HHS's Efforts to Promote Health Information Technology and Legal 
Barriers to Its Adoption (13-AUG-04, GAO-04-991R).		 
                                                                 
Studies published by the Institute of Medicine and others have	 
indicated that fragmented, disorganized, and inaccessible	 
clinical information adversely affects the quality of health care
and compromises patient safety. Health information technology	 
(IT)--technology used to collect, store, retrieve, and transfer  
clinical, administrative, and financial health information	 
electronically--is seen as a promising solution to this problem. 
Technologies such as electronic health records (EHR) and bar	 
coding of certain human drug and biological product labels h ave 
been shown to save money and reduce medical errors. However, only
a small number of U.S. health care providers have fully adopted  
health IT. Significant financial, technical, cultural, and legal 
barriers to the adoption of health IT exist. The Department of	 
Health and Human Services (HHS), as a regulator, purchaser,	 
health care provider, and sponsor of research, education, and	 
training, has been working to promote the use of IT in public and
private health care settings. There is no comprehensive catalogue
of HHS' health IT efforts, however, and little is known about the
nature and extent of the legal barriers and HHS's efforts to	 
address them. The Chairman, Senate Committee on Health, 	 
Education, Labor, and Pensions, asked us to review HHS' 	 
activities to promote health IT. We examined the following	 
questions: (1) What are the major HHS initiatives for promoting  
the adoption of health IT by public and private health care	 
providers? (2) What are the legal barriers to the adoption of	 
health IT by health care providers, and what is HHS doing to	 
surmount them?							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-04-991R					        
    ACCNO:   A11732						        
  TITLE:     HHS's Efforts to Promote Health Information Technology   
and Legal Barriers to Its Adoption				 
     DATE:   08/13/2004 
  SUBJECT:   Electronic data interchange			 
	     Federal law					 
	     Fraud						 
	     Health care planning				 
	     Health care services				 
	     Health research programs				 
	     Health resources utilization			 
	     Information technology				 
	     Medical information systems			 
	     Medical records					 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-04-991R

United States Government Accountability Office Washington, DC 20548

August 13, 2004

The Honorable Judd Gregg
Chairman
Committee on Health, Education, Labor, and Pensions
United States Senate

Subject: HHS's Efforts to Promote Health Information Technology and Legal
Barriers to Its Adoption

Dear Mr. Chairman:

Studies published by the Institute of Medicine and others have indicated
that fragmented, disorganized, and inaccessible clinical information
adversely affects the quality of health care and compromises patient
safety.1 Health information technology (IT)-technology used to collect,
store, retrieve, and transfer clinical, administrative, and financial
health information electronically-is seen as a promising solution to this
problem. Technologies such as electronic health records (EHR)2 and bar
coding of certain human drug and biological product labels have been shown
to save money and reduce medical errors. However, only a small number of
U.S. health care providers have fully adopted health IT. Significant
financial, technical, cultural, and legal barriers to the adoption of
health IT exist. These include a lack of access to capital, a lack of data
standards, and resistance from health care providers.

The Department of Health and Human Services (HHS), as a regulator,
purchaser, health care provider, and sponsor of research, education, and
training, has been working to promote the use of IT in public and private
health care settings.3 There is no comprehensive catalogue of HHS's health
IT efforts, however, and little is known about the nature and extent of
the legal barriers and HHS's efforts to address them.

1See, for example, Institute of Medicine. Crossing the Quality Chasm: A
New Health System for the 21st Century: (Washington, D.C.: National
Academy Press, 2001).

2An EHR generally includes a longitudinal collection of electronic health
information about the health of an individual or the care provided;
immediate electronic access to patient- and population-level information
by authorized users; decision support to enhance the quality, safety, and
efficiency of patient care; and support of efficient processes for health
care delivery.

3Outside of HHS, the Department of Veterans Affairs (VA) and the
Department of Defense (DOD) are considered by experts to be leaders in the
use of health IT, particularly in the adoption of EHR systems for their
constituents.

            GAO-04-991R HHS's Health Information Technology Efforts

You asked us to review HHS's activities to promote health IT. We examined
the following questions: (1) What are the major HHS initiatives for
promoting the adoption of health IT by public and private health care
providers? (2) What are the legal barriers to the adoption of health IT by
health care providers, and what is HHS doing to surmount them? Enclosure I
contains the briefing on the results of our study that we discussed with
your staff on July 13, 2004.

