Year 2000 Computing Challenge: Compliance Status Information on
Biomedical Equipment (Testimony, 10/21/1999, GAO/T-AIMD-00-26).

Pursuant to a congressional request, GAO discussed the year 2000 status
of biomedical equipment, focusing on: (1) the status of the Food and
Drug Administration's (FDA) Federal Year 2000 Biomedical Equipment
Clearinghouse; (2) compliance status information on manufacturers' web
sites referred to in FDA's clearinghouse; (3) FDA's efforts to review
the year 2000 activities of manufacturers of computer-controlled,
potentially high-risk devices; (4) information on the compliance status
of health care providers' biomedical equipment; and (5) information on
compliance testing of equipment.

GAO noted that: (1) compliance status information on biomedical
equipment can be found in FDA's clearinghouse or on manufacturers' web
sites; (2) the quality of the compliance information on the web sites,
however, varies significantly, ranging from general assurances of
compliance to detailed information on specific product make and model;
(3) given the criticality of having medical devices function as intended
on and after January 1, it is important that FDA encourage manufacturers
to provide detailed information on the product make and model,
compliance status, and availability of solutions for noncompliant
equipment; (4) to its credit, FDA has assessed the year 2000 compliance
activities of 80 potentially high-risk devices manufacturing sites; (5)
although most appeared to have been assessed as having low degrees of
concern, one site had a concern in two areas assessed at high; (6) FDA
is reviewing this site to make sure that there are no unresolved issues
affecting patient safety; (7) because a significant number of health
care providers are not responding to year 2000 surveys sent by federal
agencies and professional associations, the public lacks information on
the readiness of providers; (8) such information would help alleviate
public concerns about the year 2000 readiness of health care providers
and the biomedical equipment they use in patient care; and (9) although
there are varying views on whether end users should test their
biomedical equipment for year 2000 compliance, the overriding criterion
should be ensuring patient health and safety.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-00-26
     TITLE:  Year 2000 Computing Challenge: Compliance Status
	     Information on Biomedical Equipment
      DATE:  10/21/1999
   SUBJECT:  Clearinghouses (information)
	     Computer software verification and validation
	     Y2K
	     Medical information systems
	     Embedded computer systems
	     Medical equipment
	     Product safety
	     Strategic information systems planning
	     Systems conversions
	     Health care services
IDENTIFIER:  FDA/VHA Federal Year 2000 Biomedical Clearinghouse
	     Y2K

******************************************************************
** This file contains an ASCII representation of the text of a  **

** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************

Before the Subcommittee on Oversight and Investigations and the
Subcommittee on Health and Environment, Committee on Commerce, House of
Representatives

For Release on Delivery
Expected at
10 a.m.
Thursday,
October 21, 1999

Year 2000 computing challenge

Compliance Status Information on Biomedical Equipment

Statement of Joel C. Willemssen
Director, Civil Agencies Information Systems
Accounting and Information Management Division
*****************

*****************

GAO/T-AIMD-00-26

Messrs. Chairmen and Members of the Subcommittees:

Thank you for inviting us to participate in today's hearing on the Year
2000 (Y2K) compliance status of biomedical equipment./Footnote1/ The
question of whether medical devices, such as magnetic resonance imaging
(MRI) systems, x-ray machines, pacemakers, and cardiac monitoring
equipment, can be counted on to work reliably on and after January 1,
2000, continues to be one of critical importance to our nation's health
care. To the extent that biomedical equipment uses computer chips, it is
vulnerable to the Y2K problem./Footnote2/ In the medical arena, such
vulnerability carries with it possible safety risks.

Responsibility for oversight and regulation of medical devices, including
the impact of the Y2K problem, lies with the Food and Drug Administration
(FDA)--an agency within the Department of Health and Human Services (HHS).
Since the fall of 1998, FDA has been providing information collected from
medical device and scientific and research instrument manufacturers
through its Federal Y2K Biomedical Equipment Clearinghouse./Footnote3/ 

My testimony today will discuss (1) the status of FDA's Federal Y2K
Biomedical Equipment Clearinghouse, (2) compliance status information on
manufacturers' web sites referred to in FDA's clearinghouse, (3) FDA's
efforts to review the Y2K activities of manufacturers of 
computer-controlled, potentially high-risk devices, (4) information on the
compliance status of health care providers' biomedical equipment, and 
(5) information on compliance testing of equipment.

Background

Biomedical equipment is indispensable; it plays a central role in
virtually all health care. It is defined as any tool that can record,
process, analyze, display, and/or transmit medical data--some of which may
include medical devices, such as pacemakers, that are implanted in
patients--and laboratory research instruments, such as gas
chromatographs/Footnote4/ and microscopes. Such equipment may use a
computer for calibration or for day-to-day operation. If any type of date
or time calculation is performed, susceptibility to a Y2K problem exists,
whether the computer is a personal computer that connects to the equipment
remotely, or a microprocessor chip embedded within the equipment itself.
This could range from the more benign--such as incorrect formatting of a
printout or incorrect display of the date--to the most serious--incorrect
operation of equipment with the potential to decrease patient safety. The
degree of risk depends on the role of the equipment in the patient's care.

As part of its oversight and regulatory responsibility for domestic and
imported medical devices, FDA has been collecting Y2K compliance status
information on these devices, as well as on some scientific and research
instruments. Its goal has been to provide a comprehensive, centralized
source of compliance information on biomedical equipment used in the
United States, and make this information publicly available through an
Internet World Wide Web site. In addition, the Veterans Health
Administration (VHA)--a key federal health care provider/Footnote5/--took
a leadership role in determining the Y2K compliance status of biomedical
equipment. Specifically, it obtained information from manufacturers on the
compliance status of biomedical equipment in its inventory, and shared
this information with FDA.

FDA has also acted to identify products within the array of medical
devices used in health care for which Y2K problems could pose a risk to
patient health and safety. It identified 90 types of products that it
refers to as computer-controlled, potentially high-risk devices
(PHRD)./Footnote6/ These medical devices are characterized by their
potential for immediate and serious adverse health consequences for a
patient if they fail to function as designed or expected, including a
failure to initiate or continue operation. These devices are

o used in the direct treatment or therapy of a patient, the failure of
  which could result in patient injury or failure of an intended treatment;

o used in the monitoring of vital patient parameters, information that is
  needed immediately for effective treatment; or

o necessary to support or sustain life during treatment or patient care.

PHRD products identified by FDA include breathing frequency monitors,
electroanesthesia apparatus, hemodialysis systems and accessories, and
fetal ultrasonic monitors and accessories./Footnote7/ Also included on the
list of PHRD products is equipment used to collect human blood and
manufacture blood products./Footnote8/

Biomedical Equipment Status Information Available Through FDA Clearinghouse 

HHS, on FDA's behalf, initiated action to collect biomedical equipment
information in January 1998 by issuing a letter to domestic and foreign
manufacturers requesting information on the Y2K compliance of their
product lines. All information received from these manufacturers was then
to be made available to the public through an FDA web site. 

As we reported in September 1998, FDA's database did not include product
compliance information from many manufacturers who had already provided
such information to VHA;/Footnote9/ further, VHA was not making this
information available to the public. We therefore recommended that HHS and
VHA jointly develop a single data clearinghouse containing information on
the Y2K compliance status of biomedical equipment, and make this
information publicly available./Footnote10/ In response to our
recommendation, FDA--in conjunction with VHA-- established the Federal Y2K
Biomedical Equipment Clearinghouse.

VHA, the Department of Defense, and the Health Industry Manufacturers
Association all assisted FDA in obtaining compliance status information
from manufacturers. According to FDA, 4,288 biomedical equipment
manufacturers had submitted data to the clearinghouse as of October 4, 1999.

Based on the data submitted, FDA places a manufacturer into one of four
categories.

o Products that do not employ a date--manufacturer reported status as
  "All Products Do Not Use a Date."

o Products that are all compliant--manufacturer reported all products
  "Y2K compliant."

o Products with date-related problems--manufacturer reported status as
  "Products With Date-Related Problem." 

o Product status on manufacturer's web page--manufacturer reported status
  to be "Product Status Specified on a (Web) Page."

As shown in figure 1, as of October 4, 1999, 61 percent of the
manufacturers reported having products that do not employ a date, while 8
percent 
(342 manufacturers) reported having date-related problems such as
incorrect display of date/time. According to FDA, the 342 manufacturers
reported 1,035 specific products with date-related problems. Compliance
data for 429 manufacturers were reported on their web sites and linked
through the FDA clearinghouse.

Figure****Helvetica:x11****1:    Biomedical Equipment Compliance-Status
                                 Information Reported to FDA by
                                 Manufacturers as of October 4, 1999

*****************

*****************

Note: Total number of manufacturers = 4,288.

