstandard, the eXtensible Regulatory Reporting Language, or \nXRRL. Our role with this project is to build an open and \nnonproprietary standard incorporating insights from the \nacademy, government, and industry that can be adapted to any \nlevel of government, including the U.S. Federal Government.\n    So in conclusion, duplication in regulation is a side \neffect of an administrative state grown too large to manage \neffectively, and tools like the ones we have built with \nQuantGov are a step towards making an incomprehensible \ncollection of rules somewhat less so. But the implementation of \nan open, data-first standard format, such as XRRL for \nrulemaking, would be an even more powerful way to render the \nadministrative state more manageable while also providing \nbenefits to both those writing rules and those subject to them.\n    I thank you again for the opportunity to testify, and I \nlook forward to answering your questions.\n    [Prepared statement of Mr. Sherouse follows:]\n    \n    \n    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Palmer. I thank the gentleman for his testimony.\n    I think we'll go ahead and begin with our questions. We \nanticipate that they will call votes at any time. In the event \nthat occurs, I will order a recess and reconvene.\n    And I normally, as chairman, wait until other members have \nasked their questions. And being that there is only one, I am \nat this point going to yield to the ranking member, Mr. Raskin, \nfor questions.\n    Mr. Raskin. Mr. Chairman, you're a true gentleman. Thank \nyou very much for doing that.\n    Mr. Reese, let me start with you. I was very interested in \nyour testimony. And thanks for coming all the way from \nOklahoma. One of the things that cheered me about it was that \nyou were not engaged in any kind of broadbrush attack on \nregulation. You were giving very specific examples of conflicts \nthat just make your life difficult.\n    The specific example that you raised in your testimony, or \nat least your written testimony, was if you're handling \nsensitive data in the State, like Social Security data, IRS \ndata, how many unsuccessful attempts of somebody trying to get \ninto the computer must there be before you're required to shut \nit down and to close people out?\n    And you sort of set up a little graph where you showed that \nthe IRS requirement was, if there are three attempts, I think \nthe one from DOJ was perhaps no more than five attempts, and \nthe Social Security agency was a recommendation of no less than \nthree, no more than five. Okay.\n    And I did the little SAT question analysis and figured, \nokay, well, you could just set it at three. You would meet the \nIRS. You would also meet Department of Justice, because it \nwould be not more than five. And the third one was just a \nrecommendation. So it's not that big a deal.\n    On the other hand, why should it be so difficult for the \nFederal Government on something like that to come up with one \ngoverning principle? And I wonder if you've attempted to get \nthe relevant agencies to come around on one coordinated, \nharmonized approach on that.\n    Mr. Reese. Thank you, Ranking Member Raskin, for your \nquestion.\n    So absolutely that is our goal. Our goal is seeking that \npartnership with our Federal partners. And, again, as a State \nagency, I absolutely view our Federal agencies as partners. We \nare all trying to do the same thing, and that is best use our \ncitizen tax dollars to serve the needs of the citizens.\n    And so our goal in making sure that we are being fiscally \nresponsible is where we get into challenges like this where \nwe've got multiple different regulations that are imposed upon \nus and trying to find, in some cases, the most restrictive that \napplies. And, of course, in the example we talk about IRS and \nSSA and FBI.\n    Mr. Raskin. Did you do anything to see if they would \ncoordinate or harmonize?\n    Mr. Reese. So working through NASCIO, our national \nassociation, we have significant outreach where we come \ntogether and have had several opportunities now to come \ntogether with the SSA and the FBI and the IRS who come speak to \nus.\n    In fact, our last meeting that we had here in Washington at \nthe Hall of States, I believe we actually had in excess of, I \nthink, 40 CIOs from other States that participated, if not all.\n    And those entities came and they spoke to us. And we \nactually get to talk about it. And they're there to answer our \nquestions.\n    And so there's outreach. There's ongoing opportunities. But \nin typical State and government fashion, it's slow going. We're \nseeking support to continue those actions.\n    Mr. Raskin. Gotcha.\n    Let me quickly come to you, Mr. Feeney. You mentioned NIST, \nwhich is actually in my district, so that piqued my curiosity, \nand I was thinking like an example that Mr. Reese gave.\n    Does NIST or can NIST play a role in just harmonizing and \nreconciling these things? It doesn't strike me as a really big \ndeal except that we've got a big country with a lot of States, \nwe have a lot of Federal agencies, and somebody needs to pull \nit together. But does NIST play that function?