[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]


 IMPLEMENTING THE 21ST CENTURY CURES ACT: AN UPDATE FROM THE OFFICE OF 
                        THE NATIONAL COORDINATOR

=======================================================================

                                 HEARING

                               BEFORE THE

                         SUBCOMMITTEE ON HEALTH

                                 OF THE

                    COMMITTEE ON ENERGY AND COMMERCE
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           DECEMBER 11, 2018

                               __________

                           Serial No. 115-173
                           
                           
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]                           


      Printed for the use of the Committee on Energy and Commerce

                        energycommerce.house.gov                        
                        
                                __________
                               

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
36-819 PDF                  WASHINGTON : 2019                     
          
--------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].                            


                    COMMITTEE ON ENERGY AND COMMERCE

                          GREG WALDEN, Oregon
                                 Chairman

JOE BARTON, Texas                    FRANK PALLONE, Jr., New Jersey
  Vice Chairman                        Ranking Member
FRED UPTON, Michigan                 BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois               ANNA G. ESHOO, California
MICHAEL C. BURGESS, Texas            ELIOT L. ENGEL, New York
MARSHA BLACKBURN, Tennessee          GENE GREEN, Texas
STEVE SCALISE, Louisiana             DIANA DeGETTE, Colorado
ROBERT E. LATTA, Ohio                MICHAEL F. DOYLE, Pennsylvania
CATHY McMORRIS RODGERS, Washington   JANICE D. SCHAKOWSKY, Illinois
GREGG HARPER, Mississippi            G.K. BUTTERFIELD, North Carolina
LEONARD LANCE, New Jersey            DORIS O. MATSUI, California
BRETT GUTHRIE, Kentucky              KATHY CASTOR, Florida
PETE OLSON, Texas                    JOHN P. SARBANES, Maryland
DAVID B. McKINLEY, West Virginia     JERRY McNERNEY, California
ADAM KINZINGER, Illinois             PETER WELCH, Vermont
H. MORGAN GRIFFITH, Virginia         BEN RAY LUJAN, New Mexico
GUS M. BILIRAKIS, Florida            PAUL TONKO, New York
BILL JOHNSON, Ohio                   YVETTE D. CLARKE, New York
BILLY LONG, Missouri                 DAVID LOEBSACK, Iowa
LARRY BUCSHON, Indiana               KURT SCHRADER, Oregon
BILL FLORES, Texas                   JOSEPH P. KENNEDY, III, 
SUSAN W. BROOKS, Indiana             Massachusetts
MARKWAYNE MULLIN, Oklahoma           TONY CARDENAS, California
RICHARD HUDSON, North Carolina       RAUL RUIZ, California
KEVIN CRAMER, North Dakota           SCOTT H. PETERS, California
TIM WALBERG, Michigan                DEBBIE DINGELL, Michigan
MIMI WALTERS, California
RYAN A. COSTELLO, Pennsylvania
EARL L. ``BUDDY'' CARTER, Georgia
JEFF DUNCAN, South Carolina

                                 ______

                         Subcommittee on Health

                       MICHAEL C. BURGESS, Texas
                                 Chairman
BRETT GUTHRIE, Kentucky              GENE GREEN, Texas
  Vice Chairman                        Ranking Member
JOE BARTON, Texas                    ELIOT L. ENGEL, New York
FRED UPTON, Michigan                 JANICE D. SCHAKOWSKY, Illinois
JOHN SHIMKUS, Illinois               G.K. BUTTERFIELD, North Carolina
MARSHA BLACKBURN, Tennessee          DORIS O. MATSUI, California
ROBERT E. LATTA, Ohio                KATHY CASTOR, Florida
CATHY McMORRIS RODGERS, Washington   JOHN P. SARBANES, Maryland
LEONARD LANCE, New Jersey            BEN RAY LUJAN, New Mexico
H. MORGAN GRIFFITH, Virginia         KURT SCHRADER, Oregon
GUS M. BILIRAKIS, Florida            JOSEPH P. KENNEDY, III, 
BILLY LONG, Missouri                     Massachusetts
LARRY BUCSHON, Indiana               TONY CARDENAS, California
SUSAN W. BROOKS, Indiana             ANNA G. ESHOO, California
MARKWAYNE MULLIN, Oklahoma           DIANA DeGETTE, Colorado
RICHARD HUDSON, North Carolina       FRANK PALLONE, Jr., New Jersey (ex 
EARL L. ``BUDDY'' CARTER, Georgia        officio)
GREG WALDEN, Oregon (ex officio)

                                  (ii)
                              
                              
                              C O N T E N T S

                              ----------                              
                                                                   Page
Hon. Michael C. Burgess, a Representative in Congress from the 
  State of Texas, opening statement..............................     1
    Prepared statement...........................................     3
Hon. Gene Green, a Representative in Congress from the State of 
  Texas, opening statement.......................................     4
    Prepared statement...........................................     5
Hon. Marsha Blackburn, a Representative in Congress from the 
  State of Tennessee, opening statement..........................     6
Hon. Greg Walden, a Representative in Congress from the State of 
  Oregon, prepared statement.....................................    41
Hon. Frank Pallone, Jr., a Representative in Congress from the 
  State of New Jersey, prepared statement........................    41

                                Witness

Donald Rucker, M.D., National Coordinator for Health Information 
  Technology, Department of Health and Human Services............     7
    Prepared statement...........................................     9

                           Submitted Material

Statement of the College of Healthcare Information Management 
  Executives, December 11, 2018, submitted by Mr. Burgess........    43
Letter of December 11, 2018, from Clifford Hudis, Chief Executive 
  Officer, American Society of Clinical Onocology, to Mr. Burgess 
  and Mr. Green, submitted by Mr. Burgess........................    48

 
 IMPLEMENTING THE 21ST CENTURY CURES ACT: AN UPDATE FROM THE OFFICE OF 
                        THE NATIONAL COORDINATOR

                              ----------                              


                       TUESDAY, DECEMBER 11, 2018

                  House of Representatives,
                            Subcommittee on Health,
                          Committee on Energy and Commerce,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:15 a.m., in 
room 2322, Rayburn House Office Building, Hon. Michael Burgess 
(chairman of the subcommittee) presiding.
    Members present: Representatives Burgess, Guthrie, Upton, 
Blackburn, Latta, Griffith, Bilirakis, Long, Bucshon, Brooks, 
Mullin, Hudson, Carter, Green, Engel, Matsui, Castor, Kennedy, 
Cardenas, Eshoo, and DeGette.
    Staff present: Adam Buckalew, Professional Staff Member, 
Health; Daniel Butler, Legislative Clerk, Health; Adam Fromm, 
Director of Outreach and Coalitions; Caleb Graff, Professional 
Staff Member, Health; Ed Kim, Policy Coordinator, Health; J.P. 
Paluskiewicz, Professional Staff Member, Health; Brannon Rains, 
Staff Assistant; Austin Stonebraker, Press Assistant; Tiffany 
Guarascio, Minority Deputy Staff Director and Chief Health 
Advisor; Samantha Satchell, Minority Senior Policy Analyst; and 
C.J. Young, Minority Press Secretary.

OPENING STATEMENT OF HON. MICHAEL C. BURGESS, A REPRESENTATIVE 
              IN CONGRESS FROM THE STATE OF TEXAS

    Mr. Burgess. The subcommittee on Health will come to order, 
and I will recognize myself 5 minutes for the purpose of an 
opening statement, and I want to thank everyone for joining us 
for this important and long-awaited hearing in 2018.
    In 2018 we have held two Cures implementation hearings, 
including focusing on biomedical research and innovation at the 
National Institute of Health and the Food and Drug 
Administration and the hearing on the mental health title. 
Today's hearing completes the 21st Century Cures trifecta 
covering the last remaining title, Health Information 
Technology.
    Our society, our economy have become increasingly driven by 
technology, and healthcare, of course, is no exception. 
Electronic health records, patient data, the move to open 
application programming interfaces, and other developments have 
brought healthcare into the 21st century. Law lagged behind 
such advances which led to various pieces of legislation to 
address the aforementioned issues including the HITECH Act in 
2009 and 21st Century Cures Act in 2016.
    Cures built on top of the foundation laid by the HITECH Act 
which passed in 2009 and encouraged adoption and the use of 
electronic health records through payment incentives and 
penalties. For the record, I opposed that. This law also 
established the Office of National Coordinator for Health 
Information Technology in statute. Previously it had been via 
executive order, but the HITECH Act established that in 
statute, signifying the importance of health IT in the future 
of healthcare data and delivery.
    Some argue that HITECH was well intentioned. Stakeholders 
have reported concerns during implementation related to the 
interoperability and functionality of this technology. While we 
have seen widespread adoption of electronic health records, 
there does continue to be significant fragmentation of the 
healthcare system, making it difficult to ensure continuity of 
evidence-based care for patients. The 21st Century Cures Act 
has set us on a path toward achieving this nationwide 
interoperable healthcare information system, and the idea is to 
put the needs of patients and providers first.
    The first health IT provision in Cures was aimed at 
assisting doctors and hospitals in improving the quality of 
care for patients. One goal of this provision was to reduce the 
burden on physicians regarding electronic health records. As 
the Office of National Coordinator moves forward, it is of 
utmost importance that it take into account the impact of 
policies on both patients and physicians.
    Section 4003 of the Cures act expedites interoperability 
and security among electronic health records through a 
voluntary model framework and a common agreement among vendors. 
The Office of National Coordinator released a draft of this 
trusted exchange framework and common agreement in January of 
this year. Today, the National Coordinator for Health 
Information Technology, Dr. Don Rucker, will explain the common 
principles that will guide health information networks, 
recognize coordinating entities and others through the exchange 
of data.
    The Office of National Coordinator also has sunset the old 
Policy and Standards committees, to which I say good riddance 
because they were quick to chase any issue to spark their 
attention. Instead, a new Interoperability Committee has been 
set up with clear guidance from Congress to focus on 
interoperability, security, and privacy.
    Another theme throughout the health IT title of 21st 
Century Cures was patient access to data. While electronic 
health records are critically important to physicians, it turns 
out they are equally important to patients, and it is important 
that patients have access. Cures required the Department of 
Health and Human Services in coordination with the Office of 
Civil Rights to educate providers about lawful patient health 
information sharing. The Get It, Check It, Use It program shows 
patients how to access, update, and use their health 
information appropriately.
    The reason this hearing was delayed was, there is a rule 
required by Cures that will cover several items, most notably 
the rule regarding information blocking as yet to be released. 
I believe it is currently awaiting approval by the Office of 
Management and the Budget, so Dr. Rucker will be unable to 
address the pending rule.
    It is important to note that the Cures legislation defined 
and prohibited information blocking while, in fact, levying 
civil money penalties on those who engage in information 
blocking. The Office of National Coordinator rule will define 
what does not constitute information blocking, therefore 
outlining what is permissible.
    I am extremely disappointed that, 2 years after the passage 
of Cures, we still do not have the regulations necessary to 
implement these provisions. It is hard to explain to people 
that Congress provided the tools necessary for doctors and 
patients to better coordinate their care through the sharing of 
patient data, but nothing has changed.
    I will submit the balance of my statement for the record 
and recognize Mr. Green of Texas for his opening statement, 
please.
    [The prepared statement of Mr. Burgess follows:]