Source: FDA.

This total (4,288) excludes 132 manufacturers who, according to FDA, had
not responded to the agency's request for product compliance information
as of October 4, 1999. According to a top official in FDA's Center for
Devices and Radiological Health, most of these manufacturers have gone out
of business, do not make computerized products, or just cannot be located.
This official added that FDA nevertheless continues to follow up with
these manufacturers through letters and telephone contact. The
clearinghouse lists the names of these manufacturers who have not
responded to FDA's requests for product compliance information. 

Our September 1998 report also noted that information on the FDA web site
was not detailed enough to be useful./Footnote11/ Specifically, the list
of compliant equipment contained no information on equipment make or
model. We therefore recommended that VA and HHS include in the
clearinghouse information on the compliance status of all biomedical
equipment by make and model. FDA agreed, subsequently requesting this
information from manufacturers; users can now find specific information on
the make and model of compliant medical devices on-line. 

Quality of Compliance Information on Manufacturers' Web Sites Varies
Significantly

As an alternative to obtaining biomedical equipment product compliance
information from manufacturers and posting it to the Federal Y2K
Biomedical Equipment Clearinghouse, FDA accepts equipment manufacturers'
references to their own web sites for compliance information. The
clearinghouse provides users with a direct link to these web sites. As of
October 1, 429 manufacturers had chosen this option, linking their web
sites through the clearinghouse. 

While FDA is aware of the number of products and their reported compliance
status for those manufacturers providing this information to the
clearinghouse, in testimony before these Subcommittees this past May,
officials stated that they did not know the total number of biomedical
equipment products reported by manufacturers on their web sites, or how
many of them were noncompliant. We subsequently reviewed information
available through these web sites and reported in June that the quality of
information available through them varied significantly./Footnote12/
Specifically, while most sites contained compliance information on at
least one product, some contained insufficient information or did not
clearly distinguish biomedical equipment from nonbiomedical products. 

Because of the Subcommittees' interest in the compliance information on
the manufacturers' web sites, we reviewed this information to identify the
total number of biomedical equipment products reported, and categorized 

their compliance status./Footnote13/ We also reviewed these sites to
assess the clarity and completeness of the information reported.

As of October 1, 1999, FDA's clearinghouse listed 429 manufacturers
referring users to their web sites. Of this total, 

o 354 manufacturers reported compliance status information for at least
  32,598 individual biomedical equipment products;/Footnote14/

o 71 manufacturers' web sites either contained insufficient information
  on the number of products and their compliance status, or did not
  clearly distinguish biomedical equipment from nonbiomedical products; 

o 3 web sites were those of vendors or distributors, not manufacturers; and

o 1 manufacturer's web-site link in FDA's clearinghouse did not
  work./Footnote15/ 

Because of the limitations cited above for many of the manufacturers' web
sites, our ability to determine the total number of biomedical equipment
products reported and their compliance status was impaired. Accordingly,
the actual number of products reported by these manufacturers could be
higher than the 32,598 that we counted.

As shown in figure 2, of the 32,598 products that we were able to identify
on manufacturers' web sites, about 54 percent reportedly do not employ a
date, about 29 percent of the products are considered compliant, and about
12 percent are reportedly noncompliant. The compliance status of the
remaining 5 percent of products was unknown, for reasons such as the
manufacturer's ongoing assessment of the product.

Figure****Helvetica:x11****2:    Biomedical Equipment Compliance-Status
                                 Information Reported on Manufacturers'
                                 Web Sites as of October 1, 1999

*****************

*****************

Note: Total number of products = 32,598.

Source: GAO analysis of manufacturers' web sites.

The 4,053 noncompliant products that we identified were from the web sites
of 214 manufacturers. This number of noncompliant products is about four
times the number reported directly by FDA in its clearinghouse (1,035).
Examples of these noncompliant products included a bedside monitor, film
digitizer, ultrasound systems, radiology information systems, and
laboratory information systems. Included among noncompliant PHRDs were
ventricular assist devices and hemodialysis equipment./Footnote16/ 

In addition to supplying information on noncompliant products, most of the
manufacturers with noncompliant products also provided solutions for
correcting the problem. At least one solution to correcting a problem was
offered by 190 of the 214 manufacturers we identified with noncompliant
products. The solutions generally involved upgrades to hardware or
software, manual action (such as turning the equipment on and off on
January 1, 2000), or workarounds./Footnote17/ We also noted that for these 
190 manufacturers, at least 29 offered Y2K solutions to all their products
at no charge, 9 offered no-charge solutions for more that 50 percent of
their product line, 13 offered no-charge solutions to less than 50 percent
of their product line, and 12 offered no solutions free of charge. For the
remaining 127 of the 190 manufacturers, we were unable to determine if Y2K
solutions were available to users free of charge.

Our review disclosed that the quality of the information on manufacturers'
web sites continued to vary significantly. It ranged from general
assurances of compliance to detailed information on specific product make
and model. For example: 

o A manufacturer reported that its products had no Y2K issues, but it did
  not identify the products.

o A manufacturer reported that it was still assessing its products, and
  did not provide any detailed information on its web site.

o A manufacturer did not list theY2K readiness of products but did report
  that the only Y2K problem it was having was with the software it used
  to run its business.

o A manufacturer listed about 65,000 products, but did not sort them by
  type so that the biomedical products could be easily identified. 

o A manufacturer reported that for its 282 products, 79 were compliant, 
  50 were noncompliant, the status of 43 was currently unknown, and 
  110 were not affected by the Y2K problem. It also provided solutions
  for its reported noncompliant products. 

o A manufacturer reported compliance information for 97 products, by make
  and model. Of these, 72 were compliant, 17 were noncompliant, 
  1 product was currently under assessment, and Y2K did not apply to 
  7 products. It also provided solutions for various noncompliant
  products, including information on the availability of solutions and
  whether to replace the noncompliant product.

Because both the quality of and access to compliance information are
critical to biomedical equipment users, any problems with information on
manufacturers' web sites could have a direct bearing on the ability of
health care providers to identify and correct any noncompliant equipment
in their inventories. Accordingly, we believe that FDA should request that
manufacturers that are providing information through their web sites
clearly identify product make and model, compliance status, and
availability of solutions for noncompliant equipment.

FDA Is Now Reviewing Manufacturers' Y2K Activities 

While compliance information is available through FDA's Federal Y2K
Biomedical Equipment Clearinghouse, we have raised concerns in the past
year about the lack of independent verification and validation of
biomedical equipment that manufacturers have certified as compliant. In
addition to making sure that manufacturers provide detailed information on
their products, we believe that it is essential that FDA provide some
level of confidence that critical care and life support medical devices
will work as intended.

In response to our previously reported concerns, FDA is now reviewing a
sample of biomedical equipment manufacturers' Y2K activities, such as risk
management, test planning and procedures, and implementation and
contingency planning. In September 1998, we first reported that FDA did
not require manufacturers to submit test results certifying product
compliance./Footnote18/ Rather, we noted, FDA relies on the manufacturer
to validate, test, and certify that it has adequately addressed any Y2K
problem. As a result, we stated that FDA lacked assurance that biomedical
equipment manufacturers had adequately addressed the Y2K problem for
noncompliant equipment. 

Accordingly, we recommended that HHS take prudent steps to review
manufacturers' compliance test results for critical care/life support
biomedical equipment, especially equipment once determined to be
noncompliant but now deemed compliant, and that for which concerns about
the determination of compliance remain. At the time, HHS and FDA did not
concur with our recommendation. They reasoned that submissions of
appropriate certifications were sufficient, further stating that they did
not have the resources to undertake such reviews.

As mentioned, HHS and FDA have now changed this position. In a May 25,
1999, hearing before these Subcommittees, FDA's Acting Deputy Commissioner
for Policy testified that FDA proposed reviewing manufacturers' test
results supporting compliance certifications for a sample of critical
devices. FDA's proposal consisted of two phases. In the first phase FDA
would 

o develop a list of the manufacturers of these devices;

o from this list of manufacturers, select a sample of 80 for review; and

o hire a contractor to develop a program to assess manufacturers'
  activities to identify and correct Y2K problems with PHRDs.

The goal of the first phase of the survey is to extrapolate from the 
80 assessments a level of overall confidence in the biomedical equipment
industry's Y2K compliance activities. According to FDA, the second phase
of the evaluation would be undertaken only if the results of the first
phase indicated a need for further review of manufacturer Y2K activities
because of concerns about how manufacturers are addressing the issue of
product compliance. 