\n    Mr. Feeney. NIST doesn't play that function exactly. But we \ncoordinate and partner with NIST quite actively. So we took the \nNIST framework, which was a standard that had multi-stakeholder \ninput, and we actually designed it specifically for the \nfinancial industry with NIST's both endorsement. And also NIST \nheld two large conferences for us with the industry, with \nregulators and member firms, to really help develop that.\n    So they've been supportive of the work we're doing. They \nactually like it. They'd like to use it as a model for some \nother industries. And we are actively working with them.\n    We added two components to the NIST framework, because we \nthought they were very important to surface actively. One is \ngovernance and the second is third-party or dependency \nmanagement. So we also have taken the NIST framework and \nextended it for the attributes of our industry, so we're \nworking very collaboratively with them.\n    Mr. Raskin. Thank you much.\n    Mr. Weissman, let me come to you. There have been some good \npoints raised on specific issues like this on the need for \nharmonization and reconciliation of different Federal mandates \nfor the States.\n    How can we distinguish those kinds of criticisms or points \nfrom a broadbrush attack on regulation itself and the system of \nrulemaking?\n    Mr. Weissman. Well, I think, as you're pointing out, these \nare pretty particular issues. And it's not obvious that they \nbroadly say anything about the administrative state.\n    I think in the cyber area the big problem is that there is \nno overarching legal framework. And although the executive \ncould come up with one, Congress has actually failed on this.\n    We do have a crying need for, as Mr. Feeney was saying, \nreally for an overarching cyber protection framework as well as \na privacy protection one.\n    I agree with much of what he said. I disagree with his idea \nthat we should preempt State law. I think it would be very \nimportant to protect overall for States in this. But there does \nneed to be a unified approach on that.\n    Beyond that, I'm not sure there is a massive problem of \ncoordination. There may be issues in particular sectors. In \nmany cases, the downside of lack of coordination is \ninsufficient regulation rather than too much regulation.\n    Mr. Raskin. Thank you.\n    I yield back, Mr. Chairman.\n    Mr. Palmer. I thank the gentleman.\n    I now recognize myself for questions.\n    Mr. Reese, how does having to comply with disparate Federal \nregulations impact the States? What kind of burden does that \nimpose on the States?\n    Mr. Reese. So as you can imagine, in most areas of State \ngovernment we have to be very cautious with the money that we \nhave and how we spend it and what we do with it. And the \nchallenge that we have is with these resources that we have to \ndedicate to compliance and in cybersecurity.\n    We're finding that we're having to put, as someone else \nhere, I believe, pointed out, we know that about 40 percent of \nour resources within our compliance in cybersecurity are being \nutilized to our Federal compliance where, again, we're all for \nFederal compliance. We absolutely want to be following the laws \nbecause we need structure.\n    But our challenge is, is that we're having to spend so much \ntime and so much duplicative time because of the multiple \naudits, again, when we're having the same audits over and over \nagain.\n    And the fact that there's some differences that we have to \ngo out and try to map as we had showed before, we've got to \ndetermine what the least common denominator is across those, \nthe time constraints are just enormous. The amount of time that \nwe spend, the thousands of hours we know.\n    We spoke with some of our other States, and we were able to \nlog that in a single year Oklahoma spent over 10,000 hours in \nregulatory compliance, Maine spent over 11,000 hours, and \nKansas over 14,000 hours just in our compliance and audits. \nColorado itself had nearly 3,000 hours.\n    And so all of that is time and resources. And those \nresources, especially in days like we have today with \ncybersecurity being really a number one challenge for all of \nus, we'd rather be spending our time and efforts updating \nlegacy systems and trying to enhance our security posture \nrather than trying to meet some of these, in many cases, \noutdated regulatory compliances.\n    Mr. Palmer. I ran a State-based think tank for 24 years and \nworked very closely with State legislators and administration \nofficial across, I think, four or five governors. And I am very \naware of the cost imposed on the States and the inefficiencies \nfrom duplicate regulations, obsolete regulations, extremely \noverly complex regulations. It wasn't that the States weren't \ninterested in complying. It was in many cases they didn't know \nwhat complying meant. And we spent an enormous amount of money.