             Prepared statement of Hon. Michael C. Burgess

    Good morning, everyone, and thank you for joining us for 
this important and long-awaited hearing. In 2018, we have held 
two Cures implementation hearings, including one focusing on 
biomedical research and innovation at the National Institutes 
of Health and Food and Drug Administration, and one on the 
mental health title. Today's hearing completes the 21st Century 
Cures trifecta and covers the last remaining title, health 
information technology.
    As our society and our economy become increasingly driven 
by technology, healthcare is no exception. Electronic health 
records, patient data, the move to open application programming 
interfaces (APIs), and other developments have brought 
healthcare into the 21st Century. Law lagged behind such 
advances, which led to various pieces of legislation to address 
the aforementioned issues, including the HITECH Act in 2009 and 
21st Century Cures in 2016.
    Cures built on top of a foundation laid by the HITECH Act, 
which passed in 2009 and encouraged adoption and use of 
electronic health records through payment incentives and 
eventually penalties. This law also established the Office of 
the National Coordinator for Health Information Technology in 
statute, signaling the importance of health IT in the future of 
healthcare data and delivery. While HITECH was well intended, 
stakeholders reported concerns during implementation, mainly 
related to interoperability and functionality of the 
technology.
    While we have seen widespread adoption of electronic health 
records, our Nation continues to maintain a fragmented 
healthcare system, making it difficult to ensure continuity of 
evidence-based care for patients. The 21st Century Cures Act 
has set us on the path towards achieving a nationwide 
interoperable health information system that puts the needs of 
patients and providers first.
    The first health IT provision in Cures was aimed at 
assisting doctors and hospitals in improving the quality of 
care for patients. One goal of this provision was to reduce the 
burden on physicians regarding electronic health records. As 
the Office of the National Coordinator moves forward, it is of 
the utmost importance that it take into account the impact of 
policies on both patients and physicians. I was pleased to see 
that ONC released a draft report on physician burden reduction 
in November that includes recommendations to address the issue.
    Section 4003 of Cures expedites interoperability and 
security among electronic health records through a voluntary 
model framework and common agreement among vendors. ONC 
released a draft of this ``Trusted Exchange Framework and 
Common Agreement,'' known as the TEFCA, in January of 2018. 
Today, the National Coordinator for Health Information 
Technology, Dr. Don Rucker, will explain the common principles 
that will guide Health Information Networks, Recognized 
Coordinating Entities, and others through the exchange of data.
    The Office of the National Coordinator has also sunset the 
old Policy and Standards committees, which I found were well-
intentioned but too quick to chase any issue that sparked 
attention, and stood up the new Interoperability Committee that 
has clear guidance from Congress to focus on interoperability, 
security, and privacy.
    Another theme throughout the health IT title of 21st 
Century Cures was patient access to data. While electronic 
health records are critically important to physicians, it is 
equally important that patients have access to their own data. 
Cures required the Department of Health and Human Services, in 
coordination with the Office of Civil Rights, to educate 
providers about lawful patient health information sharing. The 
``Get It. Check It. Use It.'' Program shows patients how to 
access, update, and use their health information appropriately.
    The reason we delayed holding this hearing is that the rule 
required by Cures that will cover several items, most notably, 
information blocking has yet to be released. It is currently 
awaiting approval by the Office of Management and Budget. While 
Dr. Rucker will be unable to address the pending rule, it is 
important to note that the Cures legislation defined and 
prohibited information blocking, while levying civil monetary 
penalties for those who engage in information blocking.
    The ONC rule will define what does not constitute 
information blocking; therefore outlining what is permissible 
activity. I am extremely disappointed that 2 years after the 
passage of Cures we still do not have the regulations necessary 
to implement these provisions. It is hard to explain to people 
that Congress provided the tools necessary for doctors and 
patients to better coordinate their care through the sharing of 
patient data, and nothing has changed.
    While I am disappointed that we still do not have the 
proposed rule, I am glad that we have proceeded with this 
hearing. Health information technology opens the door to many 
possibilities, but we will continue to face challenges moving 
forward as Congress works with the Office of the National 
Coordinator to navigate the landscape and having an ongoing 
dialogue like this is very important. I would like to thank our 
witness, Dr. Rucker, for testifying this morning, and I look 
forward to the exciting updates you have to provide us.

   OPENING STATEMENT OF HON. GENE GREEN, A REPRESENTATIVE IN 
                CONGRESS FROM THE STATE OF TEXAS

    Mr. Green. Thank you, Mr. Chairman, and I would like to 
thank you for calling this hearing and the continuation of the 
oversight over the Cures Act, which along with the Affordable 
Care Act and Cures, is probably the two major pieces of 
legislation in my 26 years in Washington. And I would like to 
thank Dr. Rucker for testifying today on the Office of National 
Coordinator's work to implement the 21st Century Cures Act.
    In little over a decade, the Office of the National 
Coordinator has helped to drive the rapid adoption of 
electronic health records, EHR, in doctors' offices and 
hospitals across the country. Today, nearly all hospitals and 
three-quarters of the office-based physicians use some form of 
certified EHR technology. This uptake has allowed for improved 
communication in patient care, but we still have a long way to 
go in ensuring neuro that EHRs are as useful as possible to 
providers as well as easily accessible and understandable to 
consumers.
    The Cures Act aimed to build on the progress of the HITECH 
Act of 2009, but by focusing on improving interoperability, 
patient access to their health records, and reducing provider 
burden. For example, the Cures Act tasked ONC with--tasked with 
providing examples of what does not constitute information 
blocking. This information is a critical part of the law's 
implementation and will inform the Office of the Inspector 
General's enforcement regarding information blocking. I look 
forward to this proposed rules release.
    The Cures Act also called for the development of Trusted 
Exchange Framework and Common Agreement, TEFCA. This framework 
outlines the minimum terms and conditions providers should meet 
in order to securely and appropriately exchange information 
with each other. Setting clear parameters around exchanging 
information is necessary for widespread interoperability. I am 
pleased to hear that ONC is undergoing a rigorous public 
comment process before finalizing this provision.
    In addition to improving interoperability, we need to 
increase consumer education so folks understand that they have 
a right under HIPAA to obtain access to their records and to 
decide who their records should be shared with. I am glad that 
ONC has partnered with the Office of Civil Rights to release 
new information for consumers on HIPAA's patient right to 
access. Increased interoperability and better HITECH in general 
has the potential to improve every American's healthcare 
experience, so I hope that ONC will continue its implementation 
of the law in a timely manner.
    And I would like to yield the balance of my time to 
Congresswoman DeGette.
    [The prepared statement of Mr. Green follows:]

                 Prepared statement of Hon. Gene Green

    Good morning, I'd like to thank Dr. Rucker for testifying 
today on the Office of the National Coordinator's work to 
implement the 21st Century Cures Act.
    In a little over a decade the Office of the National 
Coordinator (ONC) has helped to drive the rapid adoption of 
electronic health records (EHRs) in doctor's offices and 
hospitals across America. Today nearly all hospitals and three 
quarters of office-based physicians use some form of certified 
EHR technology. This uptake has allowed for improved 
communication and patient care.
    But we still have a long way to go in ensuring that EHRs 
are as useful as possible to providers as well as easily 
accessible and understandable to consumers. The Cures Act aimed 
to build on the progress of the HITECH Act of 2009 by focusing 
on improving interoperability and patient access to their 
health records and reducing provider burden.
    For example, the Cures Act tasked ONC with providing 
examples of what does not constitute information blocking. This 
information is a critical piece of the law's implementation and 
will inform the Office of the Inspector General's enforcement 
regarding information blocking. I look forward to this proposed 
rule release.
    The Cures Act also called for the development of a Trusted 
Exchange Framework and Common Agreement (TEFCA). This framework 
outlines the minimum terms and conditions providers should meet 
in order to securely and appropriately exchange information 
with each other. Setting clear parameters around exchanging 
information is necessary for widespread interoperability. I'm 
pleased to hear ONC is undergoing a rigorous public comment 
process before finalizing this provision.
    In addition to improving interoperability we need to 
increase consumer education so that folks understand they have 
a right under HIPAA to obtain access to their records and to 
decide who their records should be shared with. I'm glad that 
ONC has partnered with the Office for Civil Rights to release 
new information for consumers on HIPAA's patient right to 
access.
    Increased interoperability and better health IT in general 
has the potential to improve every American's healthcare 
experience, so I hope that ONC will continue its implementation 
of the law in a timely manner. Thank you.

    Ms. DeGette. Thank you. Thank you so much to the ranking 
member for yielding. And I want to take a moment of personal 
privilege to thank Mr. Green for all of his years of service on 
this committee and the Congress. Mr. Green has been a stalwart 
leader on healthcare policy, not just on Cures, not just on the 
ACA, but on the many, many pieces of legislation, and Mr. 
Green, I am going to tell you something: You are going to be 
missed by every single member of this subcommittee.
    The 21st Century Cures Act, as we heard, was signed into 
law 2 years ago this week, and it really was a remarkable 
bipartisan achievement for the committee. I want to thank you, 
Mr. Chairman, for holding this hearing of oversight, and I hope 
we will continue to have the same level of robust oversight to 
make sure all of the many provisions are implemented.
    We took extraordinary steps in that bill in accelerating 
the approval of breakthrough therapies and lowering the cost of 
bringing these drugs to market through strengthening the 
PRECISION MEDICINE initiative. We also increased the health 
system's ability to interact through health IT interoperability 
measures, and we made a $4.8 billion investment in the NIH 
intended to jump-start research into new treatments for 
diseases like cancer and Alzheimer's. We also modernized the 
clinical trial process, increased the government's ability to 
recruit top scientists, and broke down agency and interagency 
research silos to accelerate and advance coordination among the 
sciences.
    I know that Mr. Upton and I and every single member of this 
subcommittee are very impressed with the progress that this 
bill has achieved, but we know there is much more to be done, 
and that is why, Dr. Rucker, I am glad that you are with us 
here today to sort of complete this trifecta of hearings on 
health IT. I would like to hear from you about what is working 
and what we can do to improve.
    And again, Mr. Chairman, I thank you for working with us 
and especially Mr. Green for all his years of service, and I 
yield back.
    Mr. Burgess. The Chair thanks the gentlelady. The gentleman 
yields back.
    Mr. Green. I yield back, Mr. Chairman.
    Mr. Burgess. I am not seeing the chairman of the full 
committee here, be prepared to yield to the gentlelady from 
Tennessee, the Senator-designate from that State, because I 
know this is an important issue in Nashville, in your part of 
the world.

OPENING STATEMENT OF HON. MARSHA BLACKBURN, A REPRESENTATIVE IN 
              CONGRESS FROM THE STATE OF TENNESSEE

    Mrs. Blackburn. Thank you so much, Mr. Chairman, and thank 
you for the good work that you have done in leading this 
committee over the past couple of years. We appreciate that, 
and we are thrilled with 21st Century Cures being signed into 
law.
    And as the chairman said, middle Tennessee, which is home 
for me, is home to over 400 healthcare companies. And while 
many people rightfully think of Nashville as Music City 
U.S.A.--and, indeed, it is--it is also the center of much of 
the healthcare management and healthcare delivery in this 
Nation.
    And you see these 400 healthcare companies that are located 
there, working not only in hospital management but in insurance 
products, home health, hospice, you name it, every single 
sector of the healthcare industry. You also have some non-
profits that are working on how you deliver better patient 
care. One of those is the Center for Medical Interoperability 
which is located right in Nashville and is looking at that 
intersection of healthcare technology, healthcare informatics, 
predictive diagnoses. And we were so pleased with the Software 
Act provisions which Mr. Green and I authored being included in 
21st Century Cures and then the follow on implementation of 
this through the FDA and the implementation that you at ONC are 
overseeing.
    So we are watching that very closely because we know of the 
impact that that has on care coordination, that it has on post 
acute care, that it has on managing and following chronic 
conditions, and that it also has on home health. And we know 
that this impact is going to be felt, so we thank you, Dr. 
Rucker, for being here to give us an update.
    Mr. Chairman, I thank you for the leadership that you have 
provided, and at this time I would yield to any other member of 
the subcommittee seeking time.
    No one seeking time?
    I yield back, Mr. Chairman. Thank you.
    Mr. Burgess. The Chair thanks the gentlelady. The 
gentlelady yields back. Not seeing the ranking member of the 
full committee here, is there anyone on the minority side who 
wishes to claim the time?
    If not, that will conclude Member opening statements.
    The Chair would like to remind Members that, pursuant to 
committee rules, all Members' opening statements will be made 
part of the record.
    We certainly want to thank our witness for being here 
today, taking time to testify before the subcommittee. Our 
witness will have the opportunity to give an opening statement 
followed by questions from Members, and today we are going to 
hear from Dr. Donald Rucker, the National Coordinator for 
Health Information Technology for the United States Department 
of Health and Human Services.
    Dr. Rucker, we appreciate you being here with us. It has 
been a long time coming, and you are now recognized for 5 
minutes to summarize your opening statement, please.

