<DOC> [109th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:30339.wais] LEGISLATIVE PROPOSALS TO PROMOTE ELECTRONIC HEALTH RECORDS AND A SMARTER INFORMATION SYSTEM HEARING BEFORE THE SUBCOMMITTEE ON HEALTH OF THE COMMITTEE ON ENERGY AND COMMERCE HOUSE OF REPRESENTATIVES ONE HUNDRED NINTH CONGRESS SECOND SESSION MARCH 16, 2006 Serial No. 109-114 Printed for the use of the Committee on Energy and Commerce Available via the World Wide Web: http://www.access.gpo.gov/congress/house U.S. GOVERNMENT PRINTING OFFICE 30-339 WASHINGTON : 2006 _____________________________________________________________________________ For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON ENERGY AND COMMERCE JOE BARTON, Texas, Chairman RALPH M. HALL, Texas JOHN D. DINGELL, Michigan MICHAEL BILIRAKIS, Florida Ranking Member Vice Chairman HENRY A. WAXMAN, California FRED UPTON, Michigan EDWARD J. MARKEY, Massachusetts CLIFF STEARNS, Florida RICK BOUCHER, Virginia PAUL E. GILLMOR, Ohio EDOLPHUS TOWNS, New York NATHAN DEAL, Georgia FRANK PALLONE, JR., New Jersey ED WHITFIELD, Kentucky SHERROD BROWN, Ohio CHARLIE NORWOOD, Georgia BART GORDON, Tennessee BARBARA CUBIN, Wyoming BOBBY L. RUSH, Illinois JOHN SHIMKUS, Illinois ANNA G. ESHOO, California HEATHER WILSON, New Mexico BART STUPAK, Michigan JOHN B. SHADEGG, Arizona ELIOT L. ENGEL, New York CHARLES W. "CHIP" PICKERING, Mississippi ALBERT R. WYNN, Maryland Vice Chairman GENE GREEN, Texas VITO FOSSELLA, New York TED STRICKLAND, Ohio ROY BLUNT, Missouri DIANA DEGETTE, Colorado STEVE BUYER, Indiana LOIS CAPPS, California GEORGE RADANOVICH, California MIKE DOYLE, Pennsylvania CHARLES F. BASS, New Hampshire TOM ALLEN, Maine JOSEPH R. PITTS, Pennsylvania JIM DAVIS, Florida MARY BONO, California JAN SCHAKOWSKY, Illinois GREG WALDEN, Oregon HILDA L. SOLIS, California LEE TERRY, Nebraska CHARLES A. GONZALEZ, Texas MIKE FERGUSON, New Jersey JAY INSLEE, Washington MIKE ROGERS, Michigan TAMMY BALDWIN, Wisconsin C.L. "BUTCH" OTTER, Idaho MIKE ROSS, Arkansas SUE MYRICK, North Carolina JOHN SULLIVAN, Oklahoma TIM MURPHY, Pennsylvania MICHAEL C. BURGESS, Texas MARSHA BLACKBURN, Tennessee BUD ALBRIGHT, Staff Director DAVID CAVICKE, General Counsel REID P. F. STUNTZ, Minority Staff Director and Chief Counsel SUBCOMMITTEE ON HEALTH NATHAN DEAL, Georgia, Chairman RALPH M. HALL, Texas SHERROD BROWN, Ohio MICHAEL BILIRAKIS, Florida Ranking Member FRED UPTON, Michigan HENRY A. WAXMAN, California PAUL E. GILLMOR, Ohio EDOLPHUS TOWNS, New York CHARLIE NORWOOD, Georgia FRANK PALLONE, JR., New Jersey BARBARA CUBIN, Wyoming BART GORDON, Tennessee JOHN SHIMKUS, Illinois BOBBY L. RUSH, Illinois JOHN B. SHADEGG, Arizona ANNA G. ESHOO, California CHARLES W. "CHIP" PICKERING, Mississippi GENE GREEN, Texas STEVE BUYER, Indiana TED STRICKLAND, Ohio JOSEPH R. PITTS, Pennsylvania DIANA DEGETTE, Colorado MARY BONO, California LOIS CAPPS, California MIKE FERGUSON, New Jersey TOM ALLEN, Maine MIKE ROGERS, Michigan JIM DAVIS, Florida SUE MYRICK, North Carolina TAMMY BALDWIN, Wisconsin MICHAEL C. BURGESS, Texas JOHN D. DINGELL, Michigan JOE BARTON, Texas (EX OFFICIO) (EX OFFICIO) CONTENTS Page Testimony of: Nelson, Ivo, Healthcare Industry Leader, Global and Americas, IBM 17 Braithwaite, William, Chief Clinical Officer, eHealth Initiative and Foundation for eHealth Initiative 31 Mertz, Alan, President, American Clinical Laboratory Association 40 Vaughan, Bill, Senior Policy Analyst, Consumers Union 45 Newman, Mark, President and CEO, Evanston Northwestern Healthcare, on behalf of Healthcare Leadership Council 56 Pyles, James C., Attorney Member, Powers, Pyles, Sutter and Verville, P.C. 96 Detmer, Dr. Don E., President and Chief Executive Officer, American Medical Informatics Association 127 Additional material submitted for the record: Braithwaite, William, Chief Clinical Officer, eHealth Initiative and Foundation for eHealth Initiative, Response for the Record 154 Mertz, Alan, President, American Clinical Laboratory Association, Response for the Record 155 Newman, Mark, President and CEO, Evanston Northwestern Healthcare, on behalf of Healthcare Leadership Council, Response for the Record 158 Pyles, James C., Attorney Member, Powers, Pyles, Sutter and Verville, P.C., Response for the Record 161 Detmer, Dr. Don E., President and Chief Executive Officer, American Medical Informatics Association, Response for the Record 164 Blue Cross and Blue Shield Association, prepared statement of 166 Peel, Deborah C., MD, Founder, Patient Privacy Rights Foundation, prepared statement of 171 Advanced Medical Technology Association, prepared statement of 177 LEGISLATIVE PROPOSALS TO PROMOTE ELECTRONIC HEALTH RECORDS AND A SMARTER INFORMATION SYSTEM THURSDAY, MARCH 16, 2006 HOUSE OF REPRESENTATIVES, COMMITTEE ON ENERGY AND COMMERCE, SUBCOMMITTEE ON HEALTH, Washington, DC. The subcommittee met, pursuant to notice, at 10:10 a.m., in Room 2123 of the Rayburn House Office Building, Hon. Nathan Deal (chairman) presiding. Members present: Representatives Deal, Shadegg, Burgess, Barton (ex officio), Brown, Waxman, Green, Capps, Baldwin, and Gonzalez. Staff present: Chuck Clapton, Chief Health Counsel; Melissa Bartlett, Counsel; Ryan Long, Counsel; Nandan Kenkeremath, Counsel; Bill O'Brien, Legislative Analyst; David Rosenfeld, Counsel; Brandon Clark, Policy Coordinator; Chad Grant, Legislative Clerk; John Ford, Minority Counsel; Chris Knauer, Minority Investigator; Purvee Kempf, Minority Counsel Amy Hall, Minority Professional Staff Member; Bridgett Taylor; Minority Professional Staff Member; Jessica McNiece, Minority Research Assistant; and Jonathan Brater, Minority Staff Assistant. MR. DEAL. I will call the hearing to order. We are pleased to have all of you with us today, and certainly another distinguished panel for this hearing. Let me tell you at the outset that this is one of those days where we have a lot of votes on the Floor. In fact, we are going to be interrupted almost at the point we begin today with a series of about 10 votes on amendments that were debated yesterday, and we'll be on the Floor for an immediate vote this morning. We thought we would try to get started and call the committee hearing to order and maybe get in a few opening statements before we have to leave. We will try to accommodate your time constraints because you are our guests and we appreciate your presence with us today. We also have a great deal of interest in the subject matter of this hearing and in the testimony that is going to be presented. We will have several members of the full committee who are not members of our Health Subcommittee who will probably be joining us, and I invite them to join us on the dais. I would ask unanimous consent for them to be allowed to submit their written statements for the record, and without objection that is so ordered. There may come a time in the questioning stage where, depending on how long we have been going in this hearing and the availability of time, that we will address the issue of their ability to ask questions at that point in the hearing process. We would certainly at this point ask unanimous consent for those members of the full committee to be allowed to submit written questions for the record in the event time does not allow their oral questions, and without objection that is so ordered. I will now recognize myself for an opening statement. As I said, we are pleased to have such a distinguished panel of guests with us today, and I look forward to your testimony on a subject that I think is certainly at the very top of most people's concerns when we talk about healthcare reform. The use of better information technology and healthcare holds the potential not only to save lives but also money. In the creation of an electronic system to track medical records hopefully we will reduce medical errors and help eliminate inefficiencies and waste in the current system. These systems hold a potential to significantly improve healthcare by eliminating illegible handwritten prescriptions, providing immediate access to laboratory test results, and making a patient's full medical history available to their treating physician no matter where that patient may seek treatment. As many of you are aware, several bills have already been introduced in Congress to deal with this general subject matter of new technologies. These proposals reflect a broad range of ideas about what can be done to create the proper incentives to encourage more healthcare providers to acquire and use healthcare information technology. This hearing is hopefully going to be the first in a series of hearings to explain these proposals and explore what actions Congress needs to take in this area. However, we need to be cautious of dramatic legislative proposals which largely seek to regulate this budding technology area. Innovators, investors, healthcare providers, healthcare payment systems and patients will drive these changes. As a guiding principle, Congress should do nothing that would impede or limit reforms which are already transforming the market place. The President and the Health and Human Services Secretary Michael Leavitt, have both shown broad leadership in promoting this great discussion and demonstration and initial activities that hopefully will be helpful to our future. We are also seeing many hospitals, physicians, pharmacies, and payers moving forward in the implementation of this technology. We neither want to interfere with this effort nor overstate the government's role in innovations, applications, or basic investment decisions. Ultimately investments and the products, training, and activities to promote the use of structured information will happen piece by piece and not by a grand government design. We must also continue to provide patients with the assurance that their personal medical records will remain private and not be subject to inappropriate disclosures. Such protections must also balance the need to be realistic and workable so that patients can reap the benefits of better healthcare through the use of IT. The adoption of new technologies holds the potential to improve accountability and empower patients with greater access to their own medical records. At the same time, safeguards must be provided to prevent hackers and other unauthorized persons from gaining access to confidential medical records. As we move forward, let us look at the many legislative proposals to promote electronic health records of health information technology in a cautious fashion. Hopefully, we in Congress can be helpful and not unintentionally slow down or misdirect the growth in the many new innovations and applications to come. Again, I welcome our witnesses and thank you for your participation. And in the absence of Mr. Brown, I am going to recognize Mr. Waxman for an opening statement. [The prepared statement of Hon. Nathan Deal follows:] PREPARED STATEMENT OF THE HON. NATHAN DEAL, CHAIRMAN, SUBCOMMITTEE ON HEALTH <bullet> The Committee will come to order, and the Chair recognizes himself for an opening statement. <bullet> I am proud to say that we have a distinguished and expert panel of witnesses appearing before us today that will help us explore how to best increase the proper utilization of information systems in our healthcare delivery system. <bullet> The use of better information technology in healthcare holds the potential to save lives as well as money. The creation of an electronic system to track medical records will sharply reduce the number of medical errors and help eliminate inefficiencies and waste in the system. <bullet> These systems hold the potential to significantly improve healthcare by eliminating illegible handwritten prescriptions, providing immediate access to laboratory test results and making a patient's full medical history available to their treating physician no matter where that patient seeks treatment. <bullet> Several bills have been introduced with the intent of helping speed the adoption of these new technologies. <bullet> These proposals reflect a broad range of ideas about what can be done to create the proper incentives to encourage more healthcare providers to acquire and use health information technology. <bullet> This hearing is hopefully going to be the first in a series of hearings to examine these proposals and explore what actions Congress needs to take in this area. <bullet> However, we need to be cautious of dramatic legislative proposals which largely seek to regulate this budding technology area. <bullet> Innovators, investors, healthcare providers, healthcare payment systems, and patients will drive these changes. <bullet> As a guiding principle, Congress should do nothing that would impede or limit reforms which are already transforming this marketplace. <bullet> The President and the Health and Human Services Secretary Michael Leavitt have both shown broad leadership in promoting the many discussions, demonstrations, and initial activities that will be helpful for our future. <bullet> We are also seeing many hospitals, physicians, pharmacies, and payers moving forward in the implementation of this technology. <bullet> We neither want to interfere with this effort nor overstate the government's role in innovations, applications, or basic investment decisions. <bullet> Ultimately, investments in the products, training and activities to promote the use of structured information will happen piece by piece and not by a grand government design. <bullet> We must also continue to provide patients with the assurance that their personal medical records will remain private and not be subject to inappropriate disclosures. <bullet> Such protections must also balance the need to be realistic and workable so that patients can reap the benefits of better healthcare through the use of IT. <bullet> The adoption of new technologies holds the potential to improve accountability and empower patients with greater access to their own medical records. <bullet> At the same time safeguards must be provided to prevent hackers and other unauthorized persons from gaining access to confidential medical records. <bullet> As we move forward, let's look at the many legislative proposals to promote electronic health records of health information technology cautiously. <bullet> Hopefully, we in Congress can be helpful and not unintentionally slow down or misdirect the growth in the many new innovations and applications to come. <bullet> Again, I welcome our witnesses and thank them for their participation. <bullet> I now recognize my friend from Ohio, Mr. Brown, for five minutes for his opening statement. MR. WAXMAN. Thank you, Mr. Chairman. I appreciate you holding this hearing. It is an important issue. As we look forward to electronic health records and promoting smarter information systems, I want to raise the same caution that you just did. Computerized medical records pose a threat to one of the most basic privacy rights that an individual can have. Basic medical and genetic information should not be shared without meaningful informed consent, but even with consent protections against release of information, the right to be informed of any breach of privacy, the right to have access to one's own information and strong protections against the discriminatory use of the information are all critical. Further, the maintenance of State laws that protect privacy should be a bedrock principle. We cannot take such comfort in our Federal rules that we can afford to eliminate any additional protections. And, finally, I cannot help but comment on the irony that we would even contemplate limiting State protections when we have so clearly failed at the Federal level to adopt legislation that assures basic protections against discrimination on the basis of genetic information. This committee has jurisdiction in this area and it should exercise it. It is an important one to keep in mind. As we look at the positive side of it, we should also recognize that there is a potential negative side to this new computerized health world. Thank you, and I yield back the balance of my time. MR. DEAL. Mr. Shadegg, you are recognized for an opening statement. MR. SHADEGG. Thank you, Mr. Chairman, and I want to compliment you on the legislation you put in this area. I would echo the remarks you made in your opening statement. I will not make my own opening statement other than to say that while there are important gains that can be made in this area, my personal belief is we ought to also be looking at giving consumers more choice. Choice works in so many other places, and in the healthcare field we have given consumers virtually no choice. Their healthcare plan is selected by their employer in the vast majority of cases. It is handed to them from their doctor. They are told who their doctor is in any given area, and I believe we have taken them too much out of the equation. And it is critical while the gains we can make here are very important and need to be pursued, and I compliment the bill you have, we also need to be looking at advancing choice and healthcare to the greatest degree possible. With that, I yield back. MR. DEAL. I thank the gentleman. Ms. Capps, you are recognized for an opening statement. MS. CAPPS. Thank you, Mr. Chairman, and I want to thank you also. I am pleased that we are holding hearings on health information technology because I believe that facilitating better sharing of information between members of the healthcare community is a very important aspect of improving patient safety and quality of care. I am very excited to hear from our witnesses today, and I thank each of you for coming. I am excited by the prospect of eliminating unnecessary procedures and duplication of examinations or lab work that is often caused because of the inadequate filing and information transfer. I am optimistic about how utilizing health information technology has the possibility of removing many of the administrative burdens that healthcare professionals, especially nurses, must devote their time to. Thinking of the people who are carrying the burden of delivery of care within our institutions and settings and the time that is so often taken away from the patient to fill out the duplicative records, and each time that is done it makes the possibility of error creep in. As we all know, the current nursing shortage crisis is only continuing to worsen. Less time spend filling out paperwork, as I said, or combing through extensive medical histories means that nurses and other patient care providers can spend more time with their patients. That is going to mean better healthcare for patients. I am also interested in how health information technology has the potential to reduce costly, often fatal, medical errors such as adverse drug reactions, interactions. The prospects for expanding the use of current information technology extend far beyond how we treat current patients also. Finally, I am hopeful about how digitalizing records may help serve the medical research community as long as the privacy protections are maintained, and that is a big as long as. But I think the possibility exists for doing this, and I want us to explore the ways that technology can help us with the privacy protections, as well as accessing medical research which is imperative for future developments in healthcare. As we work to reap the potential benefits of health IT, we will face challenges in developing a method that is cost effective and accessible to all providers. Furthermore, while evaluating the different paths toward increasing the usage and improving the interoperability of health IT, we must remain concerned, as I said, about protecting patient privacy. As always, expanding the use of information technology systems lends itself to greater access of information in both positive