In carrying out its plan to assess manufacturers' Y2K activities, FDA
issued a task order on July 1, 1999, for a contractor, assisted by two
subcontractors, to perform assessments of the Y2K compliance activities
for a sample of PHRD manufacturers. FDA identified 803 PHRD manufacturing
sites that produce equipment sold in the United States./Footnote19/ These
were composed of 726 biomedical equipment manufacturing sites and 77
manufacturing sites of blood and blood products equipment that manufacture
product types listed in appendix I. 

FDA's contractor then randomly selected 325 of the 803 sites for possible
assessment. These manufacturing sites were then contacted and asked if
they would volunteer to participate in the assessment process. As of
October 4, 1999, of the 325 randomly selected sites, 

o 197 were identified as producing no computer-controlled equipment,

o 80 agreed to participate,

o 26 declined to participate,/Footnote20/ 

o 18 were duplicates,/Footnote21/ and 

o 4 did not respond. 

To carry out the on-site assessments of manufacturing sites, the
contractor developed a guide for its examiners. This guide focused on the
firm's Y2K activities in six areas: (1) executive leadership and control,
(2) risk management, (3) corrective and preventive actions, (4) test
planning and procedures, (5) communication with the consignee (user of the
products), and (6) implementation and contingency planning.

After completing these assessments at the manufacturers' sites, examiners
were required to prepare a report of concerns in each of the six areas
reviewed. Concerns were identified as high, medium, or low, as defined
below: 

o high--actions that are not timely, inadequate planning, inadequate or
  incomplete resources, incomplete or inaccurate deliverables, inability
  to validate results, and/or inadequate due diligence;

o medium--actions that are somewhat late, incomplete planning,
  insufficient or incomplete resources, deficiencies in deliverables,
  and/or incomplete validation of results; and 

o low--actions that are on schedule and have adequate resources.

According to FDA's PHRD survey project manager, as of October 15, 1999,
examiners had completed all 80 manufacturer site assessment visits, and
had prepared 62 assessment reports.

We reviewed the 25 manufacturer site visit reports that were completed by
the examiners and available to us as of September 10, 1999. For 20 of
these assessments, the examiners' assessed concern was low. At the five
remaining manufacturing sites, the examiner found at least one item of
moderate concern in the six areas, such as test planning and procedures.
According to the PHRD survey project manager, the areas identified in the
site visit reports as medium risk do not constitute a risk to patient
health or safety. 

Until recently, none of the site visit reports submitted to FDA contained
a concern assessed as high. However, earlier this week, the PHRD survey
project manager informed us that FDA had just received a site visit report
with concerns assessed as high in two areas--leadership and control, and
test planning and procedures. The report stated that the manufacturer's
policies and procedures were found to be inconsistent, ambiguous, and were
not followed in a manner that would meet due diligence requirements. It
also noted that the qualifications of the manufacturer's personnel for
specified tasks were not well defined, and that some personnel assigned to
tasks identified in the policies and procedures were not qualified to
perform those tasks. The report concluded that the manufacturer's
procedures for Y2K assessment and corrective and preventive action were
less than adequate, and that assessment procedures had not been applied
consistently. The manufacturer subsequently told the examiner that action
would be taken on the issues raised. FDA officials told us that they plan
to follow up with the manufacturer.

The project manager also told us that FDA's contractor is in the process
of preparing a final report summarizing the overall findings from the 80
site visit assessment reports, detailing any problems encountered during
the project. This individual indicated that FDA expects to receive the
final report from the contractor later this month. Although FDA initially
expected to submit a final report to HHS by October 1, it has not yet
established a date for when this will occur. 

To assess how the contractor was executing FDA's task order, we observed
selected site assessments. At the five manufacturing site assessments we
observed, examiners generally followed the contractor-developed audit
guide and were knowledgeable about information technology management, Y2K
testing, and risk assessment. During our two initial visits, we noted that
examiners sometimes could not answer questions from the manufacturers
relating to the FDA clearinghouse and the processing of the final report
on the site assessments. We subsequently shared these observations with
FDA officials. FDA agreed to consider our suggestions, such as better
communicating to the firms the final reporting process and how the FDA
Federal Y2K Biomedical Equipment Clearinghouse works. During the later
three visits, we did not observe any similar areas of concern. 

Many of the 803 PHRD manufacturing sites identified by FDA are in foreign
locations. Specifically, our review of the 803 sites on FDA's list showed
that 203 were located in 27 foreign countries (appendix II lists these
countries). Of the 325 randomly selected for assessment, 233 were in the
United States and 92 were in 22 foreign countries. Finally, of the 80
locations where manufacturers agreed to be assessed by FDA, 65 are located
in the United States and 15 are located in 8 other countries--Canada (1
site), Finland (2), Germany (4), the Netherlands (1), Norway (1), Sweden
(2), Switzerland (1), and the United Kingdom (3).

Information on Biomedical Equipment Compliance of Health Care Providers
Incomplete

While information is available on the Y2K compliance status of biomedical
equipment through the FDA clearinghouse and other sources, it is not clear
at this time how extensively health care providers are using this
information to determine their Y2K readiness. According to FDA, it has
taken steps to make users aware of the clearinghouse. For example, FDA has
published articles in professional trade journals and participated in
conferences aimed at health care facilities. 

FDA also informed us that the Federal Y2K Biomedical Equipment
Clearinghouse had received about 317,000 inquiries between April 1998 and
September 1999. However, according to FDA, it is not possible to determine
the sources of the inquiries.

To determine whether health care providers were using the FDA
clearinghouse to assess the Y2K compliance status of their biomedical
equipment, we reviewed readiness surveys sent to providers by several
federal agencies and professional health care associations./Footnote22/
For example, the American Medical Association (AMA) surveyed a random
sample of 7,000 of its members in July/August 1999 on whether they were
aware of the FDA clearinghouse; only 17 percent of respondents indicated
that they were. 

In addition, a July 1999 HHS Office of Inspector General (OIG) survey sent
to hospitals, nursing facilities, home health agencies, and physicians
contained three questions on FDA's clearinghouse. These questions related
to awareness, usage, and whether the clearinghouse was helpful. 

Responses to the HHS OIG survey varied significantly. For example, about
80 percent of the hospitals responding stated that they were aware of the
clearinghouse, but less than half of the nursing facilities, home health
agencies, and physicians responding stated this same awareness. Further,
while about 60 percent of the responding hospitals reported that they used
the clearinghouse, 25 percent or fewer of the responding nursing
facilities, home health agencies, and physicians reported using the
clearinghouse to obtain readiness information about their biomedical
equipment.

The HHS OIG survey noted that there was general agreement among the
respondents that the clearinghouse information was helpful. Specifically,
100 percent of the physicians, 95 percent of the nursing facilities, 
91 percent of the hospitals, and 87 percent of the home health agencies
that said they had used clearinghouse data said they found the information
to be helpful.

Although compliance information on biomedical equipment is available
through FDA's clearinghouse, theY2K readiness status of equipment at
health care providers' offices is not known because a significant number
of providers did not respond to the surveys. As shown in table 1, the
response rates to the July survey from the HHS OIG to nursing facilities,
home health agencies, and physicians were all less than 50 percent. The
response rates to surveys from AHA and AMA on this subject were even less,
at 29 and 
8 percent, respectively. Lastly, the response rate to a survey from the
American Health Care Association (AHCA)/Footnote23/ was even more
disappointing, at less than 3 percent. 

Table****Helvetica:x11****1:    Reported Survey Results of Y2K Readiness
                                of Biomedical Equipment

------------------------------------------------------------------------
| Entity performing   :    Number :    Number : Percentag : Percentag  |
| survey/group        :  surveyed :        of :         e :         e  |
| surveyed            :           : responses : respondin : respondin  |
|                     :           :           :         g :   g don't  |
|                     :           :           : currently :      know  |
|                     :           :           :  compliant:            |
|----------------------------------------------------------------------|
| HHS Office of the   :           :           :           :            |
| Inspector General   :           :           :           :            |
| (July 1999)         :           :           :           :            |
|----------------------------------------------------------------------|
| Hospitals           :     1,000 :      537a :        27 :         5  |
|----------------------------------------------------------------------|
| Nursing facilities  :     1,000 :      230a :        50 :        25  |
|----------------------------------------------------------------------|
| Home health agencies:     1,000 :      159a :        48 :        27  |
|----------------------------------------------------------------------|
| Physicians          :     1,000 :       79a :        56 :        22  |
|----------------------------------------------------------------------|
| American Hospital   :     2,000 :       583 :         6 :         2  |
| Association (AHA)   :           :           :           :            |
| (February 1999)     :           :           :           :            |
|----------------------------------------------------------------------|
| American Medical    :     7,000 :       544 :         c :         d  |
| Association (AMA)   :           :           :           :            |
| (July/August 1999)  :           :           :           :            |
|----------------------------------------------------------------------|
| American Health     :    12,000 :      342e :        24 :        d   |
| Care Association    :           :           :           :            |
| (AHCA)              :           :           :           :            |
| (March 1999)        :           :           :           :            |
|----------------------------------------------------------------------|
| American Medical    :       230 :        99 :        42 :         d  |
| Group Association   :           :           :           :            |
| (AMGA)b (March 1999):           :           :           :            |
------------------------------------------------------------------------

Source: Organizations listed. We did not independently verify this
information.

aThe number of respondents who selected "not applicable" for the question
were excluded from the number of responses.

bThis organization represents approximately 45,000 physicians in more than
230 medical groups across 40 states.

cAccording to the survey results, 67 percent of responding physicians rent
or lease biomedical equipment that will be affected by Y2K; 62 percent of
them were confident that their vendors have prepared the equipment for
Y2K. Data were not provided on the remaining 33 percent of responding
physicians.

dThe survey did not have "Don't Know" as a response choice. 

eTwenty-eight percent of the respondents said this question was not
applicable to them.