  STATEMENT OF DONALD RUCKER, M.D., NATIONAL COORDINATOR FOR 
 HEALTH INFORMATION TECHNOLOGY, DEPARTMENT OF HEALTH AND HUMAN 
                            SERVICES

    Dr. Rucker. Chairman Burgess, Ranking Member Green, 
distinguished members of the subcommittee, thank you for the 
opportunity to testify.
    Since its start in 2004, ONC has worked to improve the 
quality, safety, and efficiency of healthcare. While hospitals 
and physicians have made great progress adopting electronic 
medical records, additional work is needed to increase the 
value of these records.
    Clinicians often spend hours a day at the computer. The 
Cures Act asks HHS to address clinician burden related to 
electronic records. In November, ONC and CMS released a draft 
strategy to reduce administrative burdens. We have worked with 
CMS to address burnout, changing documentation requirements, 
and simplifying reporting.
    The Cures Act directs the secretary to adopt policies to 
increase the trusted exchange of electronic health information. 
ONC has developed a proposed rule to support this exchange of 
clinical data. As requested, the rule will implement the Cures 
Act prohibition of information blocking by defining allowable 
exceptions. We want patients to get their medical records on 
their smartphones. We want consumers to get--to shop for care 
on their smartphones.
    To do this, the Cures Act calls for EHR developers to 
publish application programming interfaces, APIs, that permit 
secure access without special effort. We expect an app 
marketplace will evolve with products for both illness and 
health. Recently Apple introduced their health record app using 
the RESTful JSON and fire technical interface standards. Now 
over 100 health systems provide patients their data here. ONC 
has been instrumental in advancing the healthcare part of these 
standards.
    Some of our stakeholders have shared security concerns with 
the requirement to publish APIs. We take cybersecurity threats 
seriously. It is important to note that in general, APIs are 
not usually where security vulnerabilities
    reside. The OAuth standard used to authorize exchange 
through open APIs, and these are secure open APIs, provides 
robust security. Security breaches often reflect password 
issues or servers with unpatched operating systems.
    Secretary Azar has identified value-based care as a 
priority. The ability to analyze health outcomes for an entire 
group of patients rather than just one individual patient is 
essential to identifying providers with the best value. Today 
payers and employers have little information on provider 
performance. Often, payers are forced to negotiate contracts 
with hospital systems based on network consolidation rather 
than value. ONC is working with the HL7 standards group and 
ensures to build APIs that truly measure care. ONC is also 
working to increase connectivity among health information 
networks.
    There are about 100 regional national networks which 
exchange health information. While these organizations have 
made significant progress, connectivity across networks has 
been limited due to variations in technical and data use 
agreements. The Cures Act directs ONC to, quote, ``develop or 
support a trusted exchange framework including a common 
agreement among health information networks nationally,'' end 
quote.
    In January ONC released the first draft of the Trusted 
Exchange Framework. We will release an updated draft for 
further public comment. The Trust Exchange Framework can also 
support community information exchange. There is limited 
interoperability for patients with mental health or addiction 
illnesses. These patients move between emergency rooms, 
shelters, group homes, and treatment centers with little 
awareness of how often and how ineffectively these expensive 
services are being used. Regional health information exchanges 
are ideally positioned to link these patients and services.
    In summary, ONC has made great progress implementing the 
provisions of the 21st Century Cures Act. We believe the 
proposed rule for open, secure APIs with the Trusted Exchange 
Framework allow patients to get their medical care on their 
smartphone and to control the care they receive. We will 
continue to keep Congress informed.
    Mr. Chairman, Ranking Member, members of the subcommittee, 
thank you for the opportunity to testify. I look forward to 
questions.
    [The prepared statement of Dr. Rucker follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Burgess. Well, thank you, Dr. Rucker, for your 
testimony, and we will move to the question portion of the 
hearing. And I would like to yield my time first to the 
gentlelady from Tennessee again for her questions.
    Mrs. Blackburn. Thank you, Mr. Chairman, and I do thank you 
and your team for the work that you all are doing. And you 
know, in this town where they say there is no bipartisanship, I 
think that we would all say 21st Century Cures and working 
together, getting that across the finish line so President 
Obama could sign it, was one of the stellar accomplishments of 
our work here.
    You touched on privacy, and that is what I want to discuss 
with you because so many of the mHealth apps contain the most 
sensitive of information about us. And every day, as I am out 
working in my community or going to the grocery store or going 
to church, or you know, even a basketball game with my 
grandsons, somebody who is working in health technology will 
tell me about something that they are working on that is going 
to improve patient care in some way, shape, or form.
    But we have had the Browser Act which would require 
individuals to opt in, to share their sensitive information, 
and then they would have the option of opting out for non-
sensitive information. So as you look at the utilization of the 
mHealth apps and the plethora of these that are now in the 
marketplace on both the non-sensitive and the sensitive 
information, talk to me a little bit about how you see HIPAA 
evolving, how you see privacy policy evolving as it affects our 
healthcare data.
    Dr. Rucker. All right. So----
    Mrs. Blackburn. I know it is a lot to unpack in that.
    Dr. Rucker. Yes, yes, yes. Obviously, I think first and 
foremost, we have to protect privacy, right, so we have to 
think about, you know, what the software approaches are that 
protect privacy, and there are folks who do a very good job at 
that. If you look at, for example, the banking industry, the 
brokerage firm, there are some people who really have nailed 
the privacy stack.
    Right now, if you look at the mHealth world right now, I 
think there is actually a fairly stark divide between the apps 
that have access to clinical information and then the apps that 
don't, right. So you know, classically, the FitBit type of app. 
I think part of--in my understanding of Cures, part of it is to 
actually allow some merger of these things so that patients 
clinical information can ensure their broader health choices 
and not have this divide.
    As soon as we get to clinical information, we have to work 
with HIPAA. HIPAA, I think, is a very powerful, very 
straightforward rule that I think sets a very nice bound on 
privacy. There is absolutely nothing in ONC's activities that 
requires changing HIPAA, and so we follow HIPAA. We think it is 
actually a very solid rule to protect privacy. So there is a 
combination of technology on the security side.
    Clearly, the tools to really fully inform patients and to 
really get rich consent, I think some of this is honestly still 
a work in progress. I mean, we can look at specific things, but 
I don't think we have fully solved the full communication of 
how patients share information. That may be broadly true, you 
know, throughout the app economy. We believe what we are doing 
in the world will empower patients with fairly precise ability 
to control their information.
    Mrs. Blackburn. Thank you. I yield back.
    Mr. Burgess. The gentlelady yields back. The Chair thanks 
the gentlelady.
    The Chair now recognizes the gentleman from Texas. Mr. 
Green, 5 minutes for your questions, please.
    Mr. Green. Thank you, Mr. Chairman.
    Again, Dr. Rucker, thank you for being here. In the 21st 
Century Cures, we made a number of changes from the HITECH Act 
to address clinician burden and encourage communication between 
providers. What progress has been made to date with these 
changes to the 21st Century Cures Act?
    Dr. Rucker. Yes. There are a number of things, Congressman, 
that have happened already. So one of the provisions in 4001 is 
to actually start by identifying what those burdens are. So we 
have released recently a draft report out for public comment on 
a 70-page report listing what we think the main burdens are on 
physicians and other providers.
    These burdens come in a couple different areas, you know. I 
think the top level, documentation, some of the things around 
quality reporting, some of the things around just overall 
usability which, in and of itself, is a very complicated issue. 
Things like prior authorization come into that. In terms of 
what has been done, pleased to say working--and this report was 
done jointly with CMS.
    So working with CMS, we have had the first reconsideration 
of documentation requirements since the 1995 CPT things, trying 
to reduce reentry of data on, you know, parts of the history 
that aren't changing, so reducing reentry of data and 
flattening some of the economic incentives in the CPT coding 
system to do all of the boilerplate text that infiltrates all 
of the notes in America when you actually--and I have been a 
clinician for 30 years. I actually have to find out something 
about a patient and wade through this template, generate a 
text. There is more to be done there, but I think literally, 
the first effort at fixing this since 1995.
    CMS, and we have been part of that, has also simplified a 
number of the requirements around what was formerly meaningful 
use, clearing up things there and focusing on promoting 
interoperability to have a much more constrained set of 
reporting requirements. So those are some of the things that we 
have done directly out of the Cures Act.
    Mr. Green. Information blocking is a topic ONC's been 
examining since even before we passed the Cures Act. In fact, 
in April of 2015, ONC released a report on information blocking 
in the healthcare sector. In this report, ONC describes 
information blocking as when persons or entities knowingly and 
unreasonably interfere with the exchange or use of electronic 
health information. That definition alone without additional 
context creates a great deal of uncertainty about the specific 
practices that are considered information blocking.
    That is why Congress asked the ONC to draft a proposed rule 
providing more detail on what may or may not constitute 
information blocking. Unfortunately, this rule has still not 
been released, and I know your ability to discuss the content 
of the rule is limited. But Dr. Rucker, can you share with us 
some of the research and analysis that went into the 
development of the rule.
    Dr. Rucker. Yes. So what information to share is obviously 
one of the most complicated issues when you think about the 
vast amount of clinical information that floats in the care of 
a sick patient. In the care of, you know, all patients, there 
is just--we are looking at things like images. We are looking 
at lab tests. We are looking at notes. We are looking at 
consults. I mean, that is just scratching the surface, you 
know. Dozens and dozens and dozens of types of information, you 
know.
    Now we are looking at some of the prescription--you know, 
opiate descriptions, so lots and lots of information. It is a 
large world in terms of who potentially has information, who 
could share it.
    So our analysis has been focused, A, to understand the 
breadth of that from a legal--right, from a rule-making 
perspective to make sure we get try to the first time as 
opposed to sort of putting to stuff out that is a little bit--
you know, that needs a lot more further work.
    The areas that I think you can anticipate, you know, that 
have come up in this research are things like, first of all, 
just being in harmony with existing State laws, right. There 
are a lot of privacy laws, and so we have to think about that. 
We have to think about security issues. We were just asked a 
question about privacy and security. We have to think about 
cases where patients have deep mental illness where there may 
be some information issues.
    Frankly, we have to think about what can be charged, you 
know. We, you know, have heard where either the information is 
blocked simply by charges to share that information that appear 
not to be related to any observable software development cost.
    So those, Congressman, are the types of considerations that 
we have to consider in putting out the exceptions that we are 
asked to put out the exceptions as you have pointed out.
    Mr. Green. Thank you, Mr. Chairman. I have some other 
questions I will submit. I know I ran out of time.
    Mr. Burgess. The gentlemen yields back. The Chair thanks 
the gentleman.
    The Chair recognizes the gentleman from Kentucky, vice 
chairman of the subcommittee, Mr. Guthrie, 5 minutes for 
questions.
    Mr. Guthrie. Thank you very much, and I do want to echo, I 
am going to miss Mr. Green. He has been a good person to work 
with as vice chairman of this committee, and I am going to miss 
you and the chairmanship for, I guess, a lot of reasons, but 
you have done a great, great job, Mr. Chairman. We really 
appreciate your work as well.
    I have similar concerns that my friend, the future Senator 
from--the next Senator from Tennessee, I guess I should say 
now, she is not future, she is the next--about privacy. One of 
the things that I am working with my friend, Ms. Matsui from 
California, we have worked to reintroduce a bill related to 
developing Federal policy on blockchain technology, just trying 
to figure that out. So if you look at hardware and software, 
regulatory reform, and completely new technologies like 
blockchain, just so much is changing is what I am getting at. 
Where do you see the future of healthcare information going, 
and what can we do to best protect Americans' most sensitive 
information?
    Dr. Rucker. I think when you look at the protection of 
information, I think there are actually three areas to unpack 
here from, if you will, a somewhat technical point of view.
    One is the authentication, so when you log on, are you 
actually the person you say you are as opposed to somebody in--
you know, some rogue agent. So that is authentication.
    The second is authorization, right. Now that you have 
logged on, are you allowed to actually get this information 
from the point of view of the provider.
    And third is from the point of the view of the patient 
consent, right, and so these all actually have--especially 
authentication, have some very, very interesting technologies 
out there.
    I believe that the advance in technology is going to make 
some of these things materially easier in healthcare. Let me 
give you an example. It turns out today that pretty much you 
can authenticate anybody from their ownership of their cell 
phone, right. And even if some rogue agent gets your cell phone 
account number and tries to switch it out, there is so much 
information in just how you have configured your apps, where 
you use the cell phone, how you use it, how you, you know, 
swipe on it, that there are a number of companies out there 
that can authenticate to a very high degree. I am told a lot of 
the financial services industry uses that, so I think the 
broader technologies on security are getting much better.
    One of the things that we are very focused on at ONC is 
making sure for the critical security privacy things that we 
don't cook up healthcare-specific things that, you know, will 
then make healthcare more vulnerable because they are more 
outdated, they haven't kept up with the most modern technology. 
So as you hear us talk over time, we are very conscious to try 
to have the best security tools that are out there and not 
inadvertently do any type of policies that prevent that from 
happening. Hopefully that gives you a bit of a flavor of how we 
unpack that.
    Mr.Guthrie. Thanks. Thank you. And also, in your testimony 
you mentioned that payers and providers who negotiate contracts 
based on quality, and I couldn't agree more. Can you please 