To describe HHS's health IT initiatives, we asked HHS to identify its
major activities in this area, reviewed agency documents, interviewed
relevant HHS officials, and incorporated information from our earlier work
on health IT. We primarily focused on health IT used in clinical health
care delivery (e.g., EHR) and did not examine disease surveillance systems
and telemedicine. Some HHS IT initiatives we describe have recently been
implemented or are still in the planning stages, and so results to date
are limited. In addition, the status of the initiatives is subject to
change pending completion of an organizational review by the newly
established HHS Office of the National Coordinator for Health Information
Technology (ONCHIT). To identify legal barriers, we reviewed the
literature and interviewed HHS and other federal officials, health care
providers, health care attorneys, and other health IT experts. We did not
address barriers that may be associated with privacy and security issues.
We performed our work from May 2004 through August 2004 in accordance with
generally accepted government auditing standards.

Summary

HHS reported that it has 19 major health IT initiatives that cover a broad
range of activities and participants. In fiscal year 2004, HHS provided
about $228 million for these initiatives. Some of them-the Council on the
Application of Health Information Technology (CAHIT), the National Health
Information Infrastructure (NHII), the Consolidated Health Informatics
(CHI) Initiative, and the Federal Health Architecture (FHA)-are designed
to provide overall leadership and coordination for health IT across HHS,
other federal agencies, and other public- and private-sector
organizations. The majority of initiatives and most of the funding,
however, are for health IT programmatic activities and grant programs
administered by HHS operating divisions such as the Agency for Healthcare
Research and Quality (AHRQ) and the Centers for Medicare and Medicaid
Services (CMS). These initiatives range from support for the development
of standard clinical terminologies to funding of demonstrations of health
information systems. On July 21, 2004, the National Health Information
Technology Coordinator delivered a framework for strategic action to the
Secretary of HHS for promoting the adoption of health IT.

Various laws present barriers to adoption of health IT, and at the time of
our review HHS's efforts to address these barriers had been limited in
scope. Experts we interviewed indicated that beyond legal issues related
to the privacy and security of health information, there are various
laws-some specifically health-related and some not-that present barriers
to the adoption of health IT. These laws involve fraud and abuse,
antitrust, federal income tax, intellectual property, malpractice, and
state licensing. In the area of fraud and abuse, for example, both the
Physician Self-Referral (Stark) Law and the Anti-kickback Law present
barriers by impeding the

           2 GAO-04-991R HHS's Health Information Technology Efforts

establishment of arrangements between providers-such as the provision of
IT resources-that would otherwise promote the adoption of health IT.
Because the laws frequently do not address health IT arrangements
directly, health care providers are uncertain about what would constitute
violations of the laws or create a risk of litigation. To the extent there
are uncertainties and ambiguity in predicting legal consequences, health
care providers are reluctant to take action and make significant
investments in health IT. HHS has attempted to address some of the legal
barriers posed by the fraud and abuse laws, but experts told us these
efforts have not been sufficient to overcome the reluctance of the
providers. Further, little attempt has been made by other federal agencies
to address other laws that may present barriers.

Agency Comments

HHS reviewed a draft of this report and provided comments. HHS asked us to
highlight other actions it has taken to advance health IT in areas such as
privacy and security standards, disease surveillance systems, and
telemedicine. However, as we noted in the report, our work was focused on
health IT used in clinical health care delivery (EHR, for example) and not
on other health IT issues. HHS emphasized that the federal anti-kickback
and self-referral statutes provide important protections against fraud and
abuse, and that exceptions or safe harbors from these statutes must be
carefully crafted to exclude abusive arrangements. We recognize the
significant role these laws play in deterring fraud and abuse, but the
experts we consulted consistently told us that these laws present barriers
to the adoption of health IT. In particular, we found that there was
uncertainty about what would constitute a violation of the law and this
uncertainty itself created a barrier for promoting beneficial health IT
arrangements. HHS's written comments and our more detailed responses to
them are in enclosure II. HHS also provided technical comments, which we
incorporated as appropriate.

We are sending copies of this report to the Secretary of Health and Human
Services
and other interested officials. We will also provide copies to others on
request. In
addition, the report will be available at no charge on the GAO Web site at
http://www.gao.gov. If you or your staff have any questions or need
additional
information, please contact me at (202) 512-7119. Another contact and key
contributors are listed in enclosure III.