The survey results also indicated that much work remains in making
biomedical equipment Y2K-ready. Table 1 shows that less than one-third of
the hospitals responding to HHS' OIG survey stated that all of their
biomedical equipment was currently compliant, and only 6 percent of the
hospitals responding to the AHA survey stated that their biomedical
equipment was currently compliant.

Manufacturers Vary on User Testing of Biomedical Equipment

The question of whether to test their biomedical equipment for Y2K
compliance is a difficult one that confronts many users, such as hospitals
and physicians' offices. FDA has taken the position that manufacturers'
submissions of Y2K compliance certifications provide sufficient assurance
of product compliance, and that such testing on the part of users is not
necessary. VA and the Emergency Care Research Institute (ECRI)/Footnote24/
have also stated that manufacturers are best qualified to analyze embedded
systems or software to determine Y2K compliance. Accordingly, they do not
encourage user testing of biomedical equipment for Y2K compliance. ECRI
guidelines, however, suggest that health care facilities should consider
testing interfaces between medical devices in cases where the facility
cannot determine theY2K compliance of the interface from the device
manufacturers. 

In contrast to VHA's and FDA's positions, some hospitals in the private
sector believe that testing biomedical equipment is necessary to prove
that they have exercised due diligence in the protection of patient health
and safety. We have testified that officials at three hospitals told us
that their biomedical engineers established their own test programs for
biomedical equipment and, in many cases, contacted the manufacturers for
their test protocols./Footnote25/ Several of these engineers informed us
that their testing identified some noncompliant equipment that the
manufacturers had earlier certified as compliant. According to these
engineers, the equipment found to be noncompliant all had display problems
and was not critical care/life support equipment. We were told that
equipment found to be incorrectly certified as compliant included a
cardiac catheterization unit, a pulse oxymeter, medical imaging equipment,
and ultrasound equipment. 

Our review of manufacturers' web sites disclosed that manufacturers'
opinions vary on whether users should test their biomedical equipment. We
noted that at least 37 manufacturers provided information on their web
sites about Y2K testing. Of these, 30 encouraged testing; 15 provided end
users with information such as test protocols and instructions. Fifteen
manufacturers also encouraged users to test their devices in configuration
with related equipment to ensure that the devices operate as intended.
Seven manufacturers did not encourage testing; two of these stated that
such testing could disrupt operation of software.

As we testified in May, the question of whether to independently verify
and validate biomedical equipment that manufacturers have certified as
compliant is one that must be addressed jointly by medical facilities'
clinical staff, biomedical engineers, and corporate
management./Footnote26/ The overriding criterion should be ensuring
patient health and safety.

In summary, compliance status information on biomedical equipment can be
found in FDA's clearinghouse or on manufacturers' web sites. The quality
of the compliance information on the web sites, however, varies
significantly, ranging from general assurances of compliance to detailed
information on specific product make and model. Given the criticality of
having medical devices function as intended on and after January 1, it is
important that FDA encourage manufacturers to provide detailed information
on the product make and model, compliance status, and availability of
solutions for noncompliant equipment.

To its credit, FDA has assessed the Y2K compliance activities of 80 PHRD
manufacturing sites. Although most appeared to have been assessed as
having low degrees of concern, one site had a concern in two areas
assessed at high. FDA is currently reviewing this site to make sure that
there are no unresolved issues affecting patient safety. 

Because a significant number of health care providers are not responding
to Y2K surveys sent by federal agencies and professional associations, the
public lacks information on the readiness of providers. Such information
would help alleviate public concerns about the Y2K readiness of health
care providers and the biomedical equipment they use in patient care.
Lastly, although there are varying views on whether end users should test
their biomedical equipment for Y2K compliance, the overriding criterion
should be ensuring patient health and safety. 

We performed this assignment in accordance with generally accepted
government auditing standards, from July 1999 through October 1999. We
reviewed and analyzed information listed in the Federal Y2K Biomedical
Equipment Clearinghouse. We also reviewed and analyzed information listed
on the web sites of biomedical equipment manufacturers referred to in
FDA's Federal Y2K Biomedical Equipment Clearinghouse. In addition, we
reviewed and analyzed FDA documentation on the agency assessments of PHRD
manufacturing sites, including selected contractor's final reports to FDA
on the manufacturers. We also visited five PHRD manufacturing sites and
observed FDA's contractor examiners carrying out the assessment of the
firms' Y2K compliance activities. We interviewed FDA officials responsible
for the Federal Y2K Biomedical Equipment Clearinghouse and oversight and
management of the agency's survey of PHRD manufacturer Y2K compliance
activities.

Messrs. Chairmen, this concludes my statement. I would be pleased to
respond to any questions that you or other members of the Subcommittees
may have at this time.

Contact and Acknowledgments

For information about this testimony, please contact Joel Willemssen at
(202) 512-6253 or by e-mail at [email protected]. Individuals
making key contributions to this testimony included Gwen Adelekun, 
Dr. Nabajyoti Barkakati, Michael Fruitman, James Houtz, Robert Kershaw,
Helen Lew, Barbara Oliver, Michael Resser, Glenn Spiegel, and Glenda Wright.

--------------------------------------
/Footnote1/-^Biomedical equipment refers both to medical devices regulated
  by FDA, and scientific and research instruments, which are not subject
  to FDA regulation.
/Footnote2/-^As is widely known by now, for the past several decades
  computer systems have often used two digits to represent the year, such
  as "98" for 1998, in order to conserve electronic data storage and
  reduce operating costs. In this format, however, 2000 is
  indistinguishable from 1900 because both are represented as "00." As a
  result, if not modified, systems or applications that use dates or
  perform date- or time-sensitive calculations may generate incorrect
  results beyond 1999.
/Footnote3/-^This site can be accessed on the Internet World Wide Web at
  http://www.fda.gov/cdrh/yr2000/year2000.html.
/Footnote4/-^Such instruments are used to separate the components of a
  solution with heat and measure their relative quantities.
/Footnote5/-^A component of the Department of Veterans Affairs (VA).
/Footnote6/-^Appendix I lists the 90 PHRD product types.
/Footnote7/-^An electroanesthesia apparatus uses electricity to induce and
  maintain anesthesia during surgical procedures. Hemodialysis systems
  cycle blood from a patient's body to filter out body waste before
  returning the blood to the patient. Fetal ultrasonic monitors use sound
  to measure the heart rate of the fetus and uterine contractions of the
  mother during pregnancy and childbirth.
/Footnote8/-^Examples of such equipment include automated blood cell and
  plasma separators for therapeutic purposes and instruments used to
  screen the blood supply for blood-borne pathogens.
/Footnote9/-^Year 2000 Computing Crisis: Compliance Status of Many
  Biomedical Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
  1998).
/Footnote10/-^GAO/AIMD-98-240, September 18, 1998.
/Footnote11/-^GAO/AIMD-98-240, September 18, 1998.
/Footnote12/-^Year 2000 Computing Challenge: Concerns About Compliance
  Information on Biomedical Equipment (GAO/T-AIMD-99-209, June 10, 1999).
/Footnote13/-^We summarized the results of our review in four compliance
  categories--products that do not employ a date, products that are
  compliant, products that are noncompliant, and products whose compliance
  status is currently unknown. This last category includes those
  manufacturers who reported that they have not completed an assessment of
  their products, have discontinued a product, or have a product that is
  now obsolete.
/Footnote14/-^This includes medical devices, scientific and research
  instruments, and other supporting products, such as printers and
  software. 
/Footnote15/-^According to FDA, the contractor assisting it with the
  clearinghouse verified that this web site link was operable.
/Footnote16/-^A ventricular assist device is a small electromechanical
  pump that helps maintain blood circulation in patients suffering from
  end-stage heart disease. Hemodialysis equipment cycles blood from a
  patient's body to filter out body waste before returning the blood to
  the patient.
/Footnote17/-^An example of a workaround is noting on the printout of an
  EKG machine the year "2000" instead of "1900."
/Footnote18/-^GAO/AIMD-98-240, September 18, 1998.
/Footnote19/-^The 803 consisted of those manufacturers among the 90 types
  of PHRDs identified that had registered PHRD products with FDA. 
/Footnote20/-^According to FDA, reasons given by manufacturers for
  declining to participate included scheduling or resource limitations and
  recent regular FDA site inspections. Five manufacturing sites declined
  without giving a reason.
/Footnote21/-^These sites involved large, multisite manufacturers where
  the FDA contractor had already selected two or more of the same
  manufacturer's sites. According to FDA, the contractor did not assess
  duplicates if they came up in later samples. 
/Footnote22/-^These include HHS' Office of the Inspector General, American
  Hospital Association (AHA), and AMA.
/Footnote23/-^This is a federation of 50 state health organizations that
  represent nearly 12,000 nonprofit and for-profit assisted living,
  nursing facility, long-term care, and subacute-care providers.
/Footnote24/-^ECRI is an international, nonprofit health services research
  agency. It believes that superficial testing of biomedical equipment by
  users may provide false assurances, as well as create legal liability
  exposure for health care institutions.
/Footnote25/-^Year 2000 Computing Crisis: Action Needed to Ensure
  Continued Delivery of Veterans Benefits and Health Care Services (GAO/T-
  AIMD-99-136, April 15, 1999).
/Footnote26/-^Year 2000 Computing Challenge: Much Biomedical Equipment
  Status Information Available, Yet Concerns Remain (GAO/T-AIMD-99-197,
  May 25, 1999).