explain ONC's role in collaborating with payers and providers 
on developing standards? The question is how do you determine 
the quality? That is where we----
    Dr. Rucker. Yes. And so this was a bit of a surprise to me 
which, from just my clinical experience as an ER doc, right now 
when you talk with a lot of the large payers, they actually 
have--they get the claims data very rapidly, right, so that is 
all electronic and pretty much instantaneous. It is actually 
very hard for them to get clinical data.
    So typically, if they want to get clinical data, they can 
either in the network contracts negotiate that there are, you 
know, queries, so database downloads, very narrowly defined, 
predefined, or they can go out and download the entire record 
at a cost, I am told by some of the largest payers in the U.S. 
of between $4 and $6 per chart, right.
    So at $4 to $6 per chart, you can't actually be downloading 
everybody's, you know, record. That is prohibitive from a cost 
point of view.
    In working with some of the research folks we have worked 
with and the payers, pretty much simultaneously, it turns out 
that the new FHIR standards that we are implementing, that the 
whole healthcare ecosystem is very excited about and is 
implementing can be extended to get a population of patients, 
get that data.
    This is critical for things like the learning health 
system. It is critical if we are going to have payers figure 
out what they are getting from providers. So it is really 
having the ability to use all the big data things we are 
talking about from a computational point of view is what that 
is about. We work very tightly with them. We have a whole 
standards group that works on that. Steve Posnick who is it 
right here leads all of that work, I am pleased to say.
    Mr. Guthrie. OK. Thank you. I appreciate your answers, and 
my time's expired, and I yield back.
    Mr. Burgess. The gentleman yields back. The Chair thanks 
the gentleman. The Chair recognizes the gentlelady from 
California, Ms. Matsui, for 5 minutes of questions, please.
    Ms. Matsui. Thank you, Mr. Chairman, and thank you, Dr. 
Rucker, for being here. This is a hearing that I have been 
looking forward to. Several of us are working on the telehealth 
working group, and we really believe that this attention has to 
be paid on particularly in telehealth because we know not only 
is information sharing important but also the security aspects 
of it, and we also know that we want the patient to be able to 
access a lot of this information and the providers.
    You know, the healthcare providers face an onslaught of 
cybersecurity threats. I think a June 2017 healthcare 
cybersecurity task force report went so far to identify 
healthcare's cybersecurity as a key public health concern that 
needs immediate and aggressive attention. Now, with that in 
mind, I am really concerned that as data moves more freely and 
becomes interoperable which we want, there may be more 
opportunity for bad actors to compromise this data. While open 
APIs may be common to a tech space, standards aren't in place 
for healthcare.
    And I am particularly interested in this because 
healthcare--the information provided in healthcare is very, 
very personal to an individual, and in particular, as we also 
talk about mental health too because there is still a stigma 
attached to some of that information.
    So Dr. Rucker, what is ONC doing to enhance the 
cybersecurity readiness of healthcare providers as we encourage 
more data to be shared across the healthcare ecosystem?
    Dr. Rucker. Yes. So, I think there are a couple of things. 
I think, first of all, as a background, we are very mindful. 
The biggest cybersecurity risk generally is just system 
complexity, right. When you just look at it, it is the built 
footprint. It is the number of passwords. That is the biggest 
risk. So we are, A, just mindful. Are we, you know, increasing 
system complexity, you know, in quirky kind of ways.
    The open API, honestly, in some ways is a bit misnamed. It 
should really be a very secure API. It is like--you know, it is 
the difference between a door that is open and a door on a bank 
vault, but there is a lot of protection on that. We are really 
talking more the door on the bank vault. The term, the O of 2 
standard. So there is a very tight sort of three-way standard 
that authenticates patients to make sure that it is them and 
that they are getting the data and that it is being transmitted 
securely. So those are the policies that we encourage in our 
rulemaking. You will see those high technology standards to 
actually provide all of that security on access and transport.
    So that is--I mean, that is the technical answer. I think 
the broader answer is we just have to be very mindful of this. 
The mental health issues are huge, all of these issues, and of 
course, it is forever, right, when something gets out. It 
doesn't--there is no way to retract it, right.
    Ms. Matsui. Right.
    Dr. Rucker. It is literally forever. I think there will be 
over time an evolution of how patients think about their data. 
There is clearly an education task on what apps patients would 
allow to access their data that I think is out there. So there 
are a bunch of components. Again, there may be some interesting 
new technologies to allow that.
    Ms. Matsui. OK. Then what is ONC doing to ensure that 
consumers understand their rights? Specifically, when a 
person's data is transferred from a health system to an app of 
their choosing using an API that the data is no longer 
protected by HIPAA. I know HIPAA came up before, but----
    Dr. Rucker. Yes.
    Ms. Matsui. It is really sort of the standard that we have, 
and we have had discussion before, particularly in the mental 
health arena.
    Dr. Rucker. Uh-huh.
    Ms. Matsui. And it becomes a little bit more complicated 
because individuals themselves may not be able themselves to 
understand what this really means. So I am curious because 
there are many, many layers to some of these API's that even if 
people give some consent, they really don't understand.
    Dr. Rucker. Yes. Well, this is evolving, but in the initial 
go-around, we are trying to make it a very conscious process 
where patients actually have to get authenticated by going back 
to the portal, right. The challenge here, the first challenge 
is how do you authenticate. So we are making it a very 
conscious process. This is not one of these things where you 
just sort of click, you know. We have all clicked through 
consents, right.
    Ms. Matsui. Right.
    Dr. Rucker. There is nobody here who hasn't clicked through 
who knows how many consents with GPR and all of that, you know. 
It is every day, right, you know, click through consents. We 
are making this a very conscious process so people understand. 
Actually, the authentication--let's say there is an app that 
they want to use. They have to go back to the provider and 
authenticate to get that transfer, so it is really a three-way 
party thing. So we think it is a very conscious thing as a 
start, so nobody's just accidentally clicking through the way 
we do on much of the rest of our lives.
    Ms. Matsui. OK.
    Dr. Rucker. I think that is a big part of it to start. And 
then, you know, we are working with our community on what--you 
know, what that information is. We have done various things 
with the Office of Civil Rights, with SAMHSA in terms of mental 
health to sort of propagate an understanding on that.
    Ms. Matsui. So you are basically saying it is a work in 
progress as of this moment right now.
    Dr. Rucker. Part--I would say the long-term public use of 
their datas is definitely----
    Ms. Matsui. Right.
    Dr. Rucker [continuing]. To be determined. We are putting 
it out. The rules we are putting out are to allow it securely, 
but, you know, how that--you know, what the public take on that 
is, you know, it is----
    Ms. Matsui. Right. Well, I see I have gone way over, so 
thank you very much. I yield back.
    Dr. Rucker. Thank you.
    Mr. Burgess. The gentlelady yields back. The Chair thanks 
the gentlelady.
    Before I recognize the gentleman from Ohio, I do want to 
point out that it was a visit to the gentleman's district 5 or 
6 years ago when I spoke to your medical staff section when 
many of these problems with interoperability were really 
brought home to me in a way that had not previously been 
disclosed, and the intensity of that the exchange that morning 
is one of the things that I have carried with me over these 
years which actually has led up to the language in the Cures 
bill, the previous interoperability bill that I had done.
    And now I am pleased to recognize the gentleman from Ohio. 
Five minutes for questions, please.
    Mr. Latta. Well, thank you very much, Mr. Chairman, and I 
want to thank you not only for coming out that time, but you 
have come out to the district twice to speak with folks in the 
healthcare community. And it is by having that personal touch, 
you might say, is where you get this what is going on with the 
professionals out there and the other individuals in the 
healthcare industry are facing, so I appreciate that.
    If I could also take a quick point of personal privilege to 
thank the Ranking Member, the gentleman from Texas, for all 
your years here on--service on the committee and also on all 
the different pieces of legislation that we have worked on 
together. I just want to thank you very much for your tenure 
and best wishes in the future. So thank you very much.
    Mr. Burgess. The gentleman yields.
    Mr. Green. I appreciate the working relationship. My most 
fun was when we worked across the aisle, both our leaderships 
worried about it, so thank you.
    Mr. Latta. But it always turned out.
    But thank you very much, Dr. Rucker, for being with us 
today, and you know, you have been hearing quite a bit of the 
questioning, especially when we were talking about 
cybersecurity because, in fact, the majority staff just put 
this out last week which is our cybersecurity strategy report 
that came out on December 7. And we have done a lot of work on 
this committee on cybersecurity, but I would like to go back 
just--if I could, just because there have been a lot of 
questions on the cyber side.
    You were talking about some of the problems that you looked 
at with cybersecurity in health is because the subcommittee I 
chair on digital commerce, we had a hearing that involved a lot 
of people that had been breached, and it was because the 
question about something hadn't been patched.
    But you talked about something, you just mentioned about 
somebody having been unpatched but by some providers. How do 
you look in the future that, you know, you through your group 
with ONC and HHS can make sure that these things get patched 
because that is one of the problems we have out there, you 
know. Can there be a cure real quick, but if this isn't done, 
isn't followed, then we have a massive breach out there.
    So how do you--you know, because it is, you know, you talk 
about the voluntary, or you could be talking about maybe more 
of a forced approach, but how you are going to encourage these 
things to be patched.
    Dr. Rucker. I think, you know, part of it is just I think 
people have more and more awareness of this. I think--you know, 
so I think there is that out there. There is actually a--you 
know, we have specific provisions on the Medicare side and 
payments with promoting interoperability that folks have to do 
a security assessment.
    So we are actually asking providers or requiring--you know, 
asking is, I think, a nominal term when there are Federal 
incentives and disincentives involved. But we are actually in 
that program asking providers to do a security analysis, just 
to sort of a self-awareness to be aware of these things.
    I think there is an evolution that more and more of those 
things are moving into the cloud and to distributed computing 
where you don't have to maintain all of that on your own--you 
know, on your own just IT shops.
    So I think security is a large part. I mean, there are 
other cost drivers. I think security is a large part of what's 
driving that. I think there are also increasing encryption 
technologies so that, if you do actually get at some of this 
information, that it is less damaging.
    So I think there is a conjunction of trends that are coming 
together, but there is clearly--and the vendors, of course, do 
a huge amount of work here, right, in putting this out for 
their customers. So it is that combination of things. It is not 
perfect by, you know, any means.
    Mr. Latta. Well, do you see the ONC, then--just to follow 
up real quick on that. Do you see that the ONC would be--if 
there is some kind of a breach out there or there is something 
out there that can be patched that you would be putting 
information out there to say that look, you have got to really 
get out there to make sure that this is being taken care of 
because, you know, this is an imminent threat with all these 
records out there.
    Because again, a lot of folks out there are very, very 
concerned, of course, that what happens to those records once--
you know, as the practitioners are putting it in the computer, 
all of a sudden it is out there then.
    Dr. Rucker. Yes. Actually, a lot of that happens at the 
level of HHS, right. So, HHS has a cybersecurity process, a 
strategic operations center that is geared to do that. We are 
starting to work with a number of countries globally with their 
governments, their healthcare, you know, ministries and the 
folks there on information technology to think about how we get 
even more global rapid notification of these threats.
    So those are some of the things out there. But right now 
that is largely the initial response, right, because these 
things sometimes have to be, you know, pretty much 
instantaneous. It is coming through the cybersecurity work at 
HHS and the command center there just because of the scope. ONC 
has--you know, obviously we are not--we don't have a big 
operational footprint as a small staff agency to do that, so we 
rely on that broader set of HHS tools.
    Mr. Latta. Thank you. Mr. Chairman, my time has expired, 
and I yield back.
    Mr. Burgess. The Chair thanks the gentleman. The gentleman 
yields back.
    The Chair now recognizes the gentlelady from Colorado, Ms. 
DeGette. Five minutes for questions, please.
    Ms. DeGette. Thank you, Mr. Chairman.
    Dr. Rucker, when Mr. Upton and I worked on the 21st Century 
Cures Act along with this whole committee, one of our concerns 
was really improving interoperability of health data systems 
because all these wonderful advances that we achieve won't be 
very useful unless we do that. And we also felt at the time 
that one of the least fleshed-out areas of the bill, shall I 
say, was the interoperability and some of the health data. And 
we had hoped that we would be able to, frankly, be farther 
along now than we are in these areas.
    So I kind of want--I know you've been answering a lot of 
really specific questions that Members have, but I would like 
it if you can take it back out a little bit and talk for a 
moment about what the biggest impediments in general to greater 
interoperability are at the moment and maybe talk a little bit 
as we move into the 116th Congress about what Congress could 
do, if anything, to help ONC further the goals set out by Cures 
because again, I think that my colleagues on both sides of the 
aisle will agree. Even though the leadership is changing, we 
still have a strong commitment to implementing this fully.
    Dr. Rucker. Yes. So, obviously, I wish I could tell you 
that the rule had been passed through clearance and so we could 
talk about the exact specifics of that rather than talking 
about it with a certain amount of generality, but there are 
some fairly specific things I can talk about that are part of--
they are part of interoperability.
    Why there is not interoperability is a very complex, 
multilayered thing, and it, frankly, starts with the raw 
complexity of human biology, right. Unlike a financial 
transaction where there is, you know, a dollar sum and a 
destination and maybe a few other pieces of data to describe 
that, the human biology, just think about the thousands of lab 
tests, all the different modalities of imaging, all the 
different narrative. It is immensely complicated, and most of 
that is not standardized. It is not really structured data, so 
there is an innate complexity there.
    Then you get into the business things. Then you get into 
