Summary
The October 2001 anthrax attacks, the recent outbreak of the virulent Severe Acute Respiratory Syndrome (SARS), and increased awareness that terrorist groups may be capable of releasing life-threatening biological agents have prompted efforts to improve our nation's preparedness for, and response to, public health emergencies--including bioterrorism. GAO was asked, among other things, to identify federal agencies information technology (IT) initiatives to support our nation's readiness to deal with bioterrorism. Specifically, we compiled an inventory of such activities, determined the range of these coordination activities with other agencies, and identified the use of health care standards in these efforts.
The six key federal agencies involved in bioterrorism preparedness and response identified about 70 planned and operational information systems in several IT categories associated with supporting a public health emergency. These encompass detection (systems that collect and identify potential biological agents from environmental samples), surveillance (systems that facilitate ongoing data collection, analysis, and interpretation of disease-related data), communications (systems that facilitate the secure and timely delivery of information to the relevant responders and decision makers), and supporting technologies (tools or systems that provide information for the other categories of systems). For example, the Centers for Disease Control and Prevention (CDC) is currently implementing its Health Alert Network, an early warning and response system intended to provide federal, state, and local agencies with better communications during public health emergencies, and the Department of Defense is using its Electronic Surveillance System for the Early Notification of Community-based Epidemics to support early identification of infectious disease outbreaks in the military by comparing analyses of data collected daily with historical trends. The extent of coordination or interaction of these systems among agencies covered a wide range--from an absence of coordination, to awareness among the agencies with no formal coordination, to formal coordination, to joint development of initiatives. IT can more effectively facilitate emergency response if standards are developed and implemented that allow systems to be interoperable. The need for common, agreed-upon standards is widely acknowledged in the health community, and activities to strengthen and increase the use of applicable standards are ongoing. For example, CDC has defined a public health information architecture, which identifies data, communication, and security standards needed to ensure the interoperability of related systems. Despite these ongoing efforts to address IT standards, many issues remain to be worked out, including coordinating the various standards-setting initiatives and monitoring the implementation of standards for health care delivery and public health. An underlying challenge for establishing and implementing such standards is the lack of an overall strategy guiding IT development and initiatives. Without such a strategy to address the development and implementation of standards, agencies may not be well positioned to take advantage of IT that could facilitate better preparation for and response to public health emergencies--including bioterrorism.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
No director on record
No team on record
No phone on record
Recommendations for Executive Action
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--should establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should identify all federal agencies' IT initiatives, using the results of our inventory as a starting point.
Agency Affected: Department of Health and Human Services
Status: Not Implemented
Comments: On July 21, 2004, HHS issued an information technology (IT) framework as a first step toward establishing a national health IT strategy that includes public health preparedness and response. The framework contained an initial inventory of major health IT programs, including public health IT initiatives at HHS. However, it did not include programs from other agencies identified in GAO's report (e.g., DOE, USDA, and EPA). In addition, HHS posted its listing of major health IT programs on its health IT Web site and provided links to selected initiatives; however, it has not updated the original information published in 2004 nor provided evidence that the inventory is current or used to oversee or coordinate public health IT initiatives.
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--should establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should set priorities for information systems, supporting technologies, and other IT initiatives.
Agency Affected: Department of Health and Human Services
Status: Implemented
Comments: HHS implemented this recommendation by including strategies for improving population health in a framework for strategic actions for delivering health IT, which the Secretary approved in July 2004. Specifically, the framework defined future IT-related actions and priorities for unifying public health surveillance architectures into interoperable systems that allow the exchange of information among health care providers, federal and state agencies, and public health organizations needed for effective public health surveillance functions. Additionally, to help implement and further define future actions, HHS established a workgroup called the Population Health and Clinical Care Connections Workgroup which is charged with making recommendations for facilitating the flow of reliable health information among public health and clinical care systems. The workgroup has identified a minimum data set for biosurveillance reporting and has identified priorities to guide its future work in recommending IT initiatives for exchanging health information, including adverse event reporting, bi-directional communications, disease case reporting and outbreak investigations, and response management.