FDA'S LIST OF COMPUTER-CONTROLLED POTENTIALLY HIGH-RISK MEDICAL DEVICE TYPES
===========================================================================

                                          Continued from Previous Page
-----------------------------------------------------------------------
| Classification Name                                                 |
|---------------------------------------------------------------------|
| Anesthetic vaporizer                                                |
|---------------------------------------------------------------------|
| Arrhythmia detector and alarm                                       |
|---------------------------------------------------------------------|
| Autotransfusion apparatus                                           |
|---------------------------------------------------------------------|
| Automated blood cell and plasma separator for therapeutic purposes  |
|---------------------------------------------------------------------|
| Automated blood grouping and antibody test system                   |
|---------------------------------------------------------------------|
| Blood and plasma warming device                                     |
|---------------------------------------------------------------------|
| Blood storage refrigerator and blood storage freezer                |
|---------------------------------------------------------------------|
| Breathing frequency monitor                                         |
|---------------------------------------------------------------------|
| Breathing gas mixer                                                 |
|---------------------------------------------------------------------|
| Cardioconverter, implantable                                        |
|---------------------------------------------------------------------|
| Cardiopulmonary bypass heart-lung machine console                   |
|---------------------------------------------------------------------|
| Cardiopulmonary bypass on-line blood gas monitor                    |
|---------------------------------------------------------------------|
| Cardiopulmonary bypass pulsatile flow generator                     |
|---------------------------------------------------------------------|
| Cardiopulmonary bypass pump speed control                           |
|---------------------------------------------------------------------|
| Centrifugal chemistry analyzer for clinical use                     |
|---------------------------------------------------------------------|
| Continuous flow sequential multiple chemistry analyzer for          |
| clinical use                                                        |
|---------------------------------------------------------------------|
| Continuous ventilator                                               |
|---------------------------------------------------------------------|
| DC-defibrillator low energy (including paddles)                     |
|---------------------------------------------------------------------|
| Defibrillator, automatic implantable cardioconverter                |
|---------------------------------------------------------------------|
| Defibrillator, implantable, dual-chamber                            |
|---------------------------------------------------------------------|
| Device, thermal ablation, endometrial                               |
|---------------------------------------------------------------------|
| Discrete photometric chemistry analyzer for clinical use            |
|---------------------------------------------------------------------|
| Electroanesthesia apparatus                                         |
|---------------------------------------------------------------------|
| Environmental chamber for storage of platelet concentrate           |
|---------------------------------------------------------------------|
| External counter-pulsating device                                   |
|---------------------------------------------------------------------|
| External negative pressure ventilator                               |
|---------------------------------------------------------------------|
| External pacemaker pulse generator                                  |
|---------------------------------------------------------------------|
| External programmable pacemaker pulse generator                     |
|---------------------------------------------------------------------|
| Fetal ultrasonic monitor and accessories                            |
|---------------------------------------------------------------------|
| Gas machine for anesthesia or analgesia                             |
|---------------------------------------------------------------------|
| Glucose test system                                                 |
|---------------------------------------------------------------------|
| Hemodialysis systems and accessories                                |
|---------------------------------------------------------------------|
| High permeability hemodialysis systems                              |
|---------------------------------------------------------------------|
| Hyperbaric chamber                                                  |
|---------------------------------------------------------------------|
| Hysteroscopitc insufflator                                          |
|---------------------------------------------------------------------|
| Classification Name                                                 |
|---------------------------------------------------------------------|
| Implantable pacemaker pulse-generator                               |
|---------------------------------------------------------------------|
| Implanted cerebellar stimulator                                     |
|---------------------------------------------------------------------|
| Implanted diaphragmatic/phrenic nerve stimulator                    |
|---------------------------------------------------------------------|
| Implanted electrical urinary continence device                      |
|---------------------------------------------------------------------|
| Implanted intracerbral/subcortical stimulator for pain relief       |
|---------------------------------------------------------------------|
| Implanted nueromuscular stimulator                                  |
|---------------------------------------------------------------------|
| Implanted peripheral nerve stimulator for pain relief               |
|---------------------------------------------------------------------|
| Implanted spinal cord stimulator for bladder evacuation             |
|---------------------------------------------------------------------|
| Implanted spinal cord stimulator for pain relief                    |
|---------------------------------------------------------------------|
| Indwelling blood carbon dioxide partial pressure (PCO2) analyzer    |
|---------------------------------------------------------------------|
| Indwelling blood oxygen partial pressure (PO2) analyzer             |
|---------------------------------------------------------------------|
| Infant radiant warmer                                               |
|---------------------------------------------------------------------|
| Infusion pump                                                       |
|---------------------------------------------------------------------|
| Instruments used to screen the blood supply for bloodborne          |
| pathogens                                                           |
|---------------------------------------------------------------------|
| Intermittent mandatory ventilation attachment                       |
|---------------------------------------------------------------------|
| Intra-aortic balloon and control system                             |
|---------------------------------------------------------------------|
| Isolated kidney perfusion and transport system and accessories      |
|---------------------------------------------------------------------|
| Kit, test, alpha-fetoprotein for neural tube defects                |
|---------------------------------------------------------------------|
| Laproscopic insufflator                                             |
|---------------------------------------------------------------------|
| Lipoprotein, low density, removal                                   |
|---------------------------------------------------------------------|
| Lung water monitor                                                  |
|---------------------------------------------------------------------|
| Medical charged-particle radiation therapy systema                  |
|---------------------------------------------------------------------|
| Medical Neutron radiation therapy systema                           |
|---------------------------------------------------------------------|
| Membrane lung (for long term pulmonary support)                     |
|---------------------------------------------------------------------|
| Micro chemistry analyzer for clinical use                           |
|---------------------------------------------------------------------|
| Neonatal incubator                                                  |
|---------------------------------------------------------------------|
| Neonatal transport incubator                                        |
|---------------------------------------------------------------------|
| Nonroller-type cardiopulmonary bypass blood pump                    |
|---------------------------------------------------------------------|
| Oxygen-uptake computer                                              |
|---------------------------------------------------------------------|
| Pacemaker programmers                                               |
|---------------------------------------------------------------------|
| Peritoneal dialysis system and accessories                          |
|---------------------------------------------------------------------|
| Portable oxygen generator                                           |
|---------------------------------------------------------------------|
| Powered emergency ventilator                                        |
|---------------------------------------------------------------------|
| Processing system for frozen blood                                  |
|---------------------------------------------------------------------|
| Pulse-generator, dual chamber, implantable                          |
|---------------------------------------------------------------------|
| Pulse-generator, program module                                     |
|---------------------------------------------------------------------|
| Pulse-generator, single chamber                                     |
|---------------------------------------------------------------------|
| Classification Name                                                 |
|---------------------------------------------------------------------|
| Pulse-generator, single chamber, sensor driven, implantable         |
|---------------------------------------------------------------------|
| Pump, drug administration, closed loop                              |
|---------------------------------------------------------------------|
| Pump, infusion, implanted, programmable                             |
|---------------------------------------------------------------------|
| Radionuclide radiation therapy systema                              |
|---------------------------------------------------------------------|
| Remote controlled radionuclide-applicator systema                   |
|---------------------------------------------------------------------|
| Roller type cardiopulmonary bypass blood pump                       |
|---------------------------------------------------------------------|
| Software, blood bank, stand alone products                          |
|---------------------------------------------------------------------|
| Separator for therapeutic purposes, membrane automated blood        |
| cell/plasma                                                         |
|---------------------------------------------------------------------|
| Sorbent hemoperfusion system                                        |
|---------------------------------------------------------------------|
| Stimulator, cortical, implanted (for pain)                          |
|---------------------------------------------------------------------|
| Stimulator, electrical, implanted, for Parkinsonian tremor          |
|---------------------------------------------------------------------|
| Stimulator, sacral, nerve, implanted                                |
|---------------------------------------------------------------------|
| Stimulator, spinal-cord, totally implanted for pain relief          |
|---------------------------------------------------------------------|
| Stimulator, subcortical, implanted for epilepsy                     |
|---------------------------------------------------------------------|
| System, pacing, temporary, acute internal atrial defibrillation     |
|---------------------------------------------------------------------|
| Ventilator, high frequency                                          |
|---------------------------------------------------------------------|
| Ventricular bypass (assist) device                                  |
|---------------------------------------------------------------------|
| X-ray radiation therapy systema                                     |
-----------------------------------------------------------------------

aThese device classifications include radiation treatment planning systems
that are accessories to these device types.

Source: FDA.

LISTING OF FOREIGN COUNTRIES WITH PHRD MANUFACTURING SITES
==========================================================

Argentina
Australia
Belgium
Brazil
Canada
Costa Rica
Denmark
Finland
France
Germany
Ireland
Israel
Italy
Japan
Malaysia
Mexico
Netherlands
New Zealand
Norway
Pakistan
People's Republic of China
Republic of Korea
Singapore
Sweden
Switzerland
Thailand
United Kingdom 

(511772)

Before the Committee on International Relations, House of Representatives

For Release on Delivery
Expected at
10 a.m.
Thursday,
October 21, 1999

YEAR 2000 COMPUTING CHALLENGE

State and USAID Need to Strengthen Business Continuity Planning

Statement of Linda D. Koontz
Associate Director, Governmentwide and Defense Information Systems
Accounting and Information Management Division
*****************

*****************

GAO/T-AIMD-00-25

The State Department's warden system consists of responsible individuals
(usually U.S. citizens) in a foreign country who keep U.S. citizens in the
area informed of developments during times of crisis, passing information
provided to the warden by the U.S. embassy. The term "warden system" is
derived from World War II when "air raid wardens" alerted citizens to
emergencies. Because embassies now communicate with hundreds or thousands
of citizens, the traditional warden system has evolved into a combination
of telephone, fax, 
Year 2000 Computing Crisis: Business Continuity and Contingency Planning 
Mr. Chairman and Members of the Committee:

Thank you for inviting me to participate in today's hearing on the State
Department's and the United States Agency for International Development's
(USAID) efforts to address the Year 2000 (Y2K) technology problem. The Y2K
problem has represented a unique challenge for State and USAID. First,
like all organizations, these agencies need to remediate internal computer
systems and plan for unexpected disruptions within the United States.
Unlike others, however, they must also assess the Y2K status of virtually
every country where the United States has a diplomatic presence and ensure
the continuity of vital operations, such as protecting the welfare of
millions of U.S. citizens traveling and living abroad, promoting economic
development, providing humanitarian assistance, and achieving diplomatic
agreements. 

Today, I will discuss State and USAID's efforts to increase worldwide
awareness of the Y2K problem, assess international preparedness, and
inform American citizens of risks. In addition, I will discuss these
agencies' reported progress in remediating their internal computer systems
and their efforts to prepare business continuity and contingency plans to
ensure that they can continue to provide critical services. To perform our
work for this Committee and prepare for this testimony, we reviewed key
documents and interviewed senior State and USAID officials responsible for
addressing international Y2K risks. A detailed discussion of our
objectives, scope, and methodology for this review is included in the
appendix to this statement.

In brief, our message today on State's and USAID's efforts is a mixed one.
The two agencies have taken a number of positive steps to address
international Y2K risks. Through its leadership of the President's Year
2000 Council International Relations Working Group, the State Department
has worked to increase awareness of the problem throughout the world,
collected and shared information on the problem with other federal
agencies and foreign nations, and encouraged the remediation of faulty
computer systems. State has also undertaken efforts to help ensure that
Americans traveling and living abroad are informed about Y2K. In addition,
State has successfully tested its ability to collect and analyze
information from its worldwide posts during the rollover. Similarly, USAID
has devoted resources to assessing what Y2K problems could occur at many
of its worldwide missions and on USAID-funded projects currently underway
within the countries where these missions are located. 

Both agencies also report that they have completed or have almost
completed remediation and testing of their mission-critical computer
systems. State reports that all 59 of its mission-critical systems are Y2K
compliant and according to USAID, 6 of 7 are compliant. USAID's New
Management System is still being repaired and the agency expects it to be
compliant by the end of this month.

However, State and USAID have been much less effective in the area of
business continuity and contingency planning (BCCP). Because of the nature
of the Y2K problem, organizations must first identify core missions and
processes, decide which ones need to continue in the event of a 
Y2K-related emergency, and subsequently develop and test continuity and
contingency plans that are clearly tied to the continuity of core
processes. This is especially true for State and USAID since it is now
clear that some countries will not be able to renovate all of their
systems and, consequently, may experience disruptions in critical services
such as power, water, and finance--disruptions which, in turn, are likely
to affect the operations of many embassies, consulates, and missions. Our
review showed that State's BCCP did not identify and link its core
business processes to its Y2K contingency plans and procedures and that
the department has not yet tested its plans in Y2K-specific scenarios.
USAID identified one core business process--financial management--in its 
Y2K BCCP, but did not identify or address other key agency functions.
USAID also provided very little information on contingency planning
activities for its missions and it is unclear when the agency expects to
complete its BCCP process. Consequently, both agencies lack assurance that
they can sustain their worldwide operations and facilities into the new
millennium.

State and USAID Have Increased Awareness of Y2K Risks and Assessed
International Preparedness

In recognition of the challenge Y2K presents, State and USAID launched
comprehensive efforts to mitigate potential disruptions both here and
abroad. The agencies have implemented the following initiatives to foster
better awareness and gauge the likely severity of the problem.

o The State Department chairs the International Relations Working Group
  (IWG) of the President's Council on Year 2000 Conversion. The group has
  worked with other federal agencies and international organizations
  including the United Nations, World Bank, and International Civil
  Aviation Organization to increase foreign nations' awareness and
  encourage systems remediation by collecting and analyzing data on
  countries' preparedness, sharing information, supporting and attending
  conferences, and conducting and encouraging Y2K exercises.

o As part of the IWG's data collection efforts, State's embassies and
  consulates conducted surveys in late 1998 of their host countries' Y2K
  programs. They specifically focused on the countries' status of Y2K
  remediation efforts, dependence on technology in critical
  infrastructure sectors, and vulnerability to short-term economic and
  social turmoil.

o State's Inspector General's (IG) Office has collected Y2K information
  during overseas visits and helped oversee the department's Y2K efforts.
  Over the past year, IG staff visited 31 countries and met with host
  country representatives to increase opportunities for information
  sharing and cooperation. State's IG Office collected and shared with
  other federal entities a great deal of information on the status of
  foreign countries' preparedness for the Y2K rollover.

o USAID teams visited 49 of the agency's 79 overseas missions to promote
  awareness of the Y2K issue, assess the missions' Y2K preparedness,
  assess Y2K compliance of current USAID-funded information technology
  (IT) projects, and evaluate host country Y2K vulnerabilities. The teams
  issued Y2K compliance evaluation reports from July 1998 through April
  1999 that documented their findings and provided a baseline for
  remediation and contingency planning efforts. The reports vary in
  content but collectively indicate what USAID-funded projects are
  underway; whether they are computer dependent and vulnerable to Y2K
  problems; what their Y2K compliance status was at the time of the
  review; and whether the United States government, vendor, or host
  country is responsible for remediating the project. For example,
  USAID's Year 2000 Compliance Evaluation for its Cairo mission discusses
  the agency's portfolio of major development projects, including the
  installation of telephone lines and switches, disease prevention
  efforts, and power control centers within Egypt. Since conducting its
  evaluations, USAID has focused its limited resources on resolving
  problems in selected countries of strategic importance and/or with
  known Y2K vulnerabilities. According to USAID officials, the reports
  have also been provided to host countries' governments so they can
  address the findings.