and negative ways. We must ensure safeguards are in place which protects information from being accessed by the wrong parties or being used to discriminate against individuals. So I look forward to hearing from our witnesses today on how we can create a system that is beneficial to everyone involved in the provision of healthcare, keeping our bottom line to improve treatment and protect patient privacy. I yield back the balance of my time. MR. DEAL. I thank the gentlelady, and am pleased to recognize my friend, Mr. Brown, the Ranking Member of the Health Subcommittee. MR. BROWN. Thank you, Mr. Chairman. I apologize for being late and, thank the witnesses, all of you, for joining us today. We have all heard according to the Institute of Medicine report to err is human. Studies have found that deaths from medical errors range from estimates of 44,000 a year to as high as 98,000. Among the reasons cited in the report for such extremely high numbers of errors are issues like illegible writing in medical records, and the lack of coordination and communication across providers. I am pleased the committee has called this hearing today because increased use of electronic medical records is a very promising means by which to address these errors, cut down on the number of unnecessary deaths in this country, as well as improve the quality of healthcare. Electronic medical records provide the ability to coordinate care across different healthcare sites. This means your general practitioner can keep track of what treatments you are receiving from different specialists, helping to oversee your care, and make sure you get the services that you need. They can reduce healthcare administrative costs as duplicate folders of paper records are consolidated into one electronic record accessible from any computer in the office. Hospitals and doctor offices can establish support systems for their doctors to help them make the best decisions for their patients. Right at the bedside doctors can check for patient allergies and whether they have a family history of stroke, for example. According to the IOM, health information technology is a key step to improving the quality of healthcare. Finally, the electronic medical records means that records can travel with patients backed up in case of emergencies. Katrina highlighted this point clearly in the wake of the hurricane. Thousands of displaced individuals with serious medical conditions found themselves with no access to their medical records. Paper records in doctor offices were unreachable or in many cases were destroyed. Patients had no record of what medications they had been taking, what dosage, what treatments they were receiving, whether these treatments had been effective or not. Breaks in care can be deadly for individuals with conditions like some forms of cancer or HIV/AIDS that require ongoing and regular treatment. In a system of paper records stored on shelves in doctors' offices, displaced residents find themselves having to try and re- create years of medical records. In circumstances like these, electronic medical records can actually protect patients' health by allowing doctors to immediately identify healthcare needs and provide treatment in a timely manner. I do want to be clear, however, that while there are many benefits to increased implementation of health information technology we have to be very cautious about how we move forward. Over time these systems may result in savings for providers and for patients. Their development and implementation is a costly process, one that can be a heavy burden for family physicians and their practices. We should never mandate the implementation of costly technology without adequate support, particularly for small physician practices that may not have the necessary capital. Finally, there must be adequate protections for patient privacy. We have all read the stories about stolen bank records in the last few months. Imagine the cases of stolen medical records. My own State of Ohio has enacted a series of laws expressly aimed at protecting a patient's confidentiality, a patient's ability to determine with whom and how medical information is shared in a right of action in cases of inappropriate disclosure. In particular, the State has enacted laws protecting information concerning birth defects, HIV/AIDS, and genetic tests. These are important protections. The last thing we want to do is see an individual avoiding necessary and important medical care for fear of lack of confidentiality. We need to put resources in to developing standards and guidance to assist physicians and medical institutions through the process of developing electronic medical record systems. However, we have to be keenly aware of finding an appropriate balance between utilizing technology and protecting patients. I look forward to hearing from all of our witnesses about how to address these issues. Thank you, Mr. Chairman. MR. DEAL. I thank the gentleman. I recognize Dr. Burgess from Texas, a member of our subcommittee, for an opening statement. MR. BURGESS. Thank you, Mr. Chairman. I appreciate you calling this hearing today. I do have an opening statement I will submit for the record, but I would just like to make a few observations. A few years ago in a graduate level course that I took so that I would be better able to understand the business work as I practiced medicine, I learned a startling fact that the insurance industry spent between 7 and 12 percent of their budget on information technology. The average small office such as mine spent an average of 1 to 3 percent. Clearly, we could not keep up at that rate. We had an opportunity in this country with the Y2K, most people do not remember that now, but it was a big deal in the health industry for a time, and I used that opportunity to upgrade the computer services in my office over the objection of my partners because it did not return any real value. And it is going to be a process of educating physicians, particularly physicians my age, who did not grow up in the computer world to recognize what that value is. But that brings me to another point, and it is not really related to this discussion this morning but it is important in that we are faced with the prospect of continually cutting Medicare reimbursement for physicians year over year under the SGR formula. And, Mr. Chairman, we have to seriously deal with that because we are going to drive out the best and brightest physicians, and I am referring to physicians my age, the 40 to 50-year-old doctor who is going to be driven away from the Medicare system. If we are going to spend all of this money, all of this investment, in information technology, you want to keep your best and brightest involved in the field. So people have said we cannot tackle it this year. It is just too big a bite, but I submit that there is no better time than the present to do that. The Ranking Member brought up health privacy issues with HIV and birth defects. As we move into the genomic it is going to become even more critical, and we have to be able to assure people, the public, that their medical information will be private and not readily dispersible across half of the civilized world. And then finally, Mr. Chairman, I just have this observation. In the 21st Century it almost makes no sense that we still fight things the way we do here in Congress, and while I appreciate you having this hearing here this morning, to me it just underscores that there is no committee on health in the United States Congress. The jurisdiction is divvied up between several committees, and I think it is time for the Committee on Energy and Commerce to assert its rightful place and take all of that jurisdiction so we can deal with these problems without having to go through stove pipes. With that, I will yield back. MR. DEAL. I thank the gentleman. Another member from Texas, Mr. Green, is recognized for an opening statement. MR. GREEN. Thank you, Mr. Chairman, for holding a hearing on electronic health records and legislation introduced by our colleagues to facilitate further development of health information. I would like my full statement to be placed in the record, and I will just talk about two incidents recently. When we had Hurricane Katrina and Rita, Katrina in Louisiana and obviously Rita in southeast Texas and southwest Louisiana, there were a couple of events that could show how important electronic records were. As both hurricanes approached the area and everyone fled, including a lot of our healthcare providers who closed their facilities, at the time they had to figure out how they were going to store their records. The benefit of electronic records is incalculable for providers who had them in place. In Beaumont, Texas, a 19-doctor practice knew that Rita was coming and backed up their computer data with a server in a Dallas hotel room. And a week after Rita hit the practice reopened and all their data, including their patients' electronic records were there, and it reappeared as if nothing happened. The hurricanes also highlighted the need for interoperability within the EHRs. In my hometown of Houston where we received 150,000 residents from New Orleans, it was so chaotic to try to have people come in and get them rediagnosed if they did not have their medication. You did not know what dosage. But the VA stood out. If we received a veteran from Louisiana the VA medical professionals at Houston's VA medical hospital were able to access the records for these evacuees who had typically received care at the VA hospital in Louisiana. Mr. Chairman, that shows in the real world, particularly in an emergency situation disaster, how this can be done. And I think we need to do it. I know it is costly, but the further we move it along the better it will be, not only for I think the physicians who practice for the sanctity of their records along with our privacy concerns, but also for the delivery of medicine to our constituents. Thank you. MR. DEAL. I thank the gentleman. Ms. Baldwin, you are recognized for an opening statement. MS. BALDWIN. Thank you, Mr. Chairman. I am happy that we are taking this time to focus on healthcare IT. Like other Members who have spoken already this morning, I want to add my voice of support for implementation of healthcare IT. It is the healthcare topic that policy makers love to love these days. And it is easy to understand why healthcare IT is so popular. The potential for improving patient care, making better use of scarce resources, and collecting data for research is huge. Imagine the opportunities for medical collaboration that healthcare IT could provide for a rural doctor who needs to consult with a specialist who is hundreds, perhaps even thousands, of miles away or imagine the immensely powerful research data that could be de-identified and then analyzed to track the spread of Avian flu or widespread negative side effects of a popular drug. So I am encouraged that we are taking up this important topic and I hope that we will be able to have some constructive discussions on issues involving advancing healthcare IT. But I also think we need to be very up front and clear about the issues involved and the potential pitfalls. From a provider standpoint there are many barriers to the adoption of healthcare IT. These barriers may be financial, technical, cultural, or legal, and these are all worthy of serious consideration discussing only the inter-operability or the interconnectivity issue could take us hours to fully understand it, perhaps years to reach agreement on. From the patient perspective, while patients tend to have enormous potential gains from increased access to and frankly ownership of their own health records, there are also potential pitfalls, specifically surrounding how to craft a healthcare IT system that insures patient privacy protections are not sacrificed in the name of increased efficiency. Lastly, I think we need to be very cognizant of avoiding the situation where we have healthcare IT haves and have nots. Healthcare IT systems are expensive, and those who spend the money to put healthcare IT systems into place are not always the same people who benefit from these systems. So we need to keep moving forward keeping this in mind and looking for ways to bring responsible privacy protecting healthcare IT systems to all Americans. Thank you, Mr. Chairman, for holding this hearing. [Additional statement submitted for the record follow:] PREPARED STATEMENT OF THE HON JOE BARTON, CHAIRMAN, COMMITTEE ON ENERGY AND COMMERCE Thank you, Chairman Deal, for holding this important hearing. Medical records haven't changed much since doctors and paper found each other. I suppose the filing cabinet was regarded as a giant advance in technology. But masses of fragile paper stuffed into large pieces of furniture are an anachronism here at the dawn of the information age. We're here today to discuss the next great advance. Electronic health records will mean more than convenience for doctors' assistants. They will mean faster, better, less expensive care, with fewer of the medical errors that harm patients instead of help them. I want to applaud President Bush and Secretary Leavitt for their leadership on this issue. I also want to recognize the many activities at HHS and in the private sector that will help speed the adoption of health information technology. Several Members have legislative proposals to help promote electronic health records and promote smarter information systems. We will review these ideas and see if there are areas where the Federal government can be helpful. This isn't about the government deciding what's best for you, and then forcing it down the private sector's throat. The private sector will also play an important role in the development of smarter information systems. Any investment of time, resources, or money needs to provide a return on investment in health care quality and costs. When the utility is there, the investments will follow. It is very likely some elements of electronic health records will be in more standard use in the near future. I am optimistic, for example, about greater near-term adoption of e- prescribing and electronic reporting of laboratory results. Other elements may take longer. As we review our current regulatory programs, we need to make sure that regulations promote improved coordination of care. This may mean looking at things like government payment policies and Stark and Anti-kickback provisions. The government may be able to assist the private sector in encouraging the harmonization of interoperability standards. No one should, however, see this as an easy task. I look forward to hearing from today's witnesses and to try to identify legislative provisions that are clearly helpful, mindful of the appropriately limited role of the Federal government in choosing among innovations in technology. PREPARED STATEMENT OF THE HON. JOHN D. DINGELL, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF MICHIGAN Mr. Chairman, thank you for holding this hearing on Health Information Technology. Electronic medical records, electronic prescribing, decision support services, and the ability for systems to exchange information make it easier for physicians to do their job and patients to have more coordinated care. But this technology creates new challenges for keeping an individual's information private and protected from disclosure. And is it necessary to compromise other patient protections in order to encourage the use of health information technology? First, over the past week, one of the biggest security breaches occurred when pin numbers for many top banks in the world were compromised. Yet loss of money does not compare to the irreparable damage that can result from sensitive health information, such as mental illness records, HIV/AIDs status, or genetic medical histories, being compromised. In order to successfully implement electronic health records, patient concerns need to be addressed at every level. Patients are worried about the privacy and security of their health information, whether they have the right to decide to keep sensitive information out of the network, having access to their own records, and having control over how the information is used. Providers and health plans say they want to expand health information technology to get better quality care and to coordinate care for patients. But without including patients in the process of developing a national health information infrastructure and addressing their needs, we will not succeed in having a system that patients feel comfortable taking part in and using. Second, do patient protections need to be sacrificed? Representative Nancy Johnson and Subcommittee Chairman Deal have introduced a health information technology bill that creates an exemption from Federal fraud and abuse laws. This broad exemption would allow hospitals and health plans to give away free health information technology and services to physicians. Could this lead to biased decision-making by physicians about where to send patients who need hospital care? Do we really need to weaken the laws that protect vulnerable patients against abusive activities at a time when they need health care? Finally, I note that a serious commitment to health information technology means putting funding behind our proposals, making available grants, loan programs, or incentive payments through Medicare and Medicaid. Without funding, we are merely providing lip service to this very important effort. I look forward to the testimony the witnesses will present today. Thank you. PREPARED STATEMENT OF THE HON. TOM ALLEN, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF MAINE Mr. Chairman, thank you for calling this hearing today to examine the current state of health information technology. Advances in HIT has shown great promise in improving the quality of health care, lowering costs, and reducing medical errors. Maine has been at the forefront of adopting HIT. It is one of the first states to implement a statewide electronic health record- sharing system. In January 2006, the board of directors of the "Maine Health Information Network Technology System" formalized a not-for- profit organization to implement an "Interoperable Health Information Network," which is slated to be in place by 2010. This electronic medical records system will bring critical medical data to physicians and other health care providers across the state and provide immediate and universal access to key medical information. Having a state-wide electronic medical records system in place will ensure better, safer and more cost-effective care. As we focus our attention on efforts to bolster the adoption of HIT nationwide and consider specific legislative proposals, I urge my colleagues to first "do no harm." We need to ensure that current patient privacy standards are not eroded. Consumers need to know that the confidentiality and security of their medical records will be guaranteed. PREPARED STATEMENT OF THE HON. TIM MURPHY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF PENNSYLVANIA Thank you Mr. Chairman. As a psychologist, I have experienced a great deal of success in bringing people together. However, perhaps my greatest achievement was hosting a press conference when Senator Hillary Rodham Clinton (D-NY) and former Speaker Newt Gingrich (R- GA) stood side by side to save tens of thousand of lives and hundred of billions of dollars. In May of last year, Senator Clinton and former Speaker Gingrich attended a kick-off ceremony to discuss my introduction of the first health information technology (Health IT) legislation of its kind aimed at dramatically transforming the way health care is delivered in this country. The 21st