just the technology. It is worth noting, and I am dating myself 
here, but the first couple years I was involved in building the 
first Windows EMR, right. So, you know, advice to anybody, 
don't build a software product with Windows 2.1. It will crash 
during your demo for sure.
    But even, you know, years later, with Windows 95 was the 
first time there was even a TCP/IP internet stack that you 
could even communicate. Before that--and you all are too young, 
but for anybody who's, you know, listening, on the internet, we 
had to do those, like, RS232 ports and serial wires, right. You 
know, there was no Bluetooth. There was no WiFi. So I am 
intimately familiar with that.
    I look at these things, I think, in a good and ready 
framework to take it to the top level.
    In Cures there are two powerful components. One is the API 
which means how do you connect to individual providers' 
records, right. So what is that end point where you connect to 
the record.
    The other is the Trust Exchange Framework. What is the 
sharing network? Some cases make a lot more sense connecting to 
the record. Other cases make a lot more sense sharing. There 
may be hybrid approaches. So, for example, Apple has a hybrid 
approach. So what Apple does is they have single point 
connections, and they--well, let me be clear. They broker, 
actually, a connection between the patient and the provider 
providing security. Apple does not get that data.
    Ms. DeGette. So I hate to interrupt you, Dr. Rucker, 
because what you just described right here in 4 minutes of my 5 
minutes of time is exactly what Mr. Upton and I identified, why 
it was impossible for us to be much more robust.
    What can Congress do going forward to not just identify the 
problem that you so much better than I can articulate it, but 
what can we do? Are there legislative barriers to trying to 
overcome these burdens and to move forward?
    Dr. Rucker. I feel pretty confident that what has already 
been passed, when we have the rollout will be, I think, very 
effective increasing interoperability.
    Ms. DeGette. All right. OK. Great. Thank you. I love 
hearing that.
    One last thing. When can we expect the regulation to be 
released?
    Dr. Rucker. I do not have a specific date for you.
    Ms. DeGette. Well, that is OK. Like, a timeframe is good.
    Dr. Rucker. So it is currently in clearance with OMB, so I 
think that tells you that all of the text has been written. All 
of that has been done. All of the analysis that I think 
Congressman Green was asking about.
    Ms. DeGette. So soon, you think?
    Dr. Rucker. I am optimistic that it will be soon, but these 
are folks that are not under my control, so I don't honestly--
--
    Ms. DeGette. Thank you.
    Thank you, Mr. Chairman.
    Mr. Burgess. The Chair thanks the gentlelady. The 
gentlelady yields generally. The Chair now recognizes the 
gentlemen from Virginia, Mr. Griffith. Five minutes for 
questions, please.
    Mr. Griffith. Thank you very much, Mr. Chairman.
    First, I would be very remiss if I didn't say thank you to 
Mr. Green for all of the work that he has done. He has been 
willing to discuss ideas. We worked together on a couple 
things, and some of them were big. Our pharmacy--compounding 
pharmacy bill was a big deal, and I appreciate all that and 
appreciate your help on that. Likewise, I look forward to 
finding out what those rules are when they come out as Ms. 
DeGette was just asking you.
    And Mr. Chairman, I think this is an important hearing, but 
a lot of the questions have already been asked. Some will 
additionally be asked, and I will be looking forward listening 
to the answers to those. At this time, however I would yield my 
time to Dr. Bucshon.
    Mr. Bucshon. Thank you very much for yielding. ONC's 
recently released draft Clinician Burden Report acknowledges 
how information overload and electronic health records is 
contributing to physician burnout. I was a physician before I 
was in Congress. How does the ONC plan to address these 
challenges faced by clinicians? Would open application program 
interfaces help address some of the challenges by making 
electronic health records easier to use in a clinical setting?
    And let me just be brief about my own experience Spears. I 
support EMRs. We put one in our medical practice in 2005. I 
wouldn't want to go back to paper charts. It is a major 
advance, but we have challenges as we have heard here today.
    One of the big ones I am concerned about is the physician 
burden, and so if you were to address how that the ONC plans to 
address the physician challenges, I would appreciate that.
    Dr. Rucker. Yes. To get to the very specific part, we do 
believe that having better, more robust application programming 
interfaces will make it easier to get data on patients, so when 
you get a referral patient for your practice or send somebody 
to another provider that that will be materially easier. We 
have made a lot of progress there, but the progress has been 
patchy.
    In terms of the burden, there are a number of areas that we 
are working on. I mentioned documentation which is, I think, 
one of the biggest areas. We are doing a number of things on 
usability, working with the vendors there on that. We are 
actively engaged in ongoing discussions with CMS on are there 
other things we can simplify in the CMS stack which, as you 
know, includes quality measures of a vast type of varieties.
    CMS is working on clinical quality language to try to make 
that whole process less burdensome. An area that we are working 
on internally and with CMS and outside stakeholders is on prior 
authorization which is another big thing that has been 
extremely problematic for everybody. And the thought there is 
can we use interchange standards so this is not having your 
office waiting on the phone with a payer, you know, for--who 
knows, for some cryptic, ill-defined set of information that 
you don't know ahead of time to decide whether something is 
authorized. This is bad for patients. It is bad for providers.
    So those are some of the areas. We are happy to get into 
much more detail.
    Mr. Bucshon. Sure.
    Dr. Rucker. You know, in these 5-minute slots----
    Mr. Bucshon. Yes. It is a complicated problem.
    Dr. Rucker. We can't even again to go into nuance.
    Mr. Bucshon. Can I express one concern about code 
consolidation, you know, and simplification as it has been 
promoted. The physician community, as you probably know, has 
concerns about code consolidation even though going from one to 
three codes, for example, something like that as the billing--
different billing levels. There is a specific concern that very 
complicated patients that currently bill level 5 now would be a 
level 3 but that the reimbursement wouldn't be consistent with 
a level 5. So we would have physicians specifically that see 
very complicated patients are very concerned about, and I know 
you are aware of that situation.
    I have personally voiced that concern to Administrator 
Verma. I think they understand that, but it is very laudable 
what they are doing. They, as you know, have a Patients before 
Paperwork program that goes through a lot of these things.
    So you know, the challenges that we have today are 
obviously security and, really, and interoperability. The only 
way I see that you totally secure a patient's medical record is 
you never put it on a computer, but we are not obviously going 
to do that. Are you talking about educating, you know, broader 
educating people to utilize the computers including staff and 
physicians on proper password management? I mean, basic 
fundamentals, right? And if you look at cybersecurity, the 
first thing is--the first step is the user and their password 
stuff.
    So what are you all doing to try to-- you know, there are 
obviously big things we can do on cybersecurity. What are you 
doing to fundamentally educate people that access the system on 
how they protect their information?
    Dr. Rucker. Right. So, you know, to mention briefly, 
obviously we have that as part of the promoting 
interoperability program with Medicare just so that, you know, 
folks at least have one exposure to doing that. We have done 
work with the Office of Civil Rights on educating patients on 
that.
    Mr. Bucshon. So my time has expired. I am fine with a 
written response to that.
    Dr. Rucker. We would be happy to provide you with a written 
response.
    Mr. Bucshon. Send that to the committee.
    Dr. Rucker. We would be happy to provide you with a written 
response on that.
    Mr. Bucshon. Thank you. I yield back.
    Mr. Burgess. Does the gentleman from Virginia from yield 
back? The gentleman yields back.
    The Chair thanks the gentleman. The Chair recognizes the 
gentlelady from California, Ms. Eshoo. Five minutes for 
questions, please.
    Ms. Eshoo. Thank you, Mr. Chairman, not only for having 
this hearing today but for your service as chairman of the 
subcommittee. We all salute you for the work that has been 
done, and even though Gene Green is not here, I want to 
acknowledge his work with you. I think that you have been an 
excellent pair of leaders of the subcommittee, and Gene and I 
were classmates. We came in the same year, so thank you to both 
of you.
    Dr. Rucker, welcome. I can't help but think that I am 
listening to someone whose job I created because I did the 
legislation to establish the Office of National Coordinator of 
Health Information Technology. That was signed into law as part 
of the American Recovery and Reinvestment Act, what, 9 years 
ago, in 2009.
    Now, the legislation also addressed, as you know, 
electronic health record interoperability, and I think that you 
have heard from just about every Member that has questioned, 
made comments, that we are still having issues with it. We 
don't have a seamless system of interoperability in our 
country. It seems to--you have talked about many things that 
you would like to look at or that you are looking at, but it 
seems to me that you are testifying today in a state of limbo 
because the rules have not been written, so it is--I think--it 
is a little awkward, I think, but nonetheless, we can still ask 
you whatever questions we want, right?
    I would like to--you mentioned in your testimony, in your 
written testimony Apple's, health records app. Now, I have seen 
the app, obviously, firsthand. I think it is a very exciting 
concept, and I think it is important for patients to be able to 
access their health data, but that requires health systems to 
make their data available. And it also, going back to an issue 
that is been raised by just about every single Member, it 
introduces the need for additional privacy and data security.
    So I just want to ask you a direct question. How are you as 
the director going to address this?
    Dr. Rucker. So----
    Ms. Eshoo. Not how you think you might or what some several 
ideas are. Do you have a specific----
    Dr. Rucker. Yes.
    Ms. Eshoo [continuing]. Answer to a specific question? 
Thank you.
    Dr. Rucker. Yes. So the upcoming Cures will specifically 
address the security requirements for what you are referring to 
which is the application programming interface that providers 
need to provide. That will be--it is going to be part of the 
certification process for electronic health records that API 
exists, and we are designing it in a way to use industry 
standard API technology to maximize security. So those are very 
specific things with very specific technology.
    We have--to the earlier part, just by--I have probably had 
150 stakeholder meetings and been out on the speaking circuit. 
So we have actually already made a fair amount of progress in 
getting people to understand the concept of open APIs. Some of 
the large vendors have opened up their APIs in response to the 
Cures Act.
    We are seeing a lot more network sharing which I believe, 
when you look at the temporal sequence of events, is based on 
the upcoming Cures Act rulemaking. So even as we speak, the 
Cures Act has had a significant impact on what----
    Ms. Eshoo. If you were going to grade interoperability when 
it comes to electronic health records in our country, what 
grade would you give it?
    Dr. Rucker. It is highly patchy which is the problem. There 
are A students, and there are F students.
    Ms. Eshoo. Patchy is not----
    Dr. Rucker. Right. So I guess maybe it averages out to a C 
minus, but it's an average. It's an average.
    Ms. Eshoo. And when was the last time you had any 
communication from OMB? Are they the ones that are--who is 
writing the rule?
    Dr. Rucker. ONC is writing the rule.
    Ms. Eshoo. ONC?
    Dr. Rucker. ONC is writing the rule.
    Ms. Eshoo. I see.
    Is there anything that you think is missing from the 
legislation that you need relative to implementation?
    Dr. Rucker. I have to be honest. I was surprised at how 
thorough it was when I actually read it and took the position, 
and I obviously hadn't read it in great detail before. I was 
amazed at how thoughtful it was and how well put together it 
was.
    And, you know, I was extremely pleased coming into the 
National Coordinator, and I want to thank, frankly, my 
predecessors because I know there was a lot of technical work 
and a lot of technical support with my predecessors under the 
Obama administration working with Congress to support Congress 
in the bipartisan way in putting that together.
    So I think I was pleased, and I think we have accomplished 
something in a you know, bipartisanship trajectory.
    Ms. Eshoo. Thank you. Merry Christmas.
    Dr. Rucker. Thank you.
    Mr. Burgess. The Chair thanks the gentlelady. The 
gentlelady yields back. The Chair recognizes the gentleman from 
Missouri, Mr. Billy Long. Five minutes for your questions, 
please.
    Mr. Long. Thank you, Mr. Chairman, and there is Gene Green 
back. I just want to echo what everyone has said about my buddy 
Gene. We are going to miss you and Helen, and thank you for all 
your years of service to Congress, to the committee, to the 
folks in Texas. You are going to be a big loss for us.
    Dr. Rucker, when Obamacare first went into effect, I 
happened to have an appointment with my doctor shortly after 
that. And I went in, and I thought I was going to have to give 
him--prescribe him blood pressure medication for the amount of 
paperwork that he--he said you sit there, you sit there, and I 
have to enter all this in the computer. I have to--you know, 
and he was so upset about the burdensome paperwork. Shortly 
thereafter, he decided to take early retirement. He just said I 
am out of here. He wasn't at retirement age, but he just had 
all the fun he could stand.
    And when I talk to physicians, they mention how overly 
burdensome their paperwork requirements are and how too much of 
their time is spent on data entry instead of seeing patients. 
He calculated he lost 1 day a week of seeing patients because 
of the amount of paperwork he had to do. So instead of seeing 
patients 5 days a week, in essence, he was seeing them 4 days a 
week.
    In November, ONC and CMS released a draft strategy on 
reducing regulatory administrative burdens. What do you think 
the main driver of this burden is, and what would----
    Dr. Rucker. In working with CMS on that report, I think in 
deciphering out just some of the times, you know, the time 
component, a lot of people have told us it is over a day a 
week. It is over 20 percent. You know, when you go to 3 or 4 
hours a day, I think 20 percent would be on the low side.
    I think, to me, the biggest area to start with is 
documentation. So because we are gating fee-for-service through 
the CPT billing codes, they have sort of--they have a bit of 
what, you know, in a Pavlovian psychology thing could call an 
reverse of stimulus. If you want to get paid more, you have to 
deal with more of this burden. I think that has caused huge 
dissatisfaction.
    I have worked with thousands of doctors, you know, in the 
ER. It is sort after communal pit. You hear what everybody 
says. I know in talking with thousands of people, they hate 
this. It is very hard for us to teach this to the residents. 
They look at us, like, are you out of your mind? Literally. So 
that is a big issue.
    Prior authorization. We hear that is a little bit more 
specific to the types of practices. It is a big issue. We have 
heard quality, some of the quality measure reporting, very 
expensive and time consuming, and frankly, we are getting an 
early signal, and we are doing a lot of work at ONC to try to 
make sure that the prescription drug monitoring programs don't 
become an additional burden, you know. They are required pretty 
much in every State, and often that means you have to get out 
of your computer, logon to another computer, get out again, 
document it. That is a lot of time on a go-around, right, about 
a because you know how long it takes to logon to a computer 
even if you can memorized all niece passwords.
    So we are, you know, doing some work to sort out, and I 
know a number of people are working on integrating PDNP into 
the record so that we are not adding additional burden 
inadvertently as we try to solve the opiate crisis.
    Mr. Long. So are there health IT system usability problems?
    Dr. Rucker. Yes.
    Mr. Long. What are some of the key recommendations from the 
strategy, and how can we reduce the overall burdens on 
clinicians?
    Dr. Rucker. So key recommendations from the strategy. We 
discussed documentation. We discussed prior auth. Those are 
things on usability. The Electronic Health Records Association, 
the vendor association, is working on standardizing some 
things, even small things like what is the order of results? Is 
it the most recent result first? Is it the first result first? 
Even some simple things like that.
    The APIs in terms of getting the programming interfaces to 
get data from other providers is going to be a big thing. The 
quality group at CMS with whom we work with quite intensively 
have a number of programs they are working on to make quality 
measures more responsive, more real, and simpler. We have 
worked a lot with CMS in just the rules around, you know, what 
used to be the Electronic Health Records Incentive Program, 
what is now promoting interoperability.
    Seema Verma has been very aggressive in pushing everybody 
she can get her hands on, and that includes me, in terms of 
making things easier and working with CMS to do that, so a 
number of things are in progress.
    Mr. Long. So you are working with stakeholders in 
developing these strategies----
    Dr. Rucker. We have had meetings with about 150 
stakeholders, and many of the meetings have been on burden.
    Mr. Long. OK. Mr. Chairman, I don't have any time to yield 
back, but if I did, I would.
    Mr. Burgess. The Chair appreciates your willingness.
    The Chair now recognizes the gentleman from New York, Mr. 
Engel. Five minutes for questions, please.
    Mr. Engel. Thank you, Mr. Chairman, and I too want to 
express my chagrin at Gene Green not going to be here any more, 
but I know he is going to be doing some great things and with 
some time, spare time, with his wife and--with Helen, and I 
just want to tell everybody how much we are going--we always 
sat next to each other. We are going to miss you.
    Mr. Green. I haven't got him to talk like a Texan during 
all of that.
    Mr. Engel. I would attempt to do it, but I would just 
laugh--make a fool of myself.
    Thank you, Dr. Rucker, for being here today.
    As you know, in May, the GAO issued a report on the 
challenges patients and providers face when it comes to access 
to medical records. And I am particularly concerned about this 
finding in the GAO's report, and I quote it.
    Patients' challenges include incurring what they believe to 
be high fees when requesting medical records, for example, when 
facing severe medical issues that have generated a high number 
of medical records. Additionally, not all patients are aware 
that they have a right to challenge providers who deny them 
access to their Medicare--medical records.
    So, Dr. Rucker, let me ask you. Is ONC doing anything to 
help mitigate the costs that patients face as a result of this?
    Dr. Rucker. Yes. By law, the electronic access to records 
is something that should not be charged for. As the open 
application, the application programming interfaces under Cures 
are designed, and our rulemaking will implement that patients 
can direct their smartphones at the providers' end point,you 
know, the URL, if you will, and download their records and do 
it in a way that is convenient to patients. They can aggregate 
records from other providers. We believe there will be apps to 
do that.
    Apple already has one. There are smaller companies that 
have these apps out there now. We believe this line of business 
will grow. It will add value in all kinds of ways, but I think 
the key practically is charts, you know, the printouts of these 
charts.
    Now, if you get a, quote, printout from one of these 
electronically generated charts, it is hundreds of pages of 
stuff that is impossible to read for a physician, let alone a 
patient. When you are on the inbound side of this in referrals, 
it basically jams up the laser printer fax machine.
    At Ohio State where I work, I am told by some of their 
staff they would get 90 calls a day where inbound faxes were so 
large that they jammed up the nursing units' fax server which 
are, you know, the laser printers on the unit. Smartphones are 
powerful computers and I think are exactly what we need to get 
patients their records and to do it in a way that patients can 
control their care and, frankly, shop for their care.
    Mr. Engel. Well, doctors who can't read it know how the 
rest of us feel when we try to read doctors' signatures or 
doctors' notes.
    What about patient education? Is anything being done to 
ensure that patients know that they have a right to access 
their medical records?
    Dr. Rucker. We have worked with the Office of Civil Rights 
on an ongoing basis, I think over a number of years, to 
describe for patients how to get their information. Now, some 
of this is consumer marketing. We don't have a budget for 
consumer marketing, but to the extent that we are able, we are 
encouraging that, and we believe that with the open APIs, there 
is going to be a lot more public awareness of the availability 
of this because right now, that is--you know, these simple 
things aren't available, so it is hard for people to learn 
about them because what they learn about is so complex.
    Mr. Engel. Thank you very much.
    Thank you, Mr. Chairman.
    Mr. Guthrie. Thank you. The gentleman yields back. The 
Chair now recognizes Mr. Bilirakis for 5 minutes for questions.
    Mr. Bilirakis. Thank you so much.
    Dr. Rucker, HITECH made available over $35 billion to 
modernize HIT infrastructure centered on the meaningful use of 
certified EHRs. These incentive funds were designed to assist 
eligible providers to purchase, implement, and maintain her 
systems as well as meet criteria to advance reporting on 
quality indicators. While the implementation of the HITECH was 
far from perfect, it was the launching pad for the 
implementation of her ecosystem we have here today. Yet certain 
provider types such as behavioral health providers were not 
eligible for this incentive funding to build out electronic 
health platforms.
    Meanwhile, today as a result of the opioid crisis and 
increasing suicide rates in the U.S., we are increasingly aware 
of the importance that behavioral health plays in whole 
personal--person care, healthcare. Given that behavioral health 
was carved out of HITECH and serves as a critical linkage to 
integrated care, what, if any, plans exist to cross this 
bridge?
    Dr. Rucker. Well, I think first--there is, first of all, a 
start with the Center for Medicare and Medicaid innovation in 
the support act, the recent opioid act to, you know, look 
specifically at the question of behavioral health records.
    I think one of the big opportunities we have is to use 
these regional health information exchanges to share even the 
simplest of data on patients with behavioral health and 
substance use issues. The data I am talking about because as an 
ER doc, you see these people. They float in and out of the 
system. They float from group homes, shelters, all kinds of 
situations.
    In some parts of the country, health information is simple 
ADT. ADT is admit, discharge, transfer. So all it says is where 
was this person? Where are they located? That simple 
information often helps to coordinate some of this care, so 
there may be a very low-hanging fruit here that is worth 
looking at, and we are looking at how to expand that to get at 
the behavioral health issues.
    Part of the challenge is a lot of these folks, as you 
pointed out, don't have software, per se, right. So, but to the 
extent they do have software and any ability, this is sort of 
the simplest common denominator that we think--we have some 
anecdotal experience that's going to be very powerful for 
helping these folks. I have taken care a lot of these folks 
over many, many, many years, so I am pretty excited about 
trying to do something in this role.
    Mr. Bilirakis. Thank you. All right. Next question. What is 
ONC doing to enable physical therapy and other non-physician 
her vendors to satisfy certified her technology requirements?
    Dr. Rucker. Yes. So for the broader healthcare ecosystem, 
the biggest thing we do, you know, in areas where we are not, 
per se, certifying, you know, for the non-certified part of 
that world is a lot of work on standards, right. So people can 
share information, have lower costs of getting information, 
providing information, entering information. We do a lot of 
standards work. We actually summarize it with an 
interoperability standards advisory which is a constantly 
updated database of the best standards in healthcare. We have 
used resources to encourage some of these standards.
    We do a lot of work with a number of the standards 
organizations, most specifically HL7, and we have also 
supported some of the deeper technical things needed to advance 
standards to make, you know, the communication across the 
healthcare board more efficient.
    Mr. Bilirakis. OK. I guess I have a couple more. You know 
what? Let me just go ahead and submit them for the record, Mr. 
Chairman, in the interest of time. Thank you.
    Mr. Burgess. The chairman yields back. The Chair thanks the 
gentleman.
    The Chair recognizes the gentlelady from Indiana. Mrs. 
Brooks, 5 minutes for your questions, please.
    Mrs. Brooks. Thank you, Mr. Chairman. Thank you, Dr. 
Rucker, for being here.
    I also want to add my thanks to Ranking Member Green. As 
fellow Texans, you two gentlemen have led this subcommittee so 
admirably. We have gotten so much done, and we are really going 
to miss you.
    With that, Dr. Rucker, I want to elaborate a bit more on 
the use of smartphone-based apps and obviously your desire to 
continue to advance that. Are there any additional regulatory 
changes that would be helpful in further accelerating or 
incentivizing health record applications?
    Dr. Rucker. I think we are in a very good position with the 
Cures Act language on that. I think when the rule comes out, 
and you know, there is obviously public comment and that whole 
annealing process on the rule. I believe we are going to be in 
a very good position to have accomplished that, so I am very 
confident.
    Predicting the future, obviously, you know, hard to 
impossible, but I feel very confident that the language that 
Congress has put in that and that will--implementing will do a 
lot there. I think modern technology is very helpful. Having 
the API stack that the rest of the smartphone economy uses in 
starting to move healthcare into that is going to be very 
powerful, and you know, so that allows healthcare to write off 
the development of all of the rest of the app economy, right.
    Historically, part of the challenge of interoperability is 
we have done it all ourselves with one-off healthcare 
protocols. You know, if you go to any other computer person and 
you show them, those guys are like, what, right? I mean, there 
is just befuddlement. We are trying to move healthcare, you 
know, with the Fast Healthcare Interoperability resources, the 
so-called FHIR, into the modern economy stack. We are mindful 
of the work that is been done, the sharing that is going on. We 
want to, you know, support and acknowledge that, but over time, 
and certainly for the smartphone part of it, we believe that is 
the way to go.
    Mrs. Brooks. So I am hopeful that the new rule that is 
coming out will address maybe barriers to the app development, 
but how about with respect to utilization? How about with 
respect to getting average citizens to begin using it? What 
comments do you have about what we could do to either 
incentivise or to encourage its use?
    Dr. Rucker. To me, the absolute as somebody who has built 
computer software, the only thing that counts is how easy is it 
to use? How many clicks, how much reading, how much thinking do 
you have to do? Ease of use is everything in consumer apps. 
Everything we do in our rulemaking is geared to encouraging 
ease of use.
    Now, as all the other questions have pointed out, you have 
to balance that against security and privacy, so there is an 
inherent tension there, but with what we think is an 
appropriate balance, that is our focus.
    Mrs. Brooks. But these types of apps that are being 
developed and that are in development and with the rulemaking, 
they are approved by your organization, correct?
    Dr. Rucker. No.
    Mrs. Brooks. OK. Should there be some additional approval 
process on the app development necessary to, you know----
    Dr. Rucker. Right. So, these apps are not approved by us or 
by the FDA, you know, in the current go-around. I think we want 
to be very, very careful that we don't have further burden on 
innovation. This is a fast-moving part of the economy. I know 
working with the White House, we are trying to get investment 
in this, highlight the investment opportunities.
    The Office of American Innovation has been heavily involved 
in that outreach, so I think we are trying to encourage people 
to enter the space. I think regulating it, a priority. I don't 
believe is going to be a public--I don't think that is going to 
get a public value because I think it is actually very hard to 
regulate the privacy and security breaches that are coming 
because a lot of that is the law of unintended consequence.
    Mrs. Brooks. I recently saw a study that Johns Hopkins did 
concluding that more than 250,000 people in the U.S. die every 
year due to medical errors, and then also, we obviously know 
about all of these duplicative tests that can often happen. Do 
you believe that that access to mobile health records will 
actually help reduce this number?
    Dr. Rucker. I think it will because I think it allows 
further clarification, I think better APIs. Part--by no means 
the only reason for medical errors, but clearly a part of it is 
just the complexity of what we have out there, any technology 
that makes it simpler.
    Patients are probably the best check on what is going on 
for their care, right? They are presumably the most interested 
in it, so having them be able to say ``No, I am not on that 
med,'' or you know, ``Why did you put this diagnosis down?'' I 
think that transparency is essential.
    I think the Cures Act provides a vast amount of 
transparency to patients in healthcare, so I think that is very 
powerful. The more eyes you have on a problem, I think the 
better it can be.
    Mrs. Brooks. Thank you. I yield back.
    Mr. Burgess. The Chair thanks the gentlelady. The 
gentlelady yields back.
    The Chair recognizes the gentleman from Oklahoma, 5 minutes 
for your questions, please.
    Mr. Mullin. Thank you, Mr. Chairman, and I also want to 
thank my colleague from Texas, Mr. Green.
    Mr. Green. Tough for an Okie to do that.
    Mr. Mullin. It is. It is. But football season is over, and 
we won, so that matters.
    Mr. Green. Somehow I thought that might come up.
    Mr. Mullin. Anyway, Mr. Green and I, we have worked 
together probably more than any other person on the other side 
of the aisle, and he is going to be missed. He is one of the 
rarer ones around here that sees it from a perspective, not 
from a party perspective but from his perspective, so I really 
enjoy working with him.
    Mr. Mullin. You know what, let's talk--we have talked a lot 
about privacy, and I have a bill out right now, H.R. 6082, 
which has to do with redlining part 2, and helps with, in my 
opinion, the provider getting the information they need.
    My colleague from Indiana just brought up that there is 
obviously a need for doctors to get more adequate information 
about the patient. Do you feel right now with 42 CFR, part 2, 
with them being realigned outside of HIPAA, do you think that 
hinders the provider from getting the adequate information on 
the individual?
    Dr. Rucker. Well, as you know, it is very controversial. We 
have had a number of people lobby, you know, come to us on both 
sides of that coin. I am going to defer to my colleagues at 
SAMHSA and the deputy secretary. I know the deputy secretary's 
reading a regulatory sprint for coordinated care, looking 
specifically at those--the issues around 42 CFR, part 2. So I 
am going to--because they are the primary agency, I think we 
are going to defer to them on that.
    Mr. Mullin. Well, I read in your agency's draft clinician 
burden report published last month that the healthcare 
providers struggle to navigate health IT privacy regulation 
governed by 42 CFR, part 2. Is that correct?
    Dr. Rucker. Yes.
    Mr. Mullin. So what exactly do they struggle with, then?
    Dr. Rucker. Well, we have heard as the struggles are around 
knowing--I think one of the big struggles--there are some 
others, but one of the big one is knowing who is actually 
covered, so that the technical language is that providers who 
provide a specialized class of substance abuse treatment are 
covered.
    But if you are part of a larger entity, right, so if you 
are a big, you know, delivery system who is covered, right, is 
that psychiatry, is it just that practice, those boundaries are 
very hard to navigate for folks, you know, that boundary and 
that description generates and so people default to just 
saying, it might all be covered. You know, nobody wants to risk 
it and so----
    Mr. Mullin. So does part 2 strengthen the patient's care or 
worsen it, then?
    Dr. Rucker. I think that, you know, again, I am going to 
defer to SAMHSA. They, I think, will have some data on that. I 
want to be----
    Mr. Mullin. Well, we already know that there has been 
accidental deaths because of part 2 not aligned with HIPAA. We 
are talking about the patient, and we also talked about privacy 
too.
    Dr. Rucker. Yes.
    Mr. Mullin. But through HIPAA, individuals with heart 
disease or HIV, do you think they are adequately covered 
through privacy, through HIPAA?
    Dr. Rucker. I think HIPAA does a great job with privacy.
    Mr. Mullin. So, in your opinion, then, is it right that we 
separate individuals with mental illness or disorders, or abuse 
disorders, separate from anybody else's care?
    Dr. Rucker. Well, I think there is an overall goal to get 
those things integrated, to have, you know, what sort of folks 
call wholistic care, you know. The specifics I am going to 
defer to the, you know, specific agency that handles that, but 
I think there is an overall desire to have integrated care. I 
think that is just good patient care. All of these things blend 
together.
    Mr. Mullin. One last question, then. How difficult is it 
for a provider to access part 2, and what risk comes along with 
that?
    Dr. Rucker. Well, I think the--the difficulty is not in the 
access. It is in--it is--you know, the difficulty is the 
availability.
    Mr. Mullin. Well, they can't just access it. They got to 
get the patient's--they got to get the patient's permissions, 
right?
    Dr. Rucker. Yes. Yes.
    Mr. Mullin. So they had to get HIPAA permission----
    Dr. Rucker. Yes.
    Mr. Mullin. So they have to go one step further, and they 
have to ask for that, right?
    Dr. Rucker. Yes. That is my understanding.
    Mr. Mullin. So if the provider has no reason to ask, 
doesn't that create a problem right there?
    Dr. Rucker. Potentially, it does.
    Mr. Mullin. Now, what if the patient shows up in the 
emergency room is unconscious. How many providers automatically 
access part 2?
    Dr. Rucker. I do not know the answer to that. I can see if 
there is information on that. I do not have information on 
that. As a practical matter in the emergency department, if 
they are unconscious, we try to treat them immediately----
    Mr. Mullin. Well, I know, but----
    Dr. Rucker [continuing]. And part of that will be giving 
the Narcan. Part of that will be an assumption from any patient 
far more--we will assume, in many cases that there is an opioid 
and a standard part of that treatment is to administer Narcan, 
or some, you know, some version of that on the possibility that 
that might be the cause. I mean, we administer things like 
glucose on the thought that maybe the person's hypoglycemic as 
well.
    Mr. Mullin. So do you think it would improve the patient's 
care if we could align part 2 and HIPAA?
    Dr. Rucker. I think alignment there, I think that would be 
helpful.
    Mr. Mullin. Thank you.
    I yield back. Thank you, Mr. Chairman.
    Mr. Burgess. The gentleman yields back. The answer to the 
gentleman's question is yes.
    Mr. Mullin. Both sides of the aisle.
    Mr. Burgess. Chair recognizes the gentleman from Georgia, 
Mr. Carter, for 5 minutes for questioning.
    Mr. Carter. Thank you. And thank you for being here.
    I just want to begin by adding my voice to those who have 
already talked about the proposed rule on information blocking 
and just that, you know, it is obviously very critical, we all 
understand that, but I just wanted to see if you could give me 
an update. I understand it is out of your hands right now and 
it is with OMB, is exactly where they are at with it. Do you 
have any idea when we could look forward to seeing that?
    Dr. Rucker. I wish I could give you specifics. I think they 
are looking at it. I think we would, you know, we would have to 
defer to them to--to things. I believe we are close on that. I 
am not aware of any, you know, insurmountable difficulties or 
challenges. But I think there is a large checks and balances 
process here that, you know, is part of--is part of the way 
things work, our democracy. And I just--as somebody who is in, 
you know, in a staff agency, I just have to be mindful of that, 
you know.
    Believe me, I share your frustration. I share your 
frustration. I wish I could tell you exactly what is in it, 
tell you it was all done, but I,--you know, unfortunately, I 
can't.
    Mr. Carter. Do you have idea what is in it? I mean, have 
you----
    Dr. Rucker. I have read it multiple times. I have a very 
precise idea of what is in it. We have had vast number of 
discussions with Liz Anthony, who heads our rule-making group. 
Intimately familiar with the details. Many of the details are 
quite challenging to put together and, you know, to reflect on 
the complexity of the American healthcare system. So, yes, I am 
very familiar with what is in it.
    Mr. Carter. But I am hoping you are optimistic that it is 
going to help.
    Dr. Rucker. I am extremely optimistic.
    Mr. Carter. OK, good, I am glad to hear that.
    I wanted to ask about health provider documentation and the 
documentation burden. We are all aware of that. In fact, you 
mentioned in your testimony the ability to address clinical 
burden, and how burnout especially, has been impacting 
healthcare professionals. Can you describe some of the efforts 
that have been made to--to relieve some of the administrative 
burden?
    Dr. Rucker. Yes. So in the--in the burden report, that we 
have jointly done with CMS, there are a couple of areas that we 
are working on. We have discussed simplification of 
documentation. So one of the specific things, for example, is, 
you already have a past medical history that hasn't changed, or 
a family medical history that hasn't changed. You do not need 
to re-enter it again, would be a very specific thing.
    If you have, for example, a resident or a medical student 
who spends a lot of energy getting a history, you do not have 
to redocument all of that so that you then have to read it and 
wade through that much more text on it, some very specific 
things.
    We talked about the prior authorization and work on the 
technology that might make that a lot simpler. And the 
promoting interoperability, there is--working with CMS, we have 
simplified a lot of the provisions around that, tried to sync 
up between outpatients and inpatients, so these aren't two 
diametrically opposed things that read differently. If you 
cross the threshold of the hospital door, I mean, quality and 
interoperability shouldn't change because you walked one foot 
into the door--you know, through the door.
    Mr. Carter. What kind of feedback have you gotten? Has it 
been positive?
    Dr. Rucker. I think we have gotten positive feedback on a 
number of things on the documentation as Congressman Bucshon 
mentioned. There were concerns and maybe not a full 
understanding of how complexity would be paid for, right? You 
know, how the sickest patients, how the economics of payment 
for that would work out. There are a number of provisions in 
there on that.
    And I think folks also didn't frankly calculate the amount 
of money spent on billing to, you know, work these codes 
through the process. I mean, the--the health--the overhead 
practices, I think, are spending between 5 and 10 percent, 
maybe more, of their revenue on billing through these complex 
coding systems. Much of that is a dead loss to the economy and 
to the American public.
    Mr. Carter. Absolutely. I am glad you recognize that 
because that is one of the most frequent concerns that is 
voiced to me is just how much--how much it is taking, 
financially, for them to adhere to this. So I am glad to hear 
you say that.
    I am running out of time here, so--but I did want to ask 
you very quickly about the her reporting program. And I know an 
RFI was issued for that and released, but there were budgetary 
concerns. Has that been handled? Are you----
    Dr. Rucker. Well, working within the budget we have, we 
have contracted out with somebody to start the process of 
putting, you know, the, you know, that construct together and 
sorting out what information can be asked to do her reporting, 
you know, with a goal of giving providers more information on 
their electronic health record, potential purchases.
    Mr. Carter. Any other hurdles, any other barriers that you 
have run into in order to implement this?
    Dr. Rucker. I think we are early enough on, that, you know, 
we probably haven't hit the hurdles. The budget is such that we 
will--you know, it is not going to be a comprehensive server, 
the entire United States, just within the constraints of the 
budget. But I am confident we are going to get some valuable 
information that will help folks.
    Mr. Carter. Good. OK. Well, thank you very much.
    And thank you for your indulgence, Mr. Chairman. I yield 
back.
    Mr. Burgess. The Chair thanks the gentleman. The gentleman 
yields back. I will now yield myself the balance of the time 
for questions.
    Just testing you. I will miss you, too.
    Mr. Green. Not as much as they will, though.
    Mr. Burgess. How can I miss you if you won't go away?
    Dr. Rucker, in preparation for that--and I do thank you for 
being here--in preparation for this hearing, we had a long time 
to kind of consider because we have waited for this rule and we 
kind of ran out of years, so we had to get the hearing in ahead 
of the rule.
    But in preparing for this reading in the Annals of Internal 
Medicine from November 12, 2018, an article by Atul Gawande, 
``Why Doctors Hate Their Computers.'' Let me first stress that 
I rarely agree with Dr. Gawande on everything. But he does 
write a paragraph here that I just really thought summed up 
what our hearing is about today.
    He says: Something's gone terribly wrong. Doctors are among 
the most technology-avid people in society. Computerization has 
simplified tasks in many industries. Yet somehow we have 
reached a point where people in the medical profession 
actively, viscerally, volubly, hate their computers, end quote. 
True statement, yes or no?
    Dr. Rucker. Yes.
    Mr. Burgess. Yes, it is. And, you know, we hear that--I 
heard that when I was in Mr. Latta's district, heard it from 
both doctors and people in the hospital, the medical staff 
section, about your office and the Center for Medicare and 
Medicaid Services talks about sharing the goals of reducing 
physician burden. So can you give us an idea how you are 
working with CMS along those lines, to reduce physician burden?
    Dr. Rucker. Yes. I mean, I think the root of that problem--
and I agree with what was in that article--is that these EMRs 
have really, first and foremost, grown up as billing systems, 
right? There has been no automation.
    Mr. Burgess. Bingo.
    Dr. Rucker. Right.
    Mr. Burgess. What he called the tyranny of the ancillaries.
    Dr. Rucker. Yes. So I mean, it is striking to me as 
somebody who went into this field. I start--the computer 
science degree coming straight out of residency. I wanted to 
automate stuff so I didn't have to do scut, which is that, you 
know, slang word for nonvalue add work that seems to be the 
bane of residency training. That was my goal.
    I mean, I worked in an era when the entire hospital's 
microbiology results were randomly reported out 
nonalphabetized. You had to read through every single culture 
result in the entire hospital to find out if your patient had a 
urine culture done. So that was the world.
    As we have discussed, what we are doing with CMS is trying 
to be systematic about addressing these things. And so you have 
seen a couple things. I mean, one I want to highlight is the--
the meaningful use program, I think, trying to be a steward of 
the 30--$35 billion, you know, wanted to have a lot of controls 
on, is this a full and complete electronic health record. I 
think we have done that. And now we are really focusing not on 
that, but on just sort of the interfaces and the burden. I 
think there is still work to be done in documentation. Some of 
that is related to fee for service. Some of that, in alternate 
payment mechanisms, would go away.
    I think there is a lot of work to be done in prior 
authorization, that--so I think there are a number of areas.
    Mr. Burgess. May I ask you a question about that? You did 
bring up prior authorization and one of the banes of my 
existence when I practiced was dialing 1-800-California to get 
permission to do something that I knew was clinically 
indicated. So it seems like that should just follow then from 
the data in the electronic record. So if--if an asthma drug is 
indicated, or a surgical procedure, or an imaging procedure, it 
should just follow then from the data that is already there, 
correct?
    Dr. Rucker. Yes. The hope is that these APIs will, in fact, 
be efficient enough in exposing that information, that these 
transactions can be greatly simplified, the delivery of the 
information can be bigged bidirectional so that that whole loop 
of being on the phone is minimized or goes away, and that may 
even be a paradigm----
    Mr. Burgess. I prefer it goes away. And only then 
interacting with the doctor if there is some question as to 
whether the documentation is complete enough or fulfills all of 
the requirements.
    Dr. Rucker. Yes.
    Mr. Burgess. That seems like that would be a laudable goal.
    I have got other questions, and like others I will submit 
them for the record. I do appreciate your time. I understand we 
do have a hard stop. So I will yield back the balance of my 
time.
    And seeing no others Members wishing to ask questions, I do 
want to thank Dr. Rucker for making time to be here today. 
Again it has been a long time coming. We have wanted you here 
on several occasions, but we got you now.
    So I would like to submit documents from the following for 
the record: College of Healthcare Information Management 
Executives and the American Society for Clinical Oncology.
    [The information appears at the conclusion of the hearing.]
    Mr. Burgess. Pursuant to committee rules, I remind Members 
they have 10 business days to submit additional questions for 
the record, and I ask the witness to submit his response within 
10 days of receipt of the questions.
    And then I will just add my voice to the others on the 
committee, it has been a privilege working with you, Mr. Green.
    Mr. Green. Most of the time.
    Mr. Burgess. Most of the time. We actually have done some 
very good work these past 2 years, and it has been a very 
active session of Congress on the Health Subcommittee. I am not 
going anywhere, so no one will have to miss me, but we will 
miss you and wish you success in your future endeavors.
    With that, Dr. Rucker, again, thank you, and the 
subcommittee is adjourned.
    [Whereupon, at 11:59 a.m., the subcommittee was adjourned.]
    [Material submitted for inclusion in the record follows:]

                 Prepared statement of Hon. Greg Walden

    With this hearing, this subcommittee will cap off a 
complete review of the major provisions contained within the 
bipartisan 21st Century Cures Act of 2016. So far, we have 
heard from the National Institutes of Health, the Food and Drug 
Administration, and the Substance Abuse and Mental Health 
Services Administration. Today, we will hear from the Office of 
the National Coordinator for Health Information Technology.
    In so many parts of our lives technology has allowed us to 
move data seamlessly and better connect to ease burdens. 
However, with the transition in the health sector to electronic 
medical records we have not seen the same results. We hear of 
limitations in technology functionality, provider burden in 
documentation, a lack of a robust market to tackle add on 
technologies, and the lack of the ability to easily share 
information.
    The fundamental value proposition of Electronic Health 
Record systems is the continuity of evidence-based care, 
however, patient health data continue to be fragmented and 
difficult to access for healthcare providers and patients 
themselves.
    The functionality of EHR systems lags behind the 
technological capabilities presently available, and until we 
close that gap I do not see how we can truly recognize the 
potential of clinical registries, payment reform, or health 
information exchanges.
    For these reasons, the 21st Century Cures legislation 
realized that bedside coordinated care is going to matter the 
most in delivering new technologies and therapies to patients. 
Today, we will get an update on the law's implementation.
    I know ONC has been able to implement some parts of the 
law, such as the new Interoperability Committee and the recent 
draft report on physician burden.
    However, some of the pillars of the law remain 
unimplemented because the needed regulations have not been 
released. While this update is important despite the lack of 
regulations, I sincerely hope to see tangible progress soon 
because every day we wait is another day patients and providers 
are not able to benefit from some of the most important 
provisions of the law.
    It is my hope that Dr. Rucker you can walk the committee 
through what you believe the 21st Century Cures 
Interoperability title can accomplish and how we can unleash 
the technology revolution that we have enjoyed in so many other 
sectors of our economy into the healthcare space. There is so 
much innovation waiting to be unleashed and so many ideas that 
will lower costs and increase quality. We just need to knock 
down the artificial walls that stubbornly prevent us from 
seeing the return on innovation that I think we all know awaits 
us.
    I look forward to your testimony.

             Prepared statement of Hon. Frank Pallone, Jr.

    Good morning, I want to thank Dr. Rucker for joining us 
today to discuss the Office of the National Coordinator's 
(ONCs) progress in implementing the 21st Century Cures Act.
    Since the passage of the HITECH Act of 2009, we've seen an 
impressive increase in the adoption of electronic health 
records (EHRs). Today about 96 percent of hospitals and three 
quarters of office-based physicians use health information 
technology (HIT) that has been certified by ONC. That 
represents about a ninefold increase in hospitals with basic 
EHR technology since 2008, prior to the HITECH Act.
    While this is impressive progress, there are still some 
hospitals and physician offices, particularly small or rural 
providers, who are still operating with volumes of paper files 
and outdated fax machines. This is simply unacceptable with all 
of the technology available today, and we must continue to find 
ways to incentivize and help these providers to adopt EHRs.
    While we've made significant progress in upgrading the way 
patient data is managed, more work is needed in order to make 
EHRs more useful and accessible to patients and providers. 
Interoperability, or the ability to securely exchange 
electronic health information, remains a challenge today, but 
the Cures Act has helped put us on the path toward addressing 
it.
    I'm pleased to see that ONC has made substantial progress 
in implementing Cures Act provisions by releasing a draft 
Trusted Exchange Framework and Common Agreement (TEFCA) and 
partnering with the Office for Civil Rights to create new 
resources to help people better understand their right to 
access their health records. Clear rules of the road for 
exchange and informed consumers are necessary for ensuring 
secure and appropriate transfers of patient data.
    I'm also encouraged to hear that ONC plans to release an 
updated draft of TEFCA for public comment. Given the progress 
the private sector has made in this area, it's important that 
we glean any lessons that they learned from their efforts. We 
should ensure that ONC's work compliments those efforts as much 
as possible.
    The Cures Act also provided the Office of the Inspector 
General (OIG) with the tools necessary to investigate and 
penalize those who are information blocking. However, before 
the OIG can begin their work ONC must first identify cases that 
do not constitute information blocking. I had hoped that a 
proposed rule on information blocking and certification 
requirements would have been released by now. However, I'm 
encouraged by ONC's statements that the rule is in the final 
stages of development. I look forward to the release of this 
important proposed rule.
    Finally, I want to take a moment to thank my friend and 
colleague Congressman Gene Green for his many years of service 
on the Energy and Commerce Committee and particularly for his 
leadership of the Health Subcommittee these past 4 years. 
During his tenure as ranking member, Congressman Green has 
helped lead this committee to major legislative achievements 
like the Cures Act and has been a tireless advocate for the 
Affordable Care Act. Gene is a thoughtful legislator and a good 
friend. He always sought consensus, often found it, and never 
stopped trying no matter how hard it could be. I'm incredibly 
thankful for his leadership, and he will be dearly missed on 
the committee next year. I wish him nothing but the best as he 
retires from the House and this committee.

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 


                                 [all]