USAID developed a toolkit that foreign governments at all levels (local,
provincial, and national) can use for Y2K contingency planning. USAID
plans to distribute the toolkit beginning this week. According to USAID,
the toolkit has been developed using a "fast-track" concept in recognition
of the fact that many organizations have begun to address Y2K issues later
than is optimal and that at this stage, they do not have the time to
develop complete contingency plans. As such, the toolkit's design speeds
the effort and reduces the resources required so that at least some
contingency plans can be in place. 

The collective efforts of State and USAID to analyze international Y2K
readiness have shown that some countries will simply not make their Y2K
deadlines and, in fact, are likely to suffer disruptions in critical
infrastructure-related services such as power, water, and finance. As a
result, it has become exceedingly important for State to ensure that
Americans traveling and living abroad are informed about potential 
Y2K-related failures and that they have the best information available to
help them prepare accordingly.

State Has Publicly Reported Information to Help Safeguard Americans

In implementing a broad public outreach strategy on Y2K, the Department of
State issued and made available information about Y2K and foreign
countries' preparedness for the millennium rollover. Much of the
information is intended to help ensure that Americans living and traveling
abroad, or those contemplating foreign travel on January 1, 2000, are 
well-informed about potential Y2K-related failures. The department's
overseas posts are providing this information via numerous mechanisms,
including brochures, warden/Footnote1/ notices, and bulletins on post
Internet home pages.

The protection of American citizens traveling or living abroad is the
department's highest priority. In recognition of this, State's long-
standing "no double standard" policy requires that the department provide
U.S. citizens in foreign countries with information available to official
personnel regarding threats to safety and security that have not and
cannot be countered. In addition, State officials have been very clear in
advising U.S. citizens who may be overseas about their need to exercise
personal due diligence in preparing for possible Y2K failures. As such,
the department acknowledges that it does not have the resources or ability
to provide food, water, shelter, fuel, or medicine to the 3 million plus
Americans registered abroad or the millions more who travel for tourism or
business each year. State's strategy is to provide the best possible
information to Americans so that they can make their own personal
emergency preparedness arrangements and informed decisions. 

In January and July 1999, State issued worldwide public announcements to
warn that all citizens planning to be abroad in late 1999 or early 2000
should stay informed about Y2K readiness in their respective locations. In
September 1999, the department issued updated Consular Information Sheets
for 196 countries that included information on Y2K-related risks. The
sheets are normally issued at least annually to provide advice to
international travelers on issues such as a country's road conditions,
crime rate, and availability of medical facilities. The current
information sheets identify countries' reliance on computer systems and
their level of preparedness for the Y2K problem, that is, whether they are
well-prepared, prepared, generally prepared, somewhat prepared, not fully
prepared, or unprepared. The sheets also assign an overall risk level
(high, medium, or low) for potential Y2K disruptions in key infrastructure
sectors such as energy, telecommunications, and finance, and reemphasize
the need for American citizens to take precautions against Y2K-related
disruptions. 

However, the Y2K-related language in the current information sheets is
fairly general and is not as clear as the more specific information
contained in other sections of the sheet. In addition, it may be difficult
for readers to distinguish the risks in one country from those in another;
specifically, they may be unable to discern the differences between a
country that is generally prepared from one that is somewhat prepared.
State officials stated that information in the sheets on topics other than
Y2K is based on past events and is not as speculative as the Y2K language.
Department officials further stated that the sheets include the best Y2K-
related information they had available prior to publication, but that they
have subsequently obtained additional information on some countries. They
stated they plan to update their website to incorporate the new
information and will also do so for those countries for which new
information becomes available.

In addition, the department plans to issue travel warnings later this
month for selected countries if State officials determine that specific
credible concerns about potential Y2K disruptions exist. Travel warnings
are issued when the department decides to recommend that Americans avoid
travel to specific countries. State has indicated that under its no double
standard policy, travel warnings will be issued for any countries in which
official personnel will be authorized to depart.

State and USAID Have Been Working to Correct Their Internal Computer Systems

The State Department has reported to the Office of Management and Budget
(OMB) that all 59 of its mission-critical systems/Footnote2/ are Y2K
compliant. In addition, State is now reporting that it has successfully
completed 
end-to-end testing/Footnote3/ of four groups of related business
functions: consular, 
e-mail, command and control communications, and security. During this
testing, State tested critical transactions throughout the department
across major business areas, applications, and infrastructure that support
the transactions. According to State, business management end-to-end
testing is underway and expected to be completed by October 31, 1999. 

According to USAID, and as reported to OMB, of its seven mission-critical
systems, one is not yet Y2K compliant. The New Management System
(NMS)/Footnote4/ is being repaired and USAID expects it to be compliant,
validated, and implemented later this month. According to USAID, end-to-
end testing is planned prior to the rollover, but no completion date has
been established yet.

State and USAID Business Continuity and Contingency Planning Efforts Are
Lacking

While there has been extensive remediation and testing of mission-critical
systems by State and USAID, there is, nevertheless, a risk that problems
may occur in the millions of lines of code that were fixed, in overlooked
embedded chips, or in commercial products. There is also a risk that
outside systems that exchange data with these agencies may fail as well as
vital infrastructure services, such as electrical power and water. These
risks, coupled with the risk of Y2K-related failures in foreign countries,
mandate that agencies identify core business processes and functions,
decide which ones must continue in the event of a Y2K-related emergency,
and subsequently develop comprehensive BCCPs to ensure that core business
processes can be continued both domestically and internationally. We have
developed guidance/Footnote5/ on this topic, and OMB has adopted it as the
standard that federal agencies are to use in developing these plans.

Our guidance recommends a mission-based approach to business continuity
and contingency planning which involves, among other steps, (1)
identifying an agency's core business processes and supporting 
mission-critical systems, (2) determining the impact of internal and
external information systems, and infrastructure failures on core business
processes, (3) defining the minimal acceptable level of service for each
core business process, and (4) identifying and documenting contingency
plans and implementation modes for each process. The guide also advocates
business continuity testing to evaluate whether individual contingency
plans are capable of providing the desired level of support to core
business processes and whether the plans can be implemented within a
specified period of time. 

As required by OMB, State developed a June 15, 1999, enterprisewide Y2K
business continuity and contingency plan. OMB described this plan in its
September 1999 quarterly report as being "too high level to determine if
risks have been fully addressed." State's BCCP is a summary document that
cites other supporting plans, the department's global responsibilities,
and its centrally managed but decentrally implemented organizational
structure. State's supporting plans include bureaus' business continuity
plans, Y2K information technology systems contingency plans, Emergency
Action Plans, Duty Officer Handbooks, cable guidance, and standard
operating procedures. 

During our review, we found that State's Y2K BCCP does not follow the
mission-based approach that we recommend. The plan does not identify
State's core business processes or the minimum acceptable level of service
for these processes during emergency situations. State's plan also does
not identify the department's mission-critical systems or the impact of
the failure of these systems on its core business processes. In addition,
the BCCP does not link relevant contingency plans to State's core business
processes and does not identify the circumstances under which these plans
would apply. Finally, the plan does not indicate when or how State will
test and evaluate its plans for sustaining operations in the event of Y2K
disruptions. As such, the State Department does not have assurance that it
is adequately prepared to continue critical business functions in the face
of Y2K failures. State officials stated that they plan to test their
contingency plans across a range of functional areas, regional bureaus,
and scenarios and complete these exercises around mid-November 1999. State
officials also advised us that they plan to issue and resubmit to OMB a
new departmentwide plan today. According to State, this revised plan
appropriately links core business processes, mission-critical systems, and
contingency plans and meets all other OMB requirements. However, we have
not had an opportunity to review this plan.

State also required that each embassy and consulate develop BCCPs and
required the head of each facility to certify that such a plan had been
completed. To assist in this endeavor, State developed and distributed a
Contingency Planning Toolkit in early 1999. This toolkit provided an
appropriate and detailed methodology for (1) identifying critical business
processes, (2) assessing the risk of systems failure, (3) assessing the
risk of infrastructure failures, (4) linking existing emergency procedures
to Y2K failure scenarios, (5) assessing the adequacy of existing emergency
procedures and augmenting them if necessary, and (6) identifying
additional resources that would be needed to execute the revised plans.

We reviewed the toolkit responses prepared by 10 embassies located in
countries of particular interest to the Committee/Footnote6/ and found
that all were incomplete. Although most of the plans identified critical
business processes as well as additional resources needed to prepare for
Y2K failures, only two linked existing contingency procedures to potential
Y2K disruptions or identified any additional procedures needed. Further,
there was no evidence that any of the plans had been tested. Without the
kind of thorough analysis called for in State's toolkit, there is no
assurance that embassies and consulates are fully prepared for potential
Y2K failures. State officials agreed with our assessment, but emphasized
that the department routinely deals with overseas emergencies and crises.
State officials stated that their embassies have standing procedures
including their Emergency Actions Plans for a variety of crises and
pointed out that, on average, the department executes an evacuation every
6 weeks. State officials also stated that some posts have tested existing
emergency plans in a Y2K scenario during crisis management exercises. To
improve their BCCP and provide more assurance, however, State officials
told us that they plan to further review and validate embassy contingency
plans. As such, they stated that they have developed and implemented a web-
based tool to validate posts' plans and expect to complete validation by
November 11, 1999.

In addition, State is now working to determine if any authorized
departures/Footnote7/ from embassies will occur, due to host country
infrastructure vulnerabilities. At this time, the department has declared
that no posts will be closed, but that for some posts, departures may be
necessary. During our review, State officials advised us that final
decisions on authorized departures would be made by late October 1999. At
present, the departure date for personnel at those posts selected is
December 10, 1999. 
Case-by-case departure decisions are also being made now for selected
personnel with health conditions, such as illnesses and pregnancies, due
to concerns about the possibility of Y2K disruptions at medical facilities.

To further support its business continuity efforts, the department is
allocating and distributing resources requested by posts to help mitigate
potential Y2K problems. State officials plan for all resources to be
distributed no later than December 15, 1999.

USAID BCCP Is Also Inadequate
-----------------------------

USAID has also developed an enterprisewide BCCP dated June 15, 1999. OMB's
September 1999 quarterly report states that "AID's plan addresses its core
business functions" and that plans are in place for USAID's approximately
80 overseas posts. However, we found that USAID's BCCP is incomplete and
found little evidence within the plan that would indicate that the OMB-
adopted GAO methodology was followed. 

USAID's BCCP identifies one core business function--financial management--
and four mission-critical systems supporting this function. The BCCP does
not identify or address other key agency functions. Rather, the plan
states that USAID is currently addressing other key processes, such as
administrative services and human resources, which we believe to be
support processes rather than core business processes. We also found very
little information on the agency's contingency planning, including
information on what alternative actions or workarounds would be taken to
sustain critical operations or what events would trigger the need for
these efforts. In addition, the BCCP is headquarters-focused with little
information provided on mission-level contingency planning activities and
provides no date for completing the plan. 

Furthermore, only one mission--Cairo--has prepared a Y2K contingency plan
for its specific location. USAID officials stated that despite the absence
of documented BCCPs, some business continuity and contingency planning
activity has been underway at USAID missions. The officials stated,
however, that they could not validate the quality of or extent to which
the planning activity has occurred.

USAID officials stated that financial and technical constraints have
severely limited their ability to conduct effective business continuity
and contingency planning. USAID's Inspector General's (IG) Office has
performed a comprehensive review of its agency's Y2K business continuity
and contingency planning process and efforts, and a representative from
the IG's office is here today to discuss the results of their work. Given
the results of our and the IG's work, we are extremely concerned about
USAID's ability to sustain its core business operations during the
rollover and protect its overseas personnel from Y2K-related failures.

State Is Making Other Preparations for the Rollover

A significant aspect of business continuity and contingency planning is
day one (also called day zero) planning. An effective day one strategy
comprises a comprehensive set of actions to be executed by a federal
agency during the last days of 1999 and the first days of 2000. Federal
agencies and other organizations should have an effective day one strategy
so they can position themselves to readily identify Y2K-induced problems,
take needed corrective actions, and minimize adverse impact on their
operations and key business processes. An effective day one Y2K plan will
also help an agency provide information about its Y2K condition to 

executive management, business partners, and the public. We recently
issued guidance/Footnote8/ on this subject, which we have provided to OMB
and executive agencies for their use. 

Day one planning is underway at State and USAID, although at the time of
our review it was too early to evaluate their overall efforts. We did,
however, review the discussion of day one planning contained in State's
current BCCP and believe the department's approach seems reasonable. State
indicates it will staff the Main State building and its headquarters
annexes with up to 700 employees and augment its Operations Center with
additional resources in a separate Y2K response center. 

In addition, we reviewed State's efforts to test its ability to collect
and disseminate information from its overseas posts. While not required by
OMB, on September 9, 1999, State conducted an exercise to test its
worldwide reporting mechanisms. State selected this date because there
were concerns within the computing community that some systems may
interpret the "9/9/99" date as an error or as the end of a file. The
objective of the exercise was to assess the department's ability to
collect information on the Y2K status of all posts and host countries. No
systems failed due to misreading 9/9/99. During the exercise, 165 overseas
posts successfully reported status information on the impact of the 9/9/99
date rollover on operations at their facilities and host country
infrastructures. State also tested its ability to assimilate and analyze
this information at its headquarters location and is now assessing lessons
learned for application to the actual Y2K event. 

Mr. Chairman, in conclusion, the State Department has tremendous
responsibilities in ensuring the safety of U.S. citizens overseas and
operating its overseas posts. USAID has similar responsibilities in
managing large IT-dependent projects and operating missions abroad. In
addition, due to their reliance on foreign countries' infrastructures,
they face challenges unique to their international missions. State and
USAID will need to marshal their resources in the remaining days ahead,
strengthen their BCCPs to help mitigate any Y2K-related failures, and work
toward maximizing assurance that they can continue to perform their core
business functions and maintain their overseas operations during the
rollover. This concludes my remarks and I will be happy to answer any
questions you or Members of the Committee may have.

Contact and Acknowledgements

For further information regarding this testimony, please contact Linda
Koontz at (202) 512-6240 or by e-mail at [email protected]. Individuals
making key contributions to this testimony include Cristina Chaplain, Kirk
Daubenspeck, and Brian Spencer.

--------------------------------------
/Footnote1/-^e-mail, high-frequency radio, media, and Internet home page
  mechanisms.
/Footnote2/-^Mission-critical systems support business processes whose
  failure would seriously affect an organization's ability to meet its
  worldwide responsibilities.
/Footnote3/-^The purpose of end-to-end testing is to verify that a set of
  interrelated systems, which collectively support an organizational core
  business area or function, interoperate as intended in an operational
  environment. 
/Footnote4/-^NMS is a suite of administrative systems for USAID's
  Washington office that includes accounting, acquisition and assistance,
  budget, and operations functions. According to OMB, NMS has underlying
  implementation problems unrelated to Y2K.
/Footnote5/-^(GAO/AIMD-10.1.19, August 1998).
/Footnote6/-^We reviewed responses from embassies in Brazil, Haiti,
  Indonesia, Italy, Mexico, Panama, Poland, Russia, Saudi Arabia, and
  Thailand.
/Footnote7/-^According to State, when warranted in the national interest
  or in response to imminent threat to life, a chief of mission may
  request authorized (voluntary) departure status for employees in
  nonemergency positions and/or family members who wish to leave the post
  under the authorized departure option. The Department of State must
  issue a travel warning when either authorized or ordered (mandatory)
  departure is approved for official personnel and/or their families.
/Footnote8/-^Y2K Computing Challenge: Day One Planning and Operations
  Guide (GAO/AIMD-10.1.22, October 1999).

OBJECTIVES, SCOPE, AND METHODOLOGY
==================================

To prepare for this testimony, we conducted an overview of State's and
USAID's efforts to address international Y2K risks. We reviewed State's
overall strategy for addressing the Y2K problem and ensuring the safety of
Americans overseas who may face risks from Y2K-related failures. Our work
at USAID focused on the agency's efforts to address Y2K-related risks to
USAID-funded information technology projects and systems in foreign
nations. 

We reviewed a number of key documents, including the State Department's
enterprisewide Y2K BCCP; analyses of foreign nations' preparedness for the
Y2K problem; bureau, embassy, and systems Y2K contingency plans; selected
embassy Emergency Action Plans; Consular Information Sheets; and public
Y2K announcements. We also reviewed USAID's overall Y2K BCCP, a Y2K
contingency plan for one mission, and about 50 assessments of selected
overseas missions' preparedness and their dependence on host country
infrastructures. 

In addition, we interviewed senior officials responsible for addressing
international Y2K risks, including the State Department's Special
Representative for the Year 2000 Problem, Deputy Chief Information Officer
for the Year 2000, Deputy Chief Information Officer for Operations, Deputy
Assistant Secretary for Diplomatic Security, Deputy Assistant Secretary
for Administration, Managing Director for International Financial
Services, Executive Director for Consular Affairs, Director of Overseas
Citizens Services, and the Director of the Year 2000 Working Group. At
USAID, we interviewed senior officials including the agency's Chief
Information Officer and the Director of the Office of Information
Resources Management. We performed our work in Washington, D.C., from
August through October 1999, in accordance with generally accepted
government auditing standards. We obtained comments on a draft of this
testimony from State and USAID officials and incorporated these comments
where appropriate.

(511668)

*** End of document. ***