\n    Mr. Riggi, it's interesting, in your testimony you talk \nabout what's going on in healthcare and how the patient-\nphysician relationship is impacted by overregulation. One \nexample, that would be ICD 10, where basically you've got \ndoctors that are compromising time with patients--or their time \nwith patients is compromised because now they've become data \nentry people.\n    Would you like to comment on that?\n    Mr. Riggi. Well, again--well, first, I'd just also like to \nclarify for the record that the AHA does understand the \nnecessity of regulations to provide safety and high quality \ncare for patients.\n    Again, the implementation of ICD 10 does require a \nsignificant amount of physician time. And I think for us to \nmake sure we give you the most accurate response, it would be \nbetter for me to provide you a written response on that one, \nsir.\n    Mr. Palmer. That would be fine with me.\n    I introduced a bill to postpone the implementation of ICD \n10 primarily because I grew up in a rural area. I grew up dirt \npoor basically in a house that had cardboard between the two by \nfours. And at the time I grew up, we did have a little doctor \nin a town that didn't even have traffic light.\n    You won't find that anymore. And one of things that I saw \nhappening with ICD 10 was--and even made rural healthcare even \nharder to provide, literally, doctors were selling their \npractices or they were just flat out retiring, shutting the \ndoor.\n    And that's an example of how overregulating can have a very \nnegative impact, particularly in these rural healthcare \nsettings where they're already undercapitalized. It's also \nimpacted wait times, and like I said, the amount of time that a \ndoctor's able to spend with a patient.\n    And if you want to see what overregulation of a healthcare \nsystem looks like, take a look at Canada. The Fraser Institute \npublished a report, the Huffington Post commented on this, that \nshowed that between 1993 and 2009 there were between 25,000 and \n63,000 women died on waiting lists waiting for treatment. The \nwait times have increased that much.\n    They just called votes. I'm going to go ahead and ask a \ncouple other questions here before we recess.\n    But I want to go back to Mr. Reese and ask you, how do the \nFederal regulations keep pace with the evolving technology in \nthe business models across State governments.\n    Mr. Reese. They do not.\n    Mr. Palmer. That is what I thought you'd say.\n    Mr. Reese. Our challenge is we find ourselves in a lot of \ncases when we're dealing with our regulatory compliance, we're \nactually dealing with third-party auditors. And the third-party \nauditors are coming in and doing different audits, getting \ndifferent results on the same regulations, on the same systems.\n    And the technologies that they're auditing us on are not \nconsistent. Their understanding of the technologies are not \nconsistent with the technologies that we're using today. And in \nsome cases, they're limiting our ability to use what we believe \nwould be more cost-effective, efficient, and possibly even more \nsecure technologies because we can't check the box with the \nauditor. So we have to go back and spend more money, using \nolder technologies, costing the State more dollars, than if we \ncould actually make good business decisions.\n    And a lot of this has to do with that those Federal \nregulations need to be able to keep up. We need to figure out \nhow we can harmonize and be involved in those discussions and \ndecisions, and how we can do it quicker so that we can keep up \nwith the evolving technology.\n    But your point is absolutely spot on.\n    Mr. Palmer. What I found, again, working with the think \ntank, is that the people who are responsible for regulating are \nnot people who are trying to mess things up. They're trying to \ndo a good job. But they're as frustrated as everybody else \nbecause you call one regulator and get an answer, and 2 or 3 \nweeks later you call another regulator and you get a different \nanswer. And it's frustrating them, because they want to do a \ngood job.\n    Mr. Feeney, I'm going to ask this question, then we're \ngoing to take a recess to go vote. How much does it cost the \nfinancial institutions to apply with disparate regulations? And \nI'm interested in this because this additional cost gets passed \non to the consumers, and I think it has a disproportionate \nimpact on older customers and lower-income customers.\n    Mr. Feeney. Right. So I can't speak to the specific aspect \nof that. I can tell you in 2016 the industry spent $9.5 billion \non regulation, $1.5 billion of that was spent by the largest \nfirms.\n    Mr. Palmer. Wait a minute. Wait a minute. According to the \nreport that Mr. Raskin said came from OMB, I think you said \nthat the regulatory cost was only $5 billion, but you say the \nregulatory cost on the financial institution was $9 billion?\n    Mr. Feeney. I think quite a bit in the industry, across the \nindustry, and that was a single-year review.\n    Mr. Palmer. Thank you.\n    Mr. Feeney. The challenge is more, and I think Mr. Reese \nhad referenced it, is that our industry, they are trying to \nkeep up with the changes in technology, but you can't. It's \njust too fast paced, too hard.\n    We were able to use that sector profile, for instance, and \ntake the question set down to about 400 from thousands. And \nwhat that does is provide you some latitude in simplifying the \ndiagnostic statements that auditors or examiners would use. And \nthere are ways to actually apply these types of tools to help \nthe regulators, help the industries, I say that plurally, to \nreally minimize the cost. And I think there are a number of \nthings we can do in that arena.\n    Mr. Palmer. Okay. Hold on. I'm going to suspend for just a \nminute.\n    Mr. Raskin. Mr. Chairman, with your permission, I'd like to \nsubmit for the record the OMB report from which I drew the \nfigure, about $4.9 billion. Thanks.\n    Mr. Palmer. Okay. This is going to be a long vote series, \nso in consultation with the ranking member, what I'm going to \ndo is I'm just going to make a couple other points here. Any \nadditional questions will be submitted in writing. Because one \nthing that the ranking member and I do have a constitutional \nresponsibility to do, and that is vote, and a political \nresponsibility as well.\n    I do want to make some points that were in the OMB report, \nand these are quotes from the report, that it was a perspective \nanalysis that they say may overestimate or underestimate both \nbenefits and costs. Retrospective analysis can be important as \na collective mechanism. And that this was not an actual \nanalysis of actual cost and benefits and that it only applied \nto about 1.6 percent of all the regulations.\n    So I tend to be somewhat dismissive of the OMB report, \nbecause my experience, again, working with the think tanks and \nbeing focused on trying to come up with sensible regulations. \nThis idea that those of us on the Republican side of the aisle \nare for getting rid of all the regulations is just political \nnonsense. What we want are sensible regulations.\n    Regulations have improved the quality of life in our \ncountry. They've protected consumers. They've in some respects \nprotected the relationship between the State and Federal \nGovernment.\n    What we want to do is get rid of the obsolete, the \nduplications, and the contradictions, and get it down to \nregulations that businesses can comply with, that they \nunderstand.\n    And one of the reasons that this is important is that in I \nthink it was 2014--2015--the Gallup organization put out a \nreport entitled basically--I think that the working title was \n``Is Entrepreneurism Dead in America?''\n    Prior to 2008, according to the Gallup study, there were \n100,000 more businesses that started up than closed. But by \n2014, there was 70,000 more businesses closed than started up. \nAnd according to the report, the primary reason for that was \nregulations.\n    I've tried to point out to people that businesses are not \nanti-regulation. They're anti-uncertainty. They're anti-\ncomplexity. And what we want to try to do in working to reform \nregulations is as much as possible reduce the uncertainty and \nthe complexity, so that some person who has some capital to \ninvest can make a sensible investment, whether it's starting a \nbusiness or expanding a business or hiring more people.\n    With that, if there are no further questions--let me find \nmy script.\n    Okay. The ranking member would like to make a closing \ncomment. I yield to him.\n    Mr. Raskin. Mr. Chairman, thank you very much.\n    And I want to just start my closing statement by saying how \nmuch I agreed with what you just said, that we're not opposed \nto rules which have, indeed, advanced the public interest, but \nobsolete rules or duplicate rules or contradictory rules, and I \nthink we can all agree to that.\n    You know, nobody is in love with regulation, and the \nbiggest tax is on people's time. And that might be one thing \nfor big businesses, which often support a lot of regulation, \nbut for small businesses it's very tough.\n    But I think about the 2010 BP oil spill, which was one of \nthe worst environmental catastrophes in our history, which \ncaused 11 deaths, immediately the deaths of more than a million \ncoastal seabirds and other animals, and 5 million barrels of \noil poisoning the whole Gulf of Mexico ecosystem.\n    That was a failure of regulatory enforcement just like the \nsame year the collapse of the coal mines in Mexico, which led \nto dozens of deaths and a real calamity in that country.\n    So we need regulation. We need strong regulation. But I \nagree with you, we should be doing whatever we can to get rid \nof the duplicative, unnecessary, and obsolete regulation.\n    I yield back, Mr. Chairman.\n    Mr. Palmer. I thank the gentleman.\n    I thank our witnesses again for appearing before us today.\n    The hearing record will remain open for 2 weeks for any \nmember to submit a written opening statement or questions for \nthe record.\n    If there is no further business, without objection, the \nsubcommittee stands adjourned.\n    [Whereupon, at 3:08 p.m., the subcommittee was adjourned.]\n\n                                 <all>\n</pre></body></html>\n"