Sincerely yours,

Janet Heinrich
Director, Health Care-Public Health Issues

Enclosures - 3

           3 GAO-04-991R HHS's Health Information Technology Efforts

[IMG]

                           Enclosure II Enclosure II

         Comments from the U.S. Department of Health and Human Services

           56 GAO-04-991R HHS's Health Information Technology Efforts

                           Enclosure II Enclosure II

           57 GAO-04-991R HHS's Health Information Technology Efforts

                           Enclosure II Enclosure II

           58 GAO-04-991R HHS's Health Information Technology Efforts

                           Enclosure II Enclosure II

           59 GAO-04-991R HHS's Health Information Technology Efforts

                           Enclosure II Enclosure II

GAO's Responses to HHS's Comments

HHS provided 11 specific comments about various issues in the draft
report, and our response to these comments is as follows:

Background and Scope of Work

HHS commented that our briefing slides had a narrow focus and did not
acknowledge other actions it has taken in areas such as interoperability,
privacy and security standards for health information, and
telehealth/telemedicine (comments 1, 2, and 11). We were specifically
asked by our requestor to focus our work on health IT used in clinical
health care delivery (e.g., EHR) and not on other health IT issues. In
addition, we were asked to look at specific legal barriers to the adoption
of health IT that did not include privacy and security concerns. HHS also
said that besides the self-referral and anti-kickback laws, there are
other barriers to the adoption of health IT, including cost and physician
resistance (comment 7). We described those barriers on page 12. HHS
provided additional information about the role of the National Committee
on Vital and Health Statistics as specified in the Medicare Prescription
Drug, Improvement, and Modernization Act of 2003 (comment 10). We added
this information to the background section of our briefing slides.

Legal Barriers

HHS stated that we failed to address the risk of fraud and abuse when
hospitals or other entities give valuable items or services to potential
referral sources (comment 3). We recognize the role the federal fraud and
abuse laws play in deterring such health care violations but experts
consistently told us that these laws present a barrier to the adoption of
health IT. We revised our report in response to HHS's comment that is
difficult to craft appropriate safe harbors that would prevent fraud and
abuse.

HHS disagreed that fraud and abuse and other relevant laws are unclear and
that health care providers are uncertain about what may constitute
violations of those laws or create risks of litigation (comment 4).
However, health care providers, attorneys, and other experts consistently
told us that they were uncertain about the application of the laws to
health care IT and what may constitute statutory violations or create
risks of litigation. This uncertainty constitutes a barrier for promoting
beneficial health IT arrangements.

HHS disagreed with our conclusion that an Office of Inspector General
advisory opinion is of limited practical value and suggested alternative
wording (comment 5). We revised the wording as suggested. In its technical
comments, HHS also noted that the Secretary can issue an advisory opinion
on whether a health IT arrangement would violate the self-referral law,
and we added this information to our report. We also revised our report to
reflect that CMS has accepted public comment on the March 26, 2004 interim
rule and is currently engaged in rulemaking with respect to the definition
of "community-wide" (comment 6).

           60 GAO-04-991R HHS's Health Information Technology Efforts

                           Enclosure II Enclosure II

HHS said that there is not unanimous agreement that hospitals should pay
for health IT used by physicians who are not employed by hospitals and who
will use the IT resources in their office practices (comment 8). We did
not suggest that hospitals should pay for health IT for physicians.
Experts told us that if hospitals want to develop such arrangements, the
fraud and abuse laws may be barriers.

Finally, HHS clarified that HHS has no legal jurisdiction over antitrust,
tax, intellectual property, malpractice liability and state licensing laws
and therefore cannot address these barriers (comment 9). We revised our
report to make this distinction clear.

           61 GAO-04-991R HHS's Health Information Technology Efforts

                          Enclosure III Enclosure III

                     GAO Contact and Staff Acknowledgments

GAO Contact

Martin T. Gahart, (202) 512-3596

Acknowledgments

In addition to the person named above, Gigi Barsoum, Anne Dievler, M. Saad
Khan, Roseanne Price, M. Yvonne Sanchez, and Craig Winslow made key
contributions to this report.

(290385)

           62 GAO-04-991R HHS's Health Information Technology Efforts

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission	The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost

is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to

www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: 	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

                           To Report Fraud, Contact:
        Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470

Congressional 	Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125

Relations Washington, D.C. 20548

Public Affairs Jeff Nelligan, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
*** End of document. ***