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--should establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should define activities for ensuring that the various standards-setting organizations coordinate their efforts and reach further consensus on the definition and use of standards.
Agency Affected: Department of Health and Human Services
Status: Implemented
Comments: HHS implemented this recommendation by defining a strategy that includes activities for ensuring that the public and private sectors work together to advance the adoption of health IT standards. These activities are defined in a framework for strategic actions for delivering health IT, which the Secretary approved in July 2004. The strategy charged government-sponsored standards-setting components to develop an interoperable infrastructure to simplify data exchange in order to meet the information needs of public health surveillance and response. In its efforts to implement the strategy, HHS established a public-private partnership involving more than 300 health-related organizations to coordinate standards-setting efforts and reach consensus on the use of data and technical standards. The panel includes members from many of the various standards development organizations that are responsible for defining health IT standards. In its first year, the panel developed detailed interoperability standards related specifically to biosurveillance and the transmission of data from health care delivery organizations to public health systems in support of public health emergency preparedness and response. The panel also developed specific implementation guidance that described how to use the standards. HHS also established a certification commission of public and private partners that defined initial criteria and processes for certifying that certain health information products meet these standards.
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--should establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should establish milestones for defining and implementing all standards.
Agency Affected: Department of Health and Human Services
Status: Not Implemented
Comments: In GAO-06-1071T and other reports and testimonies, we have updated the status of HHS's efforts to define a national health IT strategy and reiterated our finding that HHS had not defined detailed plans and milestones for implementing its strategic plan, including strategies to support public health preparedness and response. While HHS's Health IT Standards Panel has made progress in achieving consensus on specific public health-related IT standards, HHS has not established milestones for implementing standards for public health IT.
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--should establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should create a mechanism--consistent with HIPAA requirements--to monitor the implementation of standards throughout the health care industry.
Agency Affected: Department of Health and Human Services
Status: Not Implemented
Comments: HHS's Health IT Standards Panel continues to work with the American Health Information Community and HITSP member organizations, including standards development organizations, government agencies, and representatives from the health care industry, to achieve consensus on standards for health IT. However, HHS has not established a mechanism for monitoring the implementation of health and public health IT standards throughout the health care industry.
Recommendation: The Secretary of Health and Human Services, in coordination with other key stakeholders--such as the Secretaries of Defense, Homeland Security, and Veterans Affairs--establish a national IT strategy for public health preparedness and response. This IT strategy should identify steps toward improving the nation's ability to use IT in support of the public health infrastructure. More specifically, it should address existing barriers and establish mechanisms for identifying and prioritizing uses of emerging technologies that are appropriate for ensuring continued improvements to the nation's ability to prepare for and respond to public health emergencies.
Agency Affected: Department of Health and Human Services
Status: Implemented
Comments: On July 21, 2004, HHS issued a framework for nationwide implementation of health IT titled "The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care." The development of strategies and goals defined in the framework was the department's first step towards establishing a national health IT strategy, which includes public health preparedness and response. HHS, through its contract to study privacy issues introduced by varying state laws and regulations, has identified barriers to information exchange introduced by these issues. The results of the work completed under the contract has identified potential solutions for overcoming these barriers. Additionally, HHS recently removed some barriers to physicians' ability to adopt health imposed by anti-kickback laws. Recent efforts by HHS's population health work group and standards harmonization panel have resulted in solutions and definition of standards to help implement new technologies that support public health activities, such as the inclusion of lab results in electronic health records and the definition of data and communication standards to reduce risks associated with implementing emerging technologies. By taking these actions, HHS has initiated steps to address barriers, such as security concerns, legal ramifications, and risks associated with implementing new IT solutions, that limit the increased use of emerging technologies.