Century Health Information Act (H.R. 2234) promotes the move towards secure, confidential electronic health records and interoperable regional health information networks. I was pleased to work with my colleagues including Energy and Commerce Health Subcommittee Chairman Deal (R-GA), Ways and Means Health Subcommittee Chair Nancy Johnson (R- CT) and U.S. Department of Health and Human Service Secretary Michael Leavitt on legislative proposals to ensure that our 18th century paper file system catches up with our 21st century medical care. Many of the provisions from my legislation including a Stark exemption to allow hospitals to buy this lifesaving technology for their doctors was incorporated into H.R. 4157, the Health Information Technology Promotion Act and I am proud to cosponsor this legislation before the Subcommittee today. Health IT is not computers, wires, hardware, software, and PDAs, it is fewer errors, less infections and mistakes, lower cost, better quality and a higher standard of care. It's as simple as that. Today, voluminous paper medical records are frequently scattered between multiple hospitals and doctors' offices resulting in the likelihood that important records could be lost or not retrieved when doctors need to be making informed decisions. One study found that one in seven medical records was missing vital patient information. The paper-based, often incomplete, medical record-keeping system used by most health care providers leads to redundant tests, medical errors, and misdiagnoses. All told, the RAND Corporation reported these critical errors add $162 billion in health care costs per year. Electronic medical records (EMRs) and electronic prescribing can reduce costly medical and medication errors, while quickly and securely being able to provide a patient's medical records and tests at a moments notice. It is my hope that this hearing will focus on continued concerns over protecting patient privacy, interoperable standards to avoid a 'Tower of Babel' where health systems can not speak to each other and leveraging technology to improve the efficiency, quality and safety of the health care system. Every day that we delay implementation is costing lives and money. Thank you, Mr. Chairman for allowing me to participate in today's hearing, I look forward to working with you to transform health care for the 21st Century. PREPARED STATEMENT OF THE HON. FRED UPTON, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF MICHIGAN Mr. Chairman, I am encouraged that we are taking this big step forward today to examine and evaluate what needs to be done legislatively to foster the rapid development and dissemination of health information technology, including electronic medical records, and to do this in a way that will not impede further technological advances. We've got some tough nuts to crack. Protecting patient privacy, modifying anti-kickback laws to allow the development of HIT networks, and modernizing our coding systems are just three areas that come to mind immediately. As an original cosponsor of H.R. 4157, the Health Information Technology Promotion Act, that you and Mrs., Johnson introduced, I think the bill gives us a solid starting point for progress toward a 21st Century health care delivery system-a system of efficient, coordinated, cost-effective and high-quality care. While we are second to none in the world when it comes to medical innovation, we have a system that is fragmented, vulnerable, inefficient, and fraught with preventable medical errors. We've got some catching up to do, to say the least. Perhaps nothing offers a more compelling example of the pressing need for the widespread use of electronic medical records and health information technology than the aftermath of Hurricane Katrina. Hundreds of thousands of residents were displaced from their homes, many fleeing with only the clothes on their backs, and living in shelters and temporary housing across the country. Neither the evacuees nor their new health care providers had access to their paper medical records, many of which were destroyed. At least 40 percent of evacuees were taking prescription medications before the storm, and many more needed medications after it. Because our nation's pharmacies have been in the forefront of electronic medical records and health information technology, five days into the disaster, a website, KatrinaHealth.org, was in the works, and shortly, doctors and pharmacists across the country could go online and find out what medications many of the evacuees they were seeing were taking and how that might affect any new medications they were thinking of prescribing. Meanwhile, back in the Gulf, hospital roofs were dotted with what sodden paper records may have survived, weighted down with stones, and drying out in the sun. MR. DEAL. I thank the gentlelady. And, Mr. Gonzalez, a member of the full committee, we welcome him to the dais as well. Thank you for being here. It is my pleasure now to introduce our distinguished panel, and we are just about to be interrupted with these votes but I will try to get your introductions in before that time. First of all, Mr. Ivo Nelson, Healthcare Industry Leader with IBM; Dr. William Braithwaite, who is the Chief Clinical Officer of eHealth Initiative and Foundation for eHealth Initiative; Mr. Alan Mertz, the President of American Clinical Laboratory Association; Mr. Bill Vaughan, Senior Policy Analyst at Consumers Union; Mr. Mark Neaman, President and CEO, Evanston Northwestern Healthcare; Mr. James C. Pyles, Attorney and member of a firm here in Washington, D.C.; and Dr. Don Detmer, President and Chief Executive Officer of American Medical Informatics Association in Maryland. Gentlemen, we are pleased to have you here, and how about that for timing. We will let the buzzer ring for its required period of time here, and we have five more buzzers to go and they will start in just a second. But, Mr. Nelson, we will at least try to get your opening statement in. Let us wait for these bells to ring again. Mr. Nelson, you may proceed. STATEMENTS OF IVO NELSON, HEALTHCARE INDUSTRY LEADER, GLOBAL AND AMERICAS, IBM; WILLIAM BRAITHWAITE, M.D., Ph.D., CHIEF CLINICAL OFFICER, eHEALTH INITIATIVE AND FOUNDATION FOR eHEALTH INITIATIVE; ALAN MERTZ, PRESIDENT, AMERICAN CLINICAL LABORATORY ASSOCIATION; BILL VAUGHAN, SENIOR POLICY ANALYST, CONSUMERS UNION; MARK NEAMAN, PRESIDENT AND CEO, EVANSTON NORTHWESTERN HEALTHCARE; JAMES C. PYLES, ATTORNEY MEMBER, POWERS, PYLES, SUTTER AND VERVILLE, P.C.; AND DON E. DETMER, PRESIDENT AND CHIEF EXECUTIVE OFFICER, AMERICAN MEDICAL INFORMATICS ASSOCIATION MR. NELSON. Thank you, Chairman Deal, and members of the subcommittee. My name is Ivo Nelson. I am actually here from Texas so I feel quite at home with the people that are here today. I do lead the IBM Healthcare Business Consulting Services Group. IBM appreciates this opportunity to testify in support of legislative proposals to promote electronic health records in a smarter health information system. Today, there is growing consensus that a more intelligent, innovative healthcare system is within reach through better use of information technology. The IBM Corporation is fully committed to helping a smarter health system emerge as a model of 21st Century American innovation. One of IBM's core values is creating innovation that matters to the company and to the world. Today, almost everyone agrees that dramatically improving healthcare is the innovation that matters. To that end, we are collaborating with other large employers, agencies, providers, and standards bodies to transform healthcare. Today, it is a fragmented paper-based problem. Soon it will become a highly connected system for fluid exchange of digital health information and innovative new services. As a company, we are striving to do for healthcare what the ATM system, which we helped to invent, did to launch the global infrastructure for electronic financial transactions or what the Internet browser did to catapult the Web from an academic network into the platform for innovation it is today. With respect to pending legislation proposals, IBM supports provisions that serve three objectives: drive adoption of open standards by the Federal government in private industry; commit initial seed funding and make early policy choices; and create incentives in Medicaid and Medicare to reward quality of care. These three areas are keys, we believe, to a smarter system of health. This new model of care will unlock the value of health information and help healthcare become properly organized around its core constituents, patients. Let me expand briefly on the three topics I have outlined. Standards interoperability are the front and center in a project called the Nationwide Health Information Network or NHIN. IBM is one of four companies developing prototype architectures through a contract awarded in 2005 by the Office of the National Coordinator of Health IT at the Department of Health and Human Services. The NHIN project can be thought of as a foundation for a medical Internet and digital infrastructure for healthcare. It was also structured with the ingenious requirement the four contractors must make their respective efforts interoperate with each other via open standards. The success of the Internet itself is overwhelmingly due to open standards and protocol such as HTML, XML, IP, and many others. Some healthcare standards have had long use within care settings and new standards are emerging. What is needed today is to expand the use of these standards across multiple care settings and across all of government healthcare. Federal adoption of an open standard for these core elements of medical is critical. For example, Federal agencies mandate reporting of extensive amounts of clinical information, yet do not allow information to be submitted via standardized electronic formats. I have actually attached the FDA drug adverse event reporting requirement, MEDRA, for you to take a look at. While this example is drawn from the FDA, each of the agencies has comparable examples of reporting that does not utilize health information technology built on standards. Turning to the government's role as an early funder and policy maker, history demonstrates that a new innovation often proceeds slowly at first before a catalystic inflection point causes it to accelerate. The Internet remained an obscure academic network for decades before browsers drove its explosive growth. With nearly half of healthcare spending in the U.S. originating with the government, the public sector can have a decisive role in sparking a smarter health system for all Americans. Committing initial seed funding in making early policy choices will set the stage for growth of health information exchange. The funding for Dr. Brailer's office, the national coordinator, and projects like NHIN and PHRS are good examples of catalyzing funding. Efforts to resolve privacy issues are another. IBM hopes to play a complimentary leadership role as an innovation partner for the business of healthcare and as a large employer providing healthcare to more than half a million IBMers and their families. Finally, establishing electronic health records for millions of citizens will require a range of incentives to accelerate adoption especially among physicians and providers. The benefits of a smarter health system will enable a historic shift in medicine when designed to reward outcomes and improve quality of care rather than today's fee for service model. Health IT is needed for this shift in reimbursement because it can ease the burden of measuring and reporting performance. Creating powerful incentives is necessary if we are to transform healthcare, and this committee can start by implementing pay-for-performance model in Medicaid. To summarize the three points I leave you with are the Federal government can advance a smarter health system by widely deploying standards. You can accelerate the transformation of healthcare through bold seed funding and active leadership in policy areas such as privacy. Strong incentives are needed to drive adoption of electronic health records and rewarding the quality of care in medicine, and Medicaid is one of the most powerful tools available. Mr. Chairman and members of the subcommittee, thank you for the opportunity to testify today, and I look forward to answering any questions you may have. I spend most of my time in the field with hospitals and payers so I have got a very pragmatic view, I think, of the industry we are all operating in. Thank you. [The prepared statement of Ivo Nelson follows:] PREPARED STATEMENT OF IVO NELSON, HEALTHCARE INDUSTRY LEADER, GLOBAL AND AMERICAS, IBM Chairman Deal and members of the Health Subcommittee of Energy and Commerce. My name is Ivo Nelson and and I lead IBM's Healthcare Business Consulting Services. IBM appreciates the opportunity to testify in support of legislative proposals to promote electronic health records (EHRs) in a smarter health information system. Today, there is growing consensus that a more intelligent, innovative healthcare system is within reach. Through better use of information technology, experts agree that healthcare quality can be improved and costs restrained, while protecting the privacy of patients and the security of their health data. The IBM Corporation is fully committed to helping a smarter health information system emerge as a model of 21st century American innovation. We are focusing our software, services and expertise and combination of business and technology experience to support the transformation of healthcare from its fragmented, paper-based current state into a coherent, interconnected system. The objective is to enable the fast and fluid exchange of digital health information, applications and services that will revolutionize all facets of healthcare. Healthcare is closely aligned with one of the three core values around which IBM organizes and manages our global enterprise: creating "innovation that matters, to the company and the world." Today, almost everyone agrees that dramatically improving healthcare is the innovation that matters. To that end, IBM is collaborating with other large employers, agencies, providers and standards bodies on a host of efforts to spur the transition to digital healthcare. As a company we are trying to do for healthcare what the ATM system (which IBM helped invent) did to launch a global infrastructure for electronic financial transactions, or what the Internet browser did to catapult the World Wide Web from an academic network into the platform for innovation that it functions as today. IBM supports legislative provisions that: <bullet> Drive adoption of open standards by the federal government and private industry; <bullet> Commit initial seed funding and make early policy choices that will set the stage for growth of health information exchange; and <bullet> Create incentives in Medicaid and Medicare to reward quality of care, including those that can be measured and rationalized through the use of health information technology (Health IT). These three areas - open standards, seed funding and policy commitment that catalyze change, and new incentives to reward the quality of healthcare - are the keys we believe, the keys that will open up a smarter information system for healthcare. Not only will this new model of care unlock the value of health information in a networked world, it will help healthcare evolve into a system properly organized around its core constituents-patients-and begin to make costs and quality more transparent to all. In 2004, the President launched an initiative to make electronic health records (EHRs) available to most Americans within the next 10 years. In 2005, the Senate passed legislative reforms to Medicare reimbursement and Health IT legislation that drives toward these goals. We encourage similar action by your committee and the House in 2006. Today, I would like to talk about the steps that this committee could take to improve healthcare, first through better use of open technology standards. Where possible, I will use examples of our own conduct and efforts at IBM. I. Driving Standards Adoption Achieving the vision of a nationwide health information exchange first requires interoperability: the ability for disparate health information systems to be able to talk to each other and share data in a safe and secure manner. Interoperability and standards are often mistakenly lumped together. Standards are much narrower and specify technical details. Interoperability, on the other hand, is a much broader concept that involves both atechnical and business context. The success of the Internet itself is overwhelmingly due to the implementation of open standards, protocols, languages and architectures such as HTML, XML, HTTP, PDF and many others. In fact, almost all digital dataflow today depends on an open standard for packets of digital information called IP, or Internet Protocol. Open standards have been profoundly embraced by most technology companies, as well as governments and the public sector around the world for many years, and for many reasons. Chief among them is that open standards work to ensure compatibility and interoperability that benefits all participants. Broadly speaking, standards have long proven their value in business and society in everything from measurements of weight and size to transformative technologies such as wireless networks. "Open" standards are those that are freely available to all, and are created by an open decision-making process. In our world of networked information, they speed innovation, integration and collaboration in countless dimensions, including supply chain management, consumer electronics and many forms of communications. Why is better use of standards so important? In short, better use will facilitate the easier exchange of health information, thereby helping lower costs (e.g. transaction costs), provide better information to physicians and caregivers at the point of care and improve patient safety and clinical quality. Until we have unambiguous, clinically-relevant coding of chief complaints, prescriptions, laboratory and imaging orders and results, we hobble our ability to learn from this vast corpus of information. Outcomes analysis, long-term effects, and the identification and encouragement of best practices and quality-of- care are all dependent on capturing this information at the source. Open standards are nothing less than the means to advance the industry towards richer, more evidence-based medicine and a smarter health system. In many cases, the standards have had long use within care settings and are simply being pressed into use for broader networks that extend across multiple care settings. Standards are used in all phases of patient care and cover everything from messaging and content, to measurement and communication. In some cases, these protocols have already achieved wide adoption, such as the Digital Imaging and Communications in Medicine (DICOM) format. More recently, the National Council for Prescription Drug Programs, Inc. (NCPDP) telecommunication standard was named the official format for pharmacy claims under the Health Insurance Portability and Accountability Act (HIPAA). IBM's Standards Efforts in Healthcare IBM has worked with providers, hardware and software vendors to develop and adopt standardized ways of describing health data, transmitting it to other computers, and requesting processing related to that data from other computers. As specific needs for collaboration across networks become clear, new standards are developed and adopted. For example, one of the earlier standards, DICOM, was developed so that x-rays and other medical images could be shared. IBM is a member of many key healthcare standards bodies including HL7, and was a founding member of the Eclipse Organization a leading open source community. Most recently, IBM made its entire patent portfolio available, royalty-free, to standards bodies working on open, interoperable infrastructure for healthcare and education. Integrating the Healthcare Enterprise IBM's work on building a nationwide infrastructure for clinical information exchange (the NHIN prototype) has lead it to join an initiative called Integrating the Healthcare Enterprise (IHE). Under the leadership of HIMSS and the Radiological Society of North America, IHE is an architectural framework for exchanging information across the enterprise that can incorporate established standards to allow different healthcare enterprises to use their own choice of hardware and software. In fact, our NHIN prototype is based on IHE's work, as well as the open-standards based Interoperable Healthcare Information Infrastructure (IHII) architecture developed by IBM Research. What is Still Missing: Federal Transition to Broad Standard's Adoption Federal adoption of open standards for healthcare diagnoses, treatments and other core elements of medicine is critical to tip the use of these innovation drivers from desirable to necessary. When the government has adopted standards, such as the use of International Classification of Diseases and Related Health Problems (ICD-9) system for billing purposes, its market power provides a sufficient voice to finalize consensus within healthcare. The government was a principle driver for the adoption of ICD-9, CPT/HCPCS, and DRG reporting. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> However, beyond the initiatives cited here, the broader federal government has been somewhat slow to adopt and drive electronic healthcare standards, and often requests that health information be exchanged using phone, mail, or manual means that don't advance open electronic standards and data exchange. As a result, healthcare care costs are higher and quality is lower than they would be if the federal government was more proactive about implementing electronic standards. For example, federal agencies mandate reporting of extensive amounts of clinical information, yet don't require information to be submitted via standardized electronic formats. I have attached FDA drug adverse event reporting requirement - MEDRA - and an illustration from the FDA website depicting their reporting process. http://www.fda.gov/medwatch/ While this example is drawn from the FDA, each of the agencies has comparable examples of reporting that does not utilize health information technology built on standards. Agencies need the resources, guidance and clear leadership to move away from these manual reporting systems in favor of standards-based electronic reporting. The Senate legislation includes provision to move the federal government towards standards adoption by establishing an additional requirement for standards in procurement, and requiring the option of standards based reporting to federal agencies. The provision would build on the standards identified several years ago by Secretary Thompson, while allowing further standards to be adopted as they are identified. It also allows the provider the choice of either continuing to report manually or in electronic standards. II. The Role of Initial Funding and Policy Leadership in Sparking Healthcare Transformation A smarter health system is clearly desirable - however, history demonstrates that innovation often proceeds slowly at first, before accelerating after a catalytic inflection point. The Internet, for example remained an obscure academic network for several decades before the Mosaic Web browser drove its explosive growth in the 1990s. The DVD player became the most rapidly adopted new technology only after manufacturers resolved two competing technology standards. The government's role as an early funder and policy driver is vital during the initial phase of a major innovation such as the one dawning around digitally networked healthcare. Initial funding is the seed that allows healthcare system participants to develop prototypes that translate concepts into implementations. The government also plays a key role as a consensus builder on policy issues, to the benefit of both citizens and businesses. As lessons are learned from prototypes and policy development, new business models emerge over time that can carry innovation forward. Meanwhile the nature of innovation itself is becoming more collaborative-between commercial enterprises as well as between the public and private sectors-government has a highly constructive role to play in sparking work that will unleash the ability of businesses to drive growth and productivity. A smarter healthcare system is just such entrepreneurial fire ready to be lit. Finally, with nearly half of all healthcare spending in the U.S. originating with the federal government, the public sector can have a decisively influential role in helping engender a smarter health system for all Americans. IBM hopes to play a similar leadership role, both as large employer seeking to innovate how it delivers healthcare to its workforce, and as a business and innovation partner for many parts of the healthcare ecosystem. Nationwide Health Information Network Architectural Prototypes. Funding included in President Bush's Health Information Technology Plan is an important source of prototype funding. The President has requested $116 million for his health information initiative in FY 2007. While this represents a small portion of the $5.5 billion that will be spent on health related information technology, it provides key seed money for prototypes and early learning. The importance of standards and interoperability are front and center in a several projects pertaining to development of a Nationwide Health Information Network (NHIN). As you may know, IBM is one of four companies awarded a contract to develop NHIN architectural prototypes through a contract with the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology. The four architecture prototype contractors are not building the Network, per se, but each vendor is building a prototype architecture. The goal of the Nationwide Health Information Network (NHIN) prototype is to demonstrate major concepts that build towards the ultimate goal of a smarter, more connected information infrastructure for healthcare, including the abilities: <bullet> To enable secure electronic exchange of healthcare information between and within healthcare marketplaces that allows for the gathering of necessary public health data while preserving patient privacy. <bullet> To demonstrate how various healthcare marketplaces can be part of this communications network in a manner that is cost-effective and not disruptive to their current models of doing business. These contracts complete the foundation for an interoperable, standards-based network for the secure exchange of health care information. HHS previously has awarded contracts to create processes to harmonize health information standards, develop criteria to certify and evaluate health IT products, and develop solutions to address variations in business policies and state laws that affect privacy and security practices that may pose challenges to the secure communication of health information. IBM is following several key principles in developing a prototype architecture for the developing nationwide network. These principles are the result of IBM's experience in healthcare and other sectors. They also arise from IBM's work with many broad-based organizations in this area such as the Healthcare Information & Management Systems Society (HIMSS), the eHealth Initiative, and other information technology vendors, and privacy and technical organizations with whom we collaborate with on a daily basis. The NHIN project promises to bring about a smarter health system by leveraging the expertise and market interests of the private sector. But it was also structured with an ingenious requirement: the four participating contractors, IBM included, must make their respective efforts interoperate across competing healthcare marketplaces via open standards. If the NHIN project can be thought of as the foundation of a "medical Internet" or digital infrastructure for healthcare, then the importance that the evolving nation-wide integrated system will be based on open standards is quite obvious. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> In developing this prototype architecture for the evolving nationwide network, IBM is following several key principles that are the result of our experience in healthcare and other sectors. They also arise from IBM's work with many organizations in this area such as the Healthcare Information & Management Systems Society (HIMSS), the eHealth Initiative, and other information technology vendors, as well as privacy and technical organizations with whom we collaborate on a daily basis. The NHIN project promises to bring about a smarter health system by leveraging the expertise and market interests of the private sector. But it was also structured with an ingenious requirement: the four participating contractors, IBM included, must make their respective efforts interoperate across competing healthcare marketplaces via open standards. If the NHIN project can be thought of as the foundation of a "Medical Internet" or digital infrastructure for healthcare, then the importance that the evolving nation-wide integrated system will be based on open standards is quite obvious. Through the NHIN, it is envisioned that healthcare consumers would be empowered to access their personal health records (PHRs) using the same network that allows them to share their medical records with healthcare providers that they see in other communities. IBM's architectural prototype for the NHIN system would not be a single repository of everyone's medical records, but rather an index that points to information stored at the originating provider site. IBM believes that independent healthcare consumers, providers, and communities (as well as regional health information organizations) will set the rules for who can see what information and for what information they need. Healthcare systems or RHIOs wish to retain control over their enterprise-wide data and will also set the business rules for how data will be exchanged. The NHIN will be a practical, community-centric approach to exchanging healthcare information in a secure, standardized way between healthcare communities in the United States. At the conclusion of the NHIN prototype project, HHS will have four architectural prototypes to choose from or to incorporate into the adopted NHIN architecture and a dozen communities will have developed practical experience with information sharing. IBM's prototype architecture, along with the other vendors, is part of a broader effort sponsored by the ONC including related efforts to advance the national health IT agenda. IBM continues to participate in and monitor the other ONC-sponsored efforts by The American Health Information Community, the Healthcare Information Technology Standards Panel (HITSP), Certification Commission for Health Information Technology (CCHIT), and Health Information Security and Privacy Collaboration (HISPC). The ONC awarded contracts and named inter-related groups may supersede some of the functions and activities related in other aspects of this testimony as they evolve during the coming months. Through a series of contracts, public meetings and coordination activities, these named groups are collectively addressing standards harmonization, compliance certification, processes to develop solutions that address variations in business policies and state laws that affect privacy and security practices. Personal Health Records IBM can offer several examples to the Committee of our own funding and policy initiatives that may provide some guidance for similar efforts involving Medicaid. In 2005 IBM announced that it would provide personal health records (PHRs) to its entire U. S. workforce. To protect employees' privacy, the personal health record (PHR) system available to IBMers today is managed by an outside vendor and we have instituted contractual provisions and process controls in order to prevent inappropriate access to employee-specific data. To establish their personal health record (PHR), our U.S.-based employees begin by entering basic information: medicines, allergies, major conditions, and details on their doctors and insurance coverage. Later this year, employees' personal health records (PHRs) will grow to automatically include medical and prescription drug claims history. Even this basic information has real utility today. It can be emailed or faxed to a provider-and even sent from a Web-enabled mobile device-or simply stored or printed out for easy access in an emergency or when traveling. The ultimate goal is to enable all types of electronic health information, including one's lab results, prescription histories, medical images and more to flow into the record to form a comprehensive portrait of a patient. Equipping and empowering patients with personal health records (PHRs) is only the start. Enabling such data to flow electronically to doctors, hospitals and other providers authorized by the patient will allow healthcare to become a highly interoperable and innovative - something it is far from today. Early this week, CMS also issued an RFP on personal health records (PHRs) for Medicare beneficiaries. Yesterday, IBM testified to the Federal Workforce Committee about legislation to extend interoperable Personal Health Records (PHRs) to all federal employees. This Committee has the same ability to leverage existing claims data in state Medicaid programs. IBM urges you to examine the role that our federal government can play in catalyzing interoperable personal health records (PHRs) by providing them to Medicaid beneficiaries. Just as the value of a network rises exponentially with the number of devices connected to it-the so-called network effect- the power of the personal health record (PHR) will rise dramatically the faster we can build a critical mass. What's more, with a large enough base of personal health records (PHRs), the private and public sectors will create strong incentives for physicians, hospitals, and other health system participants to begin to adopt the infrastructure for healthcare that will improve quality and reduce costs. Interoperable personal health records (PHRs) will also drive two vital changes in the nature of healthcare itself. First, they will increasingly make the patient the center-point around which healthcare organizes itself. And second, interoperable personal health records (PHRs) and their related systems will support greater transparency across healthcare, and in many dimensions, including price and quality. At IBM, the personal health records (PHRs) that we are providing to all of our employees in the U.S. are a prime example of this patient-centered approach. When an IBMer first goes to the Web site for their personal health record, they are offered a financial incentive to complete an employee health risk appraisal, develop a personal preventive care action plan and identify quality hospitals in their area. The process surveys a range of issues including exercise level, family histories and cholesterol control, if applicable. Based on the results, an IBMer can subscribe to receive expert information, articles and advice on how to reducing their risks. It identifies eligibility for additional benefits and services such as disease management and refers employees to those resources. Decision support tools for drug comparison and interactions, hospital quality and Leapfrog results (from the Leapfrog Group's performance measurement system) provide individual support for optimizing benefits quality and costs. For IBM, the risk assessment tools and the personal health records (PHRs) we provide our workforce are an investment that we recoup through improvements in employee health and the significant cost savings that result. For individual employees, the incentives we provide-to take the assessment, or track their self- paced exercise regimens -are essential to helping us capture these business benefits. Consumer Centric Healthcare To put IBM's experience with personal health records (PHRs) in some context, I would first like to describe our broader efforts on improving employee health and reducing costs. That backdrop is, in fact, how we progressed to offer personal health records (PHRs) for our employees. IBM provides health and health benefits of over 500,000 IBMers, retirees and dependents. In total, the IBM Corporation spends over $1.7 billion on healthcare each year. As a result of our consumer- centric health programs for our employees, IBMers are healthier and have lower health expenses than others in our industry. We have demonstrated that information-rich, patient-centric wellness programs aren't marginal benefits. They are very good business: <bullet> IBM's employee injury and illness rates are consistently lower than industry levels. <bullet> We have documented significant decreases in the number of health risks among IBM employees as a result of participating in our wellness initiatives. <bullet> IBM's disease management programs have demonstrated a 9%-24% reduction in emergency room visits and a 13-37% reduction in hospital admissions resulting in an overall 16% reduction in medical and pharmacy costs adjusted for medical trend over a 2 year period. With the health improvements, we have seen cost benefits -- IBM healthcare premiums are 6% lower for family coverage and 15% lower for single coverage than industry norms. Our employees benefit from these lower-cost as well -- they pay 26 to 60% less than industry norms. And IBM healthcare premiums have been growing significantly more slowly than U.S. health insurance premiums. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> Critical Areas for Initial Policy Choices: Privacy in electronic healthcare is an area of policy development with deep importance, diverse viewpoints, and great need for government leadership, both in terms of driving standards and providing catalytic early funding. According to a 2005 survey, two-thirds of all Americans report high levels of concern about the privacy of their personal health information, with ethnic and racial minorities and the chronically ill showing the greatest concern: <bullet> Is of a racial/ethnic minority: 73% <bullet> Is not of a racial/ethic minority: 52% <bullet> Has been diagnosed with a disease: 67% <bullet> Has not been diagnosed with a disease: 63% One in four consumers reports being aware of incidents where the privacy of personal information was compromised. In addition, they believe, erroneously, that paper records are more secure than electronic ones (66% vs. 58%). (California HealthCare Foundation) These attitudes about privacy are reflected in the requirements consumers believe are important for electronic health information exchange. Nine of ten consumers want a system that confirms the identity of anyone accessing it. Eight of ten want to personally review who has accessed their information, and to be asked before their information is shared. (Markle) Clearly, privacy issues, and the public's perceptions of those issues, must be addressed in order for the PHR to succeed. The HIPAA Privacy Rule has provided the bedrock for patient privacy in the U.S. and has established a baseline for privacy and security requirements for electronic health information. Many states have gone further then HIPAA to ensure patient privacy and have adopted policies that further protect patient data when stored and moved in an electronic format. These variations in policies present challenges for widespread electronic health information exchange. To assess these challenges, HHS awarded a contract devoted to privacy and security. The Health Information Security and Privacy Collaboration (HISPC), a new partnership consisting of a multi-disciplinary team of experts and the National Governor's Association (NGA), will work with approximately 40 states or territorial governments to assess and develop plans to address variations in organization-level business policies and state laws that affect privacy and security practices and pose challenges to interoperable health information exchange. Overseeing the HISPC will be RTI International, a private, nonprofit corporation who has been selected as the HHS contract recipient. While many see privacy as a potential barrier to health information exchange, most computer systems today include a variety of privacy protections. Most people are familiar with identity-based limitations - personal IDs and passwords that must be entered in order to access a system. With little effort, privacy controls can include roles as well as identity authentication so that a billing clerk or a doctor will have the appropriate level and access to a patient's personal health information. Information technology can also provide tools to monitor who accesses data, create an audit trail for changes the data, and a watermarks to deter data theft and assert ownership of pirated copies. With paper records, there is no automated way to know, for example, if someone has accessed a record inappropriately, or even removed it or copied it. We have the technology today to protect patients' but if privacy policies are unclear, or built on concepts such as "intent" that are difficult to translate into computer rules, technology will be of little help in formalizing privacy. Creating a smooth interface between privacy policy and technology will require a significant commitment of political will and resources. Here again, the government can play a pivotal role in stimulating and encouraging the development of privacy policies that will enable electronic healthcare to move forward faster. III. Creating Incentives in Medicare and Medicaid to Reward Quality Establishing a system of electronic health records (EHRs) for millions of citizens is a major societal shift, and will require a range of incentives to accelerate adoption among various constituencies. Physicians and other healthcare providers will bear the direct costs of implementing electronic health records (EHRs), as well as the indirect cost to transform their established workflow processes to take advantage of these new technologies. The current healthcare system has well-known flaws in how treatments are reimbursed. The current model rewards the volume of services and not the quality of outcomes. This paradigm results in low quality and rising costs. Those reimbursement flaws reduce the incentive for quality improvement tools such as interoperable electronic health records (EHRs). Reforms in reimbursement methodologies and additional sources of funding will have a dramatic impact on the adoption of the electronic health records (EHRs), and the multitude of systemic benefits they reap. The effectiveness of "carrots" for performance are why IBM supports incentives to providers to adopt electronic health records (EHRs) and other related health information technology applications (Computerized Patient Order Entry, e-prescribing, etc.). In fact, IBM is already implementing a "pay-for-use" incentive plan to drive the use of electronic prescriptions. In New York's Hudson Valley, where many of our employees live, we are funding a program that rewards doctors each time they use a new system for writing prescriptions electronically. Working with Dr. John Blair and Taconic Health Information Network and Community (THINC) regional health information organization, or RHIO, IBM has agreed to increase the reimbursement physicians receive if they submit prescriptions electronically. We believe that the additional reimbursement we are offering will pay for itself by reducing medication errors and increasing the use of generic drugs. We urge this Committee to examine approaches to rewarding value through the Medicaid program. This coming year, the federal government will provide over $300 billion through the Medicaid program. It makes no sense to pay all those providers the same reimbursement rates, if the quality for some greatly exceeds - or severely lags behind - that of others. But today, Medicaid is at best neutral, and at worst negative, toward quality. Medicaid pays for the delivery of a service, not for the achievement of better health. A number of pay-for-performance demonstration projects in Medicare are underway (see box, right). IBM would encourage the expansion of these pioneering efforts and application to the Medicaid program. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> Barriers & Indicators for Success: Electronic health records (EHRs) and a digital infrastructure to support them will enable a historic shift in medicine: rewarding outcomes and improved quality of care rather than simply paying for procedures in today's fee-for-service model. Health IT is invariably linked to this shift in reimbursement because it is needed to help document and measure performance. Health information technology is a key to successful pay-for- performance for two reasons. First, electronic reporting can reduce the significant burden that performance reporting places on providers. Current performance measures often involve manual chart review and manual processing by skilled professionals. Electronic reporting can reduce the performance reporting burden and ease participation by providers in pay-for-performance programs. Second, electronic reporting can align with the ongoing care process to actually improve the quality of care a patient receives, not just by documenting end results, but by alerting providers in realtime to any gaps or best practices that may have been overlooked. As a result, performance measurement carried out electronically can move from a description of quality to an operational tool that improves care. Those patients that do not receive appropriate care may be highlighted while they are interacting with providers rather than much later in reports that are submitted to reimbursers. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> Naturally, the pay-for-performance model will require the support of doctors and the medical community. Financial incentives under a pay-for-performance program must be: <bullet> Non-punitive (i.e. physicians who are unable to participate in the program should not be subject to negative updates); <bullet> Prioritized, so that physicians are rewarded for achieving improvements for the top 20 conditions identified in the Institute of Medicine's (IOM) "Crossing the Quality Chasm" report; <bullet> Considerate of the critical role of primary care physicians in achieving such improvements; and <bullet> Sufficient to offset physicians' investment in health information technology and other office redesign required to measure and report quality. We also advise that pay-for-performance programs be implemented along with reforms to change the way that physician services are valued and reimbursed, rather than grafted onto an underlying payment methodology that pays doctors for doing more, instead of doing better. Of course, one of the most important factors in making pay- for-performance a success is the size of the incentive or bonus relative to a physician's or hospital's total revenues. While no formal studies have yet clearly documented this issue, empirical data suggest that physicians will respond to incentives only if they represent 5% or more of their total revenues. In conclusion, creating powerful incentives in the federal health programs is necessary if we are to drive improvements in healthcare through the intelligent application of technology. Incentives for quality will undoubtedly lead toward better use of health information technology to improve healthcare. The information technology industry would like the opportunity to drive such a virtuous circle - incentives leading to better use of health IT which leads to improved quality and lower costs. This Committee can start by implementing the pay-for-performance model in Medicaid. Summary <bullet> The federal government can advance a smarter health system by deeply adopting and supporting open standards. <bullet> The federal government can accelerate the transformation of healthcare through judicious seed funding of prototypes and communities and active leadership in policy areas such as privacy and security. <bullet> Strong incentives are needed to drive adoption of electronic health records (EHRs), and one of the most powerful levers would be to reward the quality of care in Medicare and Medicaid via a "pay-for-performance" model. MR. DEAL. Thank you, Mr. Nelson. And I again apologize but we are going to stand in recess pending these votes. There will be ten votes, so we will probably be somewhere an hour or thereabouts before we will be able to get back, but hopefully we will have a little better attendance perhaps after those first series of votes. Thank you, and we will stand in recess. [Recess.] MR. DEAL. We will call the hearing back to order. Thank you for being patient during the break. Dr. Braithwaite, we will hear from you at this time. MR. BRAITHWAITE. Thank you, Mr. Chairman. Chairman Deal and distinguished members of the subcommittee, I am honored to be here today. My name is Bill Braithwaite, and I am testifying today on behalf of the eHealth Initiative and its foundation otherwise known as eHI. I serve as the chief medical officer of both organizations, which are independent, national, non-profit organizations whose missions are the same: to improve the quality, safety, and efficiency of health and healthcare through information and information technology. In addition to our main work with communities, we work actively with Congress and the Administration to support these goals and applaud their strong commitment. eHI looks forward to working with you on potential legislation in this area. I would like to talk a little bit about the big picture. The field of healthcare today is so vast and so complex that practicing medicine with an acceptable error rate is proving to be humanly impossible without the support of integrated information technology. The number of deaths caused by medical errors in our healthcare system every year has been estimated to be around 100,000 or higher if you include all the different aspects of healthcare. I think we would all agree that this is not acceptable. In most cases the healthcare system is at fault. We still practice medicine under the old paradigm where the doctor and the patient interact from memory to arrive at recommendations of healthcare decisions for the patient. The only way to significantly improve the quality, safety, and efficiency of our healthcare system is to bring the information system into the exam room, as it were, and to change the paradigm of clinical practice so that it routinely involves the doctor, the patient, and the computer working together to provide the best healthcare advice possible. The way to implement this new approach is through direct interaction of clinicians and patients with a Clinical Decision Support System. Such a system must be integrated into the clinical environment in a way that supports, rather than disrupts, the efficient flow of the process of healthcare. But since most of the data on which clinical decisions are made actually originate outside the exam room, the Clinical Decision Support System by itself cannot function without a way to access the sources of the clinical data, the laboratories, pharmacies, radiology centers, et cetera. This is the impetus for eHI's emphasis on interoperable health information exchange initiatives. There are three critical prerequisites for successful implementation of health information exchange initiatives: incentives for implementation; assurances about privacy and security; and full interoperability between disparate clinical information systems. Even though all three are crucial, I will restrict this testimony to interoperability, and you will hear about the others from others on the panel. There is still confusion in the healthcare industry about the meaning of the term interoperability. The definitions in my written testimony on page 5 come from an analysis of over 100 such definitions done by the international standards developing organization, HL7. Basically interoperability is the secure electronic communication of clinical data, like lab results from a computer in one institution in such a way that a computer in another institution can understand the precise meaning of what was said. In this case computer understanding means that the information could be processed by the receiving computer to reach conclusions about what advice to give to optimize patient care. The terminology used to describe clinical concepts must be standardized, controlled, and coded in enough detail to differentiate between closely related conditions that might require different treatments. For example, the synonyms were originally used to identify the condition at the local hospital. At last count, for example, there were 17 different terms used in different parts of this country that all referred to the same concept of high blood pressure. Larger categories of clinical concepts typically used for reimbursement transactions are not sufficiently detailed for this purpose. Interoperability also implies that there is a standard mechanism that all participants can use to exchange the information securely. Most of us use the World Wide Web every day and understand the power of having such a communications infrastructure available to all. Healthcare, of course, requires iron clad security as part of its infrastructure, including features not required in the standard Internet such as authentication, authorization, auditing, encryption, and digital signatures. Successful implementation of electronic health information across institutions requires specificity, standards, and conformance testing of the results, features not currently found in most of the standards available today even after up to 20 years of development because of course the standards developing organizations have been focused on something else, the exchange of information within institutions between information systems. The sometimes heard proclamation that health information exchange should wait until the standards are done is made by those who are not fully aware of the tasks involved. Enormous progress has been made in the understanding, specification, and adoption of standards so far, but standards are not static. They must evolve to meet the continuous advances in the delivery of healthcare and can never be done. On the other hand, there are some low hanging fruit that we can address. Given that the timeline for full interoperability between clinical information systems, in my opinion, is likely to be measured in decades, what can we do in the meantime to reap some of the value of the Health Information Exchanges that we can implement today? If we focus our resources on a few projects that can successfully reach interoperability in the short term, we can demonstrate immediate benefits for people who are working toward the same goal using consistent standards. If you ask clinicians what information is most important when they are seeing a patient without a medical record as they had to do after Katrina, they quickly list medication history, allergies, lab results, problem list, and interpretive reports. The patient, however, first wants to do without the need to fill out the same data multiple times on the medical clipboard at each provider that they go to. So let us start with those needs in mind and solve some of the immediate problems. The industry has already made much progress on these particular needs because the demand is there, and the efforts under the contracts issued by HHS through the Office of the National Coordinator are focusing on the same situations in the context of prototypes for a nationwide health information infrastructure. Results from these funded efforts are expected by the end of this year. In addition, the important private-public sector partnerships such as the Markle Foundation's Connecting for Health initiative, with additional support from the Robert Wood Johnson Foundation, have provided a great deal of guidance on the technical aspects and the key principles and policies for information sharing. The standard for exchanging medication history and laboratory results is already being tested, although integration with lab test ordering is still being worked on. One approach for interpretive reports, which is one of the sort of early wins that people are looking for, is an electronic standard message that contains both a human readable representation of the data, and a structured and coded form suitable for processing by a computer. Thus, those source systems that are only capable of producing the human readable form, similar to a web page, can still participate in the electronic Health Information Exchange while those systems with more capability can include the data that is fully understood by a computer program in full interoperability. This will allow a migration over time from a simple and easy to produce form of data that is still compatible with the more sophisticated forms in both directions of communication. MR. DEAL. Could I ask you to summarize for us, please? MR. BRAITHWAITE. Yes. Vendors are reluctant to spend money implementing standards without customer willingness to pay for it. Providers are reluctant to pay for such features if they cannot see immediate payback. Therefore, purchasers have to be shown that the present and future value of standards-based systems and convinced to buy them whenever feasible. In conclusion, I believe we can provide appropriate incentives to implementation, adequate assurances to providers and patients about the privacy and security of their information, and support for full interoperability of our healthcare information systems. In doing so we will have set the stage for a high quality, safe, and efficient healthcare system for all Americans in their communities. eHI will be there to help you if you can do this through legislation. I would like to thank the committee for providing me the opportunity to share these insights on behalf of eHI and its foundation. [The prepared statement of William Braithwaite follows:] PREPARED STATEMENT OF WILLIAM BRAITHWAITE, M.D., PH.D., CHIEF CLINICAL OFFICER, EHEALTH IMITATIVE AND FOUNDATION FOR EHEALTH IMITATIVE Summary Health Information Exchange (HIE) initiatives are the underpinnings for a system to improve how healthcare is practiced. Recognizing that healthcare is local, the eHealth Initiative and its Foundation are supporting multi-stakeholder HIE collaboration at the state, regional and community levels through the Connecting Communities program. Important knowledge related to every aspect of health information exchange is resulting from this work. [see http://toolkit.ehealthinitiative.org] The current paradigm of clinical practice limits our ability to avoid errors and control costs. Only with clinical decision support systems (CDSS) integrated into the routine of clinical practice can the system support better healthcare decision making. HIE is a necessary precursor to the operation of CDSS. Requirements for HIE implementation include incentives to stakeholders, assurances regarding privacy and security, and health information system interoperability. Interoperability is defined with three levels of standards required, from controlled clinical vocabularies, to standardized message structures and entity identification, to a secure communications infrastructure. However, standards are not enough for interoperability. The necessity for inter-institutional exchange of data is forcing a change in the character of standards from the traditional, flexible standards currently in use between systems in the same institution to more complete, rigorous, and tested implementation specifications integrated across standards for specific use cases. Systemic barriers to the rapid deployment of this evolution must be addressed. This process is likely to take decades before full interoperability of clinical information systems is a reality. There are some low hanging fruit that can be harvested in the near-term, however; medication history, lab results, and interpretive reports, for example. There is an existing suite of standards that addresses these areas of interoperability but most of the standards are not rigorously defined for specific use cases and are inconsistently implemented by vendors. While the HHS AHIC and ONC efforts to kick-start interoperable health information exchange is a good and positive process; it is the start of a very long road. Sustained federal leadership is crucial to achieving these goals and to promoting a smarter healthcare system over time. Introduction Chairman Deal, Congressman Brown, distinguished members of the Subcommittee, I am honored to be here today. My name is Bill Braithwaite and I am testifying today on behalf of the eHealth Initiative and its Foundation (eHI). I serve as the Chief Medical Officer of both organizations, which are independent, national, non-profit organizations whose missions are the same: to improve the quality, safety, and efficiency of health and healthcare through information and information technology. In addition to our main work with communities, we work actively with Congress and the Administration to support these goals and applaud their strong commitment. eHI looks forward to working with you on potential legislation in this area. The big picture The field of healthcare is now so vast and complex that practicing medicine with an acceptable error rate is proving to be humanly impossible without the support of integrated information technology. The number of deaths caused by medical errors in our healthcare system every year has been estimated to be 100,000 or higher. I think we would all agree; that is totally unacceptable. And in most cases it is the system that is at fault: we still practice medicine under the old paradigm where the doctor and the patient interact from memory to arrive at healthcare decisions for the patient. The only way to significantly improve the quality, safety, and efficiency of our healthcare system is to bring the information system into the exam room, as it were, and to change the paradigm of clinical practice so that it routinely involves the doctor, the patient, and the computer working together to provide the best healthcare advice possible. The way to implement this new approach is through direct interaction with a Clinical Decision Support System (CDSS). Such a system must be integrated into the clinical environment in a way that supports rather than disrupts the efficient flow of the process of healthcare. Since most of the data on which clinical decisions are made actually originate outside the exam room, the CDSS by itself is not functional without a way to access the sources of the clinical data, the labs, pharmacies, radiology centers, etc. This, then, is the impetus for eHI's emphasis on interoperable health information exchange initiatives. Of course, none of these technological innovations will be implemented unless there are sufficient incentives to get these systems incorporated into healthcare practice under a sustainable business model. The needed incentives can take many forms, including pay-for-performance programs that pay providers for higher quality care delivered, and they are discussed in detail in our paper entitled, "Parallel Pathways to Quality Healthcare". In addition, none of the required information sharing will be allowed unless there are sufficient assurances to patients and providers alike that the shared information will be private and secure. In the interest of time, I will leave these two critical prerequisites for others to discuss and refer you to the eHI website for further background material [see http://www.ehealthintitiative.org/]. Interoperability Since most data on which clinical decisions are based come from outside the exam room or other locations where clinical decisions are being made, interoperability for clinical data exchange is a basic and necessary requirement. However, in the healthcare industry there has been some confusion about the meaning of the term, 'interoperability'. The following definitions come from a meta-analysis of over 100 such definitions done by a technical committee of HL7, an international healthcare standards setting organization. Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged accurately, securely, and verifiably, when and where needed. Healthcare interoperability also assures the clear and reliable communication of meaning by providing the correct context and exact meaning of the shared information as approved by designated communities of practice. This adds value by allowing the information to be accurately linked to related information, further developed and applied by computer systems and by care providers for the real-time delivery of optimal patient care. It is important to understand all the implications of the term, 'interoperability', at different levels of abstraction from binary bits of information flowing through a wire at the bottom to the transfer of clinical knowledge at the top. At the highest levels, the context and the exact meaning of information must be preserved and made available for use. In this case, 'use' means that the information can be processed by a computer to reach conclusions about what advice to give to a clinician to optimize patient care. That means that the terminology used to describe clinical concepts must be standardized, controlled, and coded in enough detail to differentiate between closely related conditions that might require different treatments, for example. Larger categories of clinical concepts typically used for reimbursement transactions are not sufficiently detailed for this purpose. There are also a large number of clinical concepts which are referred to by different names in different geographic locations. Where locally defined terms are used in lieu of terms from a national standard controlled terminology, then mechanisms must be in place to make the translation to the national standard, a process called 'normalization', so that another location that uses its own local terms for a clinical concept can preserve the correct context and exact meaning. As simple examples that require such standardization, there are 17 different terms that represent the same concept of high blood pressure and there are 27 different potential values for the concept of sex and many different ways to encode them. At the lowest levels, interoperability implies that there is a standard mechanism that all participants can use to exchange the information securely. Most of us use the world-wide-web every day and understand the power of having such a communications infrastructure available to all. Healthcare, of course, requires such an infrastructure to include more security features than the standard internet connectivity we all use, including authentication, authorization, auditing, encryption, and digital signatures. In the middle levels are the standards for aggregating discrete data elements together into a meaningful message sent from one system to another in response to an event or 'trigger', standards for identifying the healthcare providers and the patients, and standards for a plethora of other elements that are unique and specific to the use case being implemented. Clearly, interoperability requires the consistent and rigorous integration of standards of many types and necessarily from many sources. When the only electronic information exchange being considered was that between one system and the next operated by the same institution, it was easy for the technical team(s) to discuss all the specific technical decisions that have to be made before even a well defined standard can be used in a particular business use case. Once the problem is expanded to include the exchange of information among many institutions that may not even be in the same region of the country, the required degree of specificity is sorely lacking in most of the consensus standards available today and the standards development and maintenance process is perceived to be slow and cumbersome. It is also critical, with the increasing number of participants in inter-institutional health information exchanges, that the implementations of the standards be tested be conformant to those standards. For example, HL7 standards for transmitting numeric lab results from a laboratory information system to a clinical information system or repository within an institution were some of the earliest implementations of HL7 standards. [Note that HL7 celebrated its 20th anniversary as a standards developing organization in 2006.] However, there are still implementations today where a laboratory (part of a national reference laboratory company) transmits the numeric result of a test in the comment field of a "standard" HL7 message, instead of the result field. This is accommodated in today's world by writing tailored interfaces for each data flow to bring them to a common implementation of a standard. This is expensive in the short term and untenable in the long term. The full implementation of standards requires an effective processes for, and ongoing investment in, standards development, support and maintenance, migration, and integration. A range of supporting tools need to be developed and implemented to assist organizations in migrating to standards, including implementation guides, conformance processes, and educational materials. Demonstration and implementation projects are critical to the migration toward an interoperable, electronic healthcare system, in that they test and evaluate feasibility, uncover additional barriers and workable solutions to overcome them, provide replicable practices and tools for others, confirm value for a wide range community stakeholders, and build awareness of the benefits. The sometimes heard proclamation that, "HIE should wait until the standards are done," is made by those woefully ignorant of the tasks involved. The many issues discussed above indicate the enormous progress that has been made in the understanding, specification, and adoption of standards. Standards are not static, however, and they must evolve to meet the continuous advances in the delivery of healthcare and can never be 'done'. To become and remain acceptable, the standards process requires some effort and participation by everyone concerned. Low hanging fruit Given that the timeline for full interoperability between clinical information systems is likely to be measured in decades, what can we do in the meantime to reap some of the value of the HIE that we can implement today? If you ask clinicians what the most important information is when they are seeing a patient without a medical record, they quickly iterate medication history, allergies, lab results, problem list, and interpretive reports (e.g., radiology, pathology, and operative reports that are already in electronic form through dictation). The wish list from the patient, however, starts with the data they now have to fill out multiple times on the medical clipboard. Great progress has already been made on many of these and the efforts under the contracts issued by HHS through the Office of the National Coordinator of Health Information Technology (ONC) [see http://www.hhs.gov/healthit/] are focusing on these early wins as well as prototypes for the nationwide infrastructure. Results from these funded efforts are expected by the end of this year. In addition, important public-private sector partnerships, such as the Markle Foundation's Connecting for Health initiative [see http://www.connectingforhealth.org], with additional support from the Robert Wood Johnson Foundation, have provided a great deal of guidance on the technical aspects of health information exchange as well as key principles and policies for information sharing. Although medication history is not directly involved in most ePrescribing initiatives, it is closely related and likely to evolve quickly based on existing standards as ePrescribing implementations proceed. Laboratory results are being exchanged in some environments today and standards for exchanging most types of results already exist. Full integration with lab test ordering is still being worked on. One approach for interpretive reports that looks promising is the use of a standard electronic message that contains both a human readable representation of the data and a structured and coded form suitable for processing by a computer. Thus, those source systems that are only capable of producing the human readable form (similar to a web page) can still participate in the HIE while those systems with more capability can include data that is fully understood by a computer program. This will allow a migration over time from a simple and easy to produce form of data that is still compatible with the more sophisticated forms in both directions. It should be absolutely clear from this discussion and these examples, however, that we are still many years away from the fully interoperable health information exchange environment of our vision and there are several intractable barriers to more rapid progress of which we should be aware. The business case for a vendor to incur the costs of switching to a standard is often muddled at best: short-term narrow objectives are the enemy of long-term, broad interoperability goals. Even when a vendor understands that implementing standards is good for the product, the resources to do it are not always available. Purchasers have to be informed and insist on standards-based implementations whenever feasible. Existing standards must be 'constrained' (a term of art used by standards setting organizations) into rigorous implementation guides for each particular 'use case' (another term of art). A use case is like the outline of a play that defines the goal, the actors, the roles they play, the trigger event(s) that cause them to interact, the data elements that they must exchange, etc. Given a general use case, an implementation guide will allow an implementer to program an information system in a consistent way. It may take several implementation guides based on several standards to implement a particular use case, and the combination of these is often called an 'integration profile'. There is a fairly well recognized first set of standards that are already being adopted for HIE. These include: HL7 data interchange standards, the HL7 Reference Information Model, the DICOM standard for imaging, the NCPDP SCRIPT prescription drug information standard, the LOINC vocabulary for laboratory tests, the IEEE/CEN/ISO 1073 medical device communication standard, the ASC X12 administrative transaction standard, HL7 Data Types, HL7 Clinical Document Architecture (CDA), and the HL7 Clinical Context Management Specification (CCOW). Work remains to be done in a number of other domains, including standards related to terminology (and their uniform distribution within the National Library of Medicine's Unified Medical Language System (UMLS)), clinical templates, clinical guidelines, representation of business rules, representation of decision support rules, data elements, disease registries, tool sets, security, identifiers, and the electronic health record. Conclusion In conclusion, I'd like to thank the Committee for providing me the opportunity to share my insights and expertise on behalf of eHI and its Foundation today. There is a long road ahead but it is filled with the promise of better health for all Americans in their own communities if we work together and get it right on interoperability. Nothing could be more important and eHI will be there to help every step of the way. APPENDIX A Health Information Exchange: The eHealth Initiative and Foundation's State, Regional and Community-Based Program Work Recognizing that healthcare is local-and that to stimulate change in how healthcare is delivered, one must drive change both at the national level and local levels-eHI has been focusing its efforts on supporting multi-stakeholder collaboration at the state, regional and community levels, bringing its common principles, policies and standards developed nationally to those who are delivering healthcare in markets across the U.S. This work is being conducted through the direct funding of learning laboratories at the community level and advocacy and education for additional funding to support local efforts; the building of a coalition or "community" of over 2,000 stakeholders working on health information exchange within over 250 states, regions and communities across the U.S. to share insights and effect change; and the provision of direct technical assistance to leaders within states and regions who are developing strategies and plans to facilitate HIT adoption and health information exchange. The eHealth Initiative Foundation began its Connecting Communities program in FY 2003, through the leadership and foresight of Congressman C.W. Bill Young (R-FL). Though a special appropriation administered by the Department of Health and Human Services' Office of the Secretary, and in years past by the Health Resources and Services Administration's Office of the Advancement for Telehealth (HRSA/OAT), Connecting Communities continues to provide seed funding and technical support to a set of "learning laboratories" led by multi-stakeholder collaboratives, who are experimenting with the development of models for sustainability for their health information exchange efforts. This program will yield valuable lessons learned. Learning laboratories will inform the efforts of policy-makers, and national leaders both in the public and private sectors who must take actions to clear barriers to interoperability and health information mobility. The 2006 Connecting Communities award program will provide learning laboratories for the development and implementation of sustainable business models for health information exchange and build healthcare purchaser and payer awareness of the value that health information exchange capabilities can provide in improving the quality, safety and efficiency of care to stimulate ongoing interest in supporting such activities at the state, regional and local levels. Successful awardees will have engaged the commitment of purchasers and payers representing at least 30 percent of covered lives within their markets, to participate in a pilot or implementation of an incentives program that will not only support quality goals, but also directly or indirectly, support the health information exchange capabilities which are necessary to achieve those quality goals. They will also have engaged the commitment of a large percentage of practicing clinicians--including small physician practices--who have committed to both utilizing the health information exchange capabilities, and participating in the incentives program. The Connecting Communities program is also directly aiding in a task vital to our nation in the wake of Hurricane Katrina: helping to strengthen Gulf Coast healthcare services and regional electronic health information infrastructure in Alabama, Florida, Louisiana, Mississippi, and Texas by supporting public-private sector partnerships as well as assessment, planning, operational, and communications activities related to the development of health information networks within and across the Gulf States. Prior to Hurricane Katrina, work was being conducted by the Foundation for eHealth Initiative in the Gulf Coast state of Louisiana to assist in general health information technology policy efforts. The program is also producing informative research and tools valuable to emerging health information exchanges and related policy formation. For example, the Connecting Communities Toolkit is a unique, multi-layered, one-stop resource offering structured, how-to synthesis of principles and tools designed to equip states, regions and local communities with the information and expertise to begin or advance local health information exchange initiatives and organizations. It offers insight into areas crucial to start-up and successful survival such as organizational structure, value creation, financing, practice transformation, quality, information-sharing policies, technical aspects and public policy and advocacy. Importantly, it is a distillation of cumulative knowledge resulting from working with multiple stakeholders in different communities. Communities contribute toolkit resources themselves in the spirit of sharing insights with their peers. Its release comes at a critical time as health information exchanges are coming into existence across America and seeking expert advice. Through eHI's activities on health information exchange, the organization has: become the hub of best practice development and sharing for driving transformation through health information exchange, providing a full range of tools and resources for states, regions and communities who are navigating the organizational, legal, financial, clinical and technical aspects of health information exchange. It is also actively supporting stakeholders engaged in transformation and health information exchange efforts in more than 250 states, regions and communities across the U.S. In regards to states, the eHealth Initiative has or is in the process of actively supporting 13 states across the country in developing strategies, policies, and plans for improving health and healthcare through health information technology and exchange through its State Policy Summit Initiatives. The goal of these initiatives is to help state public policy officials and key stakeholders in the healthcare and business communities develop state policy agendas and frameworks which support the rapid development and implementation of healthcare information technology and exchange. Some of the states currently being supported by eHI include Arizona, Kansas, Minnesota, New Hampshire, New York, and Ohio. MR. DEAL. Thank you. Mr. Mertz. MR. MERTZ. Thank you, Mr. Chairman. I am Alan Mertz, President of the American Clinical Laboratory Association. The ACLA represents the Nation's leading national, regional, and local laboratories. Mr. Chairman, most patients are probably familiar with our members, mostly by the boxes they see out in front of the doctor's office that are Quest Diagnostics or LabCorp. That is where the specimens are put in those boxes, and our members are the people who collect those specimens, transport them to a laboratory, do the testing overnight, and then report of those results usually back the next morning. Some times millions every day, and testing is absolutely a critical part of our healthcare system. It provides the physicians with the objective data they need to not only diagnose, but effectively treat and monitor disease. Our members also have, part of the reason we are here today, an extensive history of providing these doctors and hospitals with health information technology involved in streamlining laboratory test requisition, and also speeding the delivery of test results. Let me give you just a little bit of background about laboratory testing and how important it is to the medical record, and then I will talk about some of the legislative proposals. Laboratories and the information they provide are really the heart of the medical record. It is not well known to the layman that laboratory data actually represents 60 percent of the medical record, and while the diagnostic tests we do comprise only 1.6 percent of Medicare spending and about 5 percent of overall health spending, they influence 70 percent of clinical decision making. Not only does this information improve outcomes and decrease costs, but laboratory data is becoming an even more essential building block for assessing quality care and it is playing an increasingly critical role for quality and pay-for-performance initiatives. The laboratories, Mr. Chairman, have made a tremendous investment in connecting to physician offices and hospitals, and it sort of served as the catalyst in the evolution of health IT. Just let me give you one example of the penetration that they have had with the physician's offices. Quest Diagnostics, our largest member, has business relationships with half of the physicians and hospitals in the United States, and this is just one laboratory company. Quest Diagnostics receives 40 percent of its orders and sends 60 percent of its results via the Internet. This is a critically important and highly valued function. It is so important that since 1995 our labs have had a limited exception under the Stark law so that they can provide these electronic connections and interfaces with physician offices. This has been a fundamental capability for laboratories to render services to providers. It is a function that must be maintained in any changes that are made to Stark. Congressman Brown made a point at the beginning about the IOM report on errors and duplication cost and electronic ordering and results with laboratories. It is a critically important part of improving legibility, decreasing error rates, producing more timely results, and even monitoring duplicatation of testing. Let me talk just about three quick points about H.R. 4157. We believe it has several needed improvements. Number one, we believe that if it is enacted it would further prompt adoption of health IT. We believe that any exemption in the law for Stark for IT should be carefully crafted to guard against abuses while still allowing the diffusion of IT, and we believe it strikes that balance. We also support the legislation's Federal preemption of State laws that contradict the Stark law exceptions and anti-kickback safe harbors. Today there are several State laws that are complicated and have different requirements than the Federal Stark law, and we believe that the preemption provisions there are very important. H.R. 4157 also addresses the need for Federal preemption in State laws related to privacy. We support this provision because of the patchwork of State laws as an impediment to health information exchange. Let me give you one example. LabCorp, another large national laboratory, has been invited to participate in regional Medicare chronic care or health support pilot programs. Chairman Deal, LabCorp has been invited to participate in an effort in your own State with CIGNA HealthCare in Georgia, as well as a program operating in central Florida operated by Green Ribbon Health. These entities will offer self-care guidance and support to chronically ill Medicare beneficiaries to help them manage diabetes and chronic heart disease problems. LabCorp's role in the programs will be to transmit critical laboratory data to CIGNA and to Green Ribbon Health for those beneficiaries who voluntarily participate in the program. However, the State laws in Florida and Georgia governing the release of lab results have prevented LabCorp from transmitting these results. In essence, Florida and Georgia laws preclude providing test results to anyone other than the ordering physician, and there is no provision in the State laws that would allow even the patient to give their consent. These laws would effectively bar any transmittal, and even the patient's consent does not allow us to transmit those results. Let me conclude also with the needed provisions regarding moving from ICD-9 diagnostic codes to ICD-10. Under the Medicare program the laboratories are paid by including these ICD-9 codes on their claims to provide medical necessities. These codes are provided by the physician to the laboratory, and are subsequently attached to the claim and submitted to CMS. So we really have no control of what diagnosis codes are put into the claim, and if they are not done correctly, we are not paid. So moving to the ICD-10 we want to be very careful about doing that because it is immensely more complicated. ICD-9 provides about 13,000 diagnosis codes. Moving to the ICD-10 provides 120,000 diagnosis codes, making it much more complicated. I have attached an example to my testimony of where today there is one ICD-9 code for a sports injury, it will be replaced by something like 39 different codes, diagnosis codes included. You have to now tell whether you were struck by a baseball, golf ball, a baseball bat, and so forth, whereas you used to be able to just say this person was injured in the head by a ball. So it is much more complicated. What we are asking for here not to go ahead with this, but to give us a five-year transition period instead of two years, because of the complexity of this, and we have to train doctors as to how to do this, otherwise, we will not be paid. So in conclusion the ACLA supports the Health Information Technology Promotion Act's new anti-kickback safe harbors and Stark law exception, the bill's proposed preemption of State privacy laws like the example that I gave, and the replacement of the ICD-9 code but with a five-year transition period. Thank you, Mr. Chairman. [The prepared statement of Alan Mertz follows:] PREPARED STATEMENT OF ALAN MERTZ, PRESIDENT, AMERICAN CLINICAL LABORATORY ASSOCIATION Chairman Deal, Ranking Member Brown, and distinguished subcommittee members, thank you for the opportunity to testify today on behalf of the American Clinical Laboratory Association (ACLA) representing national, regional, and local laboratories. My name is Alan Mertz, President of ACLA, and I appreciate your interest in legislative proposals that will accelerate the widespread adoption of the electronic health record. ACLA members have an extensive history of providing the nation's hospitals and physicians with leading-edge health information technology (IT) streamlining laboratory test requisition and speeding the delivery of test results. The Health Information Technology Promotion Act of 2005 (HR 4157) proposes several needed improvements to facilitate the diffusion of health IT throughout the United States. These changes will help promote better outcomes for patients. Among the improvements are new Anti-kickback Safe Harbors and Stark Law exceptions; a study of, and subsequent authority to preempt some state privacy laws; and the replacement of ICD-9 diagnosis codes with ICD-10 codes. Laboratories play a critical role in healthcare delivery by allowing for the rapid and timely utilization of health information by providers. Laboratories and the medical information they provide are the heart of the medical record. Laboratory data represent 60% of the medical record. Diagnostic tests comprise only 5 % of total hospital costs and only 1.6% of Medicare costs, but they influence a much larger portion (as much as 60-70%) of clinical decision-making that improves care and decreases cost. Virtually every health care community (i.e. Regional Health Information Organizations or RHIOs) that is trying to develop an electronic health information infrastructure is looking to laboratories first. A recent nationwide survey by the eHealth Initiative found that, of those who have electronic health information exchange efforts under way, 60% plan to exchange laboratory information within six months to support quality, safety and efficiency goals. In a survey of hospitals, the number one IT function in the majority of hospitals today is the electronic order entry and review of results for diagnostic services. The reach of laboratories into physician offices and hospitals vis-�-vis the provision of this hardware and software has served as a 'catalyst' in the evolution of health IT. For example, Quest Diagnostics Incorporated, a member of ACLA, has business relationships with approximately half of the physicians and hospitals in the U.S. Quest Diagnostics Incorporated receives 40% of orders and sends 60% of its results via the internet. Similar means of laboratory connectivity are offered by other ACLA's other members. The federal government, quality organizations, the Medicare Payment Advisory Commission (MedPAC) and others recognize that laboratory data are the essential building block for assessing quality care and will have a critical role in pay-for-quality initiatives. Laboratories can and have been used to measure a provider's performance as a critical component of health care delivery; however, this contribution cannot be realized without incurring additional cost that must be recognized and reimbursed. In a detailed study of practice and laboratory connectivity, the eHealth Initiative recently recommended incentives that could be provided for including electronic laboratory data as part of pay-for- performance reporting. One example from the report would be to provide short term incentives, based on the volume of laboratory messages processed, up to a monthly dollar limit per clinician that would encourage implementation of interfaces. Incentives such as these can be an important driver of adoption of new technologies. By providing incentives encouraging the transmission of laboratory test requisition and results reporting, the healthcare system will actually save money through reductions in duplicative testing, better coordinated care and decreases in morbidity and mortality. Because of the value that laboratories convey in the data they transmit, they have pioneered the provision of secure, streamlined IT solutions to order and transmit laboratory tests. This is a critically important and highly valued function. So important that since 1995 laboratories have had a limited exception under the Stark Law to provide "items, devices, or supplies that are used solely to.order or communicate the results of tests or procedures for such entity." This is a fundamental capability for laboratories to render services to providers and a critically important function that must be maintained. Clinicians place a high value on being able to order laboratory services and receive laboratory results electronically because it improves legibility, decreases error rates, produces more timely results (including STAT testing), and allows the monitoring of redundant or duplicative testing. The result is improved clinical outcomes, and improved clinical care efficiency with the long-term benefit of reduced healthcare costs. We recognize physicians, hospitals and other providers routinely cite the fear of legal action/debarment from Medicare as one of the biggest deterrents towards adoption of health IT. Accordingly, HR 4157 establishes a new exemption for the provision of health IT and related training. ACLA believes this legislative proposal, if enacted, would help to address some of these concerns and prompt further adoption of the health IT; however, ACLA believes such an exemption should be crafted carefully to diffuse the technology while guarding against abuses. By doing so, providers will continue to compete on the services they are providing and not, for instance, the size of a monitor. However, in any law or regulation laboratories must be among those entities permitted to offer these items or services because of the critical role laboratories have, and continue to play in facilitating health IT adoption in the health care community. ACLA was particularly perplexed with HHS' Office of the Inspector General's recent notice on the establishment of new Stark Law exceptions and Anti-Kickback Safe Harbors which proposes to exclude laboratories from the newly created exemptions. ACLA also supports the legislation's federal preemption of state laws that contradict the Stark Law exceptions and Anti- Kickback Safe Harbors established under the bill. Today, there are several states whose 'Stark' laws are complicated and have different requirements than the federal law. Similar to the privacy issue (which I'll talk about shortly), the problem is not just that these state laws are more stringent, but that there are many different standards. The differences in these state laws fall into several categories, e.g. the scope of the exceptions to the prohibition or the scope of what is considered a 'designated health service.' By creating a federal preemption, Congress can help address the fear and confusion many providers continue to have as they contemplate adoption of various health IT solutions. Another of the much-needed changes that HR 4157 addresses is the need for federal preemption of state laws related to the security and confidentiality of health information. HR 4157 requires a study of: 1) the degree to which laws vary among the states; 2) between state laws and HIPAA; 3) how such variations adversely impact confidentiality and the electronic exchange of health information. Upon enactment, Congress will have three years to pass legislation establishing uniform federal standards and preempting state laws with regard to confidentiality and privacy. If not, then the Secretary of HHS is permitted to adopt regulations based on the results of the study. ACLA supports this provision because the patchwork of state privacy laws is an impediment to health information exchange. For example, LabCorp, a large national laboratory, has been invited to participate in two of the eight regional Medicare Health Support pilot programs (previously known as the Chronic Care Improvement Program) authorized by section 721 of the Medicare Modernization Act. Chairman Deal, LabCorp has been invited to participate in an effort with CIGNA HealthCare in your home state of Georgia as well as a program operating in central Florida being operated by Green Ribbon Health, LLC. These entities will offer self-care guidance and support to chronically ill Medicare beneficiaries to help them manage their health, adhere to their physicians' plan of care, and ensure that they seek the medical care and Medicare-covered benefits that they need. LabCorp's role in the pilot programs would be to transmit laboratory data to CIGNA HealthCare and Green Ribbon Health for those beneficiaries who voluntarily participate in the program. This information would then be used to help monitor the conditions of participants and ultimately, improve their outcomes. Unfortunately, despite the well-intended efforts of these programs, more restrictive state laws in Florida and Georgia governing the release of lab results have prevented LabCorp from transmitting these important results to Green Ribbon Health or CIGNA HealthCare until its concerns about the application of those laws to these requests have been addressed. More specifically, the Florida and Georgia laws preclude providing test results to anyone other than the ordering physician or provider (or to a person specifically authorized by the ordering physician). In this case, had there been a federal preemption of state laws we would be talking about the successes/failures of these program and not 'red tape.' HR 4157 also addresses the needed replacement of the International Classification of Diseases, 9th edition, Clinical Modification (ICD-9-CM) diagnosis and procedure billing codes with ICD-10-CM/PCS codes. ICD diagnosis codes are used by inpatient and outpatient providers for billing and reimbursement. Under the Medicare program, laboratories are paid by including ICD-9 codes on their claims to provide medical necessity. These ICD-9 codes are provided by the physician to the laboratory and are subsequently attached to a claim and submitted to CMS. Today, as many laboratories will attest, problems persist with physicians not providing the appropriate ICD-9 codes in order for laboratories to get paid. Currently, ICD-9 provides approximately 13,000 diagnosis codes. Take into account that ICD-10 provides 120,000 diagnosis codes, and one can see the potential for massive delays in reimbursement for laboratories and many other providers and thus the need for an extended phase in of the new system. To give you an example of the difference between ICD-9 and ICD-10 consider how a physician would document an accidental sports injury. Under ICD-9, a diagnosis of a sports injury caused by striking against or being struck requires a single code: E917.0, described as "Striking against or struck accidentally in sports without subsequent fall; includes kicked or stepped on during game (football, rugby), struck by hit or thrown ball, struck by hockey stick or puck. Under ICD-10, a similar diagnosis requires one of 24 codes, meaning that the physician must document the causation (see attachment). ACLA recommends that the implementation period for the transition to ICD-10 be changed from a two-year phase in period to a five-year period. Doing so would provide adequate time to reprogram all health care providers' and payers' computer systems to accommodate the new, longer ICD-10 codes. In addition, considerable time and expense will also have to be spent on client education and testing of the new systems. During this 'transition period' it should be permissible for providers to bill using either the ICD-9 or ICD-10 standards. In conclusion, ACLA supports the Health Information Technology Promotion Act's new Anti-kickback Safe Harbors and Stark Law exceptions, the bill's proposed preemption of some state privacy laws, and a replacement of the ICD-9 with ICD-10 with a five-year transition period. I'd like to end on this note. It has been said that every effort in the health care public policy arena aims to improve three different aspects of health care: better, faster, and cheaper. Nothing to date has been able to meet all three objectives - some systems provide two of the three but always at the expense of the third. I believe health IT is the answer. Health IT will make health care better by improving outcomes; faster, by facilitating not only the delivery of information but the coordination of care; and cheaper, by reducing the costs of doing business, be it a reduction in duplicative testing or by saving precious time previously spent on data entry. Mr. Chairman, thank you for the opportunity to share ACLA's perspective on ways to promote electronic health records and a smarter health information system. We are ready to work with you on this important and vital legislation. If you have questions or need any additional information, please do not hesitate to contact us. MR. DEAL. Thank you. Mr. Vaughan. MR. VAUGHAN. Mr. Chairman, members of the committee, thank you for inviting us today. Consumers Union is the independent, non-profit publisher of Consumer Reports, and we do not just test toasters, we work on health issues, and had a large article on this topic in the March issue. We strongly support the movement toward electronic health records as a way to improve quality and moderate health costs. But we believe that the American public will not fully support or fully use or fully benefit from the great potential of such systems unless more is done soon to ensure the privacy of medical information. As IBM's testimony just said, the privacy issues and the public's perceptions of those issues must be addressed in order for personal health records to succeed. Patients need meaningful control over their medical records, the right to keep their records private, and they should not be forced to give up privacy as a condition of treatment. We talk of consumer-directed healthcare, an ownership society, and personal empowerment. Mr. Shadegg was talking about choice. The right to privacy is the heart of all of that. There must be a strong enforcement of privacy laws, and if privacy is violated, people should be notified of that breach and given a private right of action, as Georgia is one of the States that allows that. The State should have the right to enact privacy laws above and beyond HIPAA's terribly minimalist provisions in our opinion. Dr. Detmer's testimony has a neat point about how complex that could be, particularly if you look at Virginia, Maryland, and D.C. How would a computer keep track of all that? But rather than coming down to the Federal level, could we work with the governors and the State legislators to say what did the States feel they needed to do and see if there was a model law that we could come up to rather than come down. Privacy needs to be strengthened, not weakened, and we urge you to oppose legislation that would preempt stronger State laws or let HHS bureaucrats weaken the Fourth Amendment. As we like to say, one size does not fit all, and this is the way we look at that. Attached are a set of consumer privacy principles on my statement that we hope you might look at as you consider legislation. Assuming we can get true privacy, we would like to see quick dissemination of good systems. We recommend, however, against making broad exceptions to the anti-kickback and physician referral laws for donations. Given the Federal budget situation, it is very understandable if people would look for a sort of free way to promote dissemination, like suspending these anti-fraud laws. We believe, however, that such action would have a very limited impact on the adoption of IT and would not be always good for consumers. This approach may not be free. It may have a cost. Basically there are no free lunches in life. I would bet you that Adam Smith would say most businesses do not give away something of value to another business unless they expect a return on the investment. When a hospital system offers an IT package to doctors, it hopes the ease of communication between them and the goodwill generated by the gift will encourage referrals, regardless of whether that facility is the best quality or value facility for the patient. There is a parallel example in an area we know that causes higher and more costly utilization. Why do pharmaceutical companies give away free drug samples? It is because in our culture the act of giving a gift, even a trinket, conveys a psychological sense of obligation, I owe you one. That is human nature. In the case of free drugs, it leads to higher utilization and high costs products. So please be skeptical. Companies, many for profit, who spend 98 percent of the year telling Congress they are not paid enough by Medicare and Medicaid, they are all going broke, they have found some money that they now want to donate to a bunch of small businessmen making about $160,000 a year, who are very smart businessmen, but have not been smart enough to realize they need to move to IT. It is kind of strange. I think it would increase care coordination under the right situation, but please be careful in how you draft this. We think there are better ways to encourage more adoption of IT that do not weaken the anti-fraud laws. For example, you might explore with CBO whether, as you fix the Medicare doctor payment system in a budget neutral, time-limited way you could voluntarily encourage physicians to install certified IT by adjusting the practice expense payment and then collect it back at the end of the five-year cycle. It might be tough but worth talking to CBO about. Representative Murphy's bill kind of gets into that a little bit in section 8. In conclusion, these anti-fraud laws are very delicate things, and we hope you will be careful, as I know you will be. Thank you, sir. [The prepared statement of Bill Vaughan follows:] PREPARED STATEMENT OF BILL VAUGHAN, SENIOR POLICY ANALYST, CONSUMER'S UNION Mr. Chairman, Members of the Committee: Thank you for inviting us to testify today. Consumers Union is the independent, non-profit publisher of Consumer Reports, and we work on a wide range of health issues, including prescription drug safety and effectiveness, health insurance and health care costs. The Potential We strongly support the movement toward electronic systems of health records (EHR) and information exchange. By harnessing the power of modern information technology systems we can improve the quality of American health care and moderate health costs by: <bullet> reducing errors, <bullet> eliminating service duplication, <bullet> promoting pay-for-performance, and <bullet> providing the data necessary to evaluate the true comparative effectiveness of various treatments and drugs. As just one example of the tremendous improvements in quality and cost savings that are possible, Consumers Union has been conducting a national campaign to promote the disclosure of hospital infection rates (www.StopHospitalInfections.org). Each year, there are about 2 million patients who acquire infections in hospitals, and about 90,000 die. The increased cost to the health care sector is in the tens of billions of dollars. We have been working at the state level to pass laws to require hospitals to report their rate of infection in the belief that public disclosure will prompt hospitals to adopt effective methods to reduce their infection rates. Electronic medical records technology and the public disclosure of more types of de-identified patient care data will make it easier for consumers to reward those who provide quality. The Critical Need to Ensure Privacy While there can be important public and private benefits of creating an effective electronic medical records system, we believe (and polls demonstrate ) that the American public will not support, fully use, or benefit from the great potential of such systems unless more is done-now--to ensure the privacy, security, and appropriate use of medical information. This requires enabling patients to decide when, with whom, and to what extent their medical information is shared. As Dr. David Brailer, head of the Office of the National Coordinator for Health Information Technology, responded March 3 to a letter (see Attachment #1) from consumer groups, "we will achieve our goal of widespread [EHR] adoption only if patients are confident that their health information is private and secure." Today, it is not private or secure. This concern should especially resonate with public officials such as you, who are so subject to prying eyes and gossiping tongues. I think we all have to admit that there is no hack-proof database or system. Once our medical data is moving electronically, it is subject to threats from hackers, identity thieves and others. That is simply a fact of life, re-confirmed almost daily by new stories of financial and medical record data violations. Beyond the likely scenarios of security breaches, the value of electronic health information is such that many organizations will want to exploit secondary data sources for private financial gain, rarely (if ever) with patient knowledge, let alone consent. So what can we do to minimize concerns and improve privacy in electronic health records? The American public needs to be given meaningful control over their medical records. That means they must have a right to keep their records private and that they cannot be forced to give up control of their most private medical information as a condition of treatment. The penalties for violations of privacy are inadequate and have major gaps. There must be strong enforcement of privacy and security laws, and if a person's privacy is compromised or violated, they should be notified of that breach and have a private right of action. The States should have the right to enact privacy laws above and beyond HIPAA's absolutely minimal provisions and that right must not be pre-empted. Privacy needs to be strengthened, not weakened, and we urge you to oppose legislation that would pre- empt stronger State laws or delegate to the Secretary of HHS authority to pre-empt such laws. These State laws offer extra protection and peace of mind to patients with mental health, STD, cancer and other treatment issues. As 30 organizations in the Mental Health Liaison Group wrote Congress on November 15, 2005, adding improved privacy protections to proposed EHR bills is essential in the mental health sector. Some will say that it is too complex or too expensive to allow people to control their medical information. But that's why computers are so wonderful! They can be designed to deal with huge numbers of variables-like 50 state laws-- and to create special files where certain data (such as a mental health record) is only available to a designated provider on a "need to know basis." If we do not meaningfully address the privacy issue, polls show the public will not trust this system, many will go to a medical underground 'off-the-books' , and we will just increase public cynicism about big government and big business controlling our lives. In an age when the talk is of consumer driven health care, and ownership, and empowerment, forcing people to share their most secret personal medical information is not the path to take. Attached are a set of consumer principles that was developed under the leadership of the National Partnership for Women & Families and that Consumers Union, AARP, and seventeen other groups are supporting. We urge you to include these principles in whatever legislation you may develop. Oppose Incentives to Promote Technology Give-Aways that may Distort Health Care Delivery Assuming true privacy and increased security, we all would like to promote the fastest possible movement to EHRs and a 'networked' health care system so as to benefit from the quality and cost savings potentials. We recommend, however, against making blanket exceptions to the anti-kickback and physician referral laws for donations of EHR systems. Given the Federal budget situation, it is understandable that some are attracted by the idea that such blanket exceptions might be a 'free' ways to promote EHR technology dissemination. We believe, however, that such action would have a very limited impact on the adoption of EHR systems and would not be good for consumers. This approach is not free-it has a cost, as we describe below. Most businesses don't give away something of value to another businessperson unless they expect a return on the investment. When a hospital system offers an IT package to a non-affiliated physician group, it hopes the ease of communication between them (and the goodwill generated by the gift) will encourage referrals to its facilities, regardless of whether that facility is the best quality or value facility for the patient. There is a parallel example in an area we know causes higher and more costly utilization: Why do pharmaceutical companies give free drug samples (and pens and pads of paper, etc., etc.) to doctors? Because in our society and culture, the act of giving a gift, even a trinket, conveys a psychological sense of obligation-"I owe you one." That is human nature. In the case of 'free' drugs, it leads to increased utilization of high cost products. That is what the anti-kickback and physician referral rules tried to deal with: the act of giving something of value creates "ties" that cause referrals and utilization to go up, without regard to need, cost, or quality. It is worth spending a minute more on the 'free' drug example. There has been a great deal of concern about the way drugs are promoted and the impact that has on costs and quality of care. The January 25, 2006 issue of JAMA (Vol. 295, No. 4, p. 429ff) carried an article by some of America's most distinguished physicians entitled, "Health Industry Practices That Create Conflicts of Interest: A Policy Proposal for Academic Medical Centers," that calls on the nation's teaching hospitals to lead an ethical revolution and reject all industry gifts, since those gifts distort the practice and integrity of medicine. As the doctors wrote: Social science research demonstrates that the impulse to reciprocate for even small gifts is a powerful influence on people's behavior. Individuals receiving gifts are often unable to remain objective: they reweigh information and choices in light of the gift. So too, those people who give or accept gifts with no explicit "strings attached" still carry an expectation of some kind of reciprocity. Indeed, researchers suggest that the expectation of reciprocity may be the primary motive for gift- giving. Researchers have specifically studied industry gifts to physicians. Receiving gifts is associated with positive physician attitudes toward pharmaceutical representatives. Physicians who request additions to hospital drug formularies are far more likely to have accepted free meals or travel funds from drug manufacturers. The rate of drug prescriptions by physicians increases substantially after they see sales representatives, attend company-supported symposia, or accept samples. The systematic review of the medical literature on gifting by Wazana found that an overwhelming majority of interactions had negative results on clinical care. If medical practice is distorted by the relatively small value of drug company gifts, imagine the consequences of large EHR technology "gifts"! What if Congress proposed (though it would not take a law) that companies and providers could give money or equipment to a truly neutral charity in an area (for example, the Red Cross, the American Public Health Association, a State Medicaid Agency) that would then distribute the gift on some basis of need and there would be no tie between the donor and the recipient? I think most potential donors would find lots of reasons why that wouldn't work. And that should tell you everything: the donor wants a "tie" with the recipient that will result in goodwill and increased referrals. For consumers, the problem is that the "tie" and resulting increased referrals may not be the best for the patient because the donor may not be the best or lowest-cost provider in an area. And donors who have the resources to give may just increase their economic dominance in an area, thus reducing future competition and driving up costs. Look for real solutions to speeding dissemination of IT There are better ways to encourage more adoption of EHRs. Once progress is made on technology and process standards and there is more agreement on the best hardware and software paths, Congress may want to promote the dissemination of such technology and pay for it in a way that does not distort practice patterns. You might explore with CBO whether, as you try to fix the Medicare physician payment system (SGR), a budget neutral, time-limited way to encourage physician installation of certified EHR could be possible. For example, would CBO score as neutral a system where on a voluntary basis, a physician could greatly increase their practice expense payments for several years so they could more easily finance the installation of a 'certified' EHR system. Then in the next several years they would repay that 'advanced' amount through reduced practice expense payments, on the grounds that the installation of the equipment will reduce paperwork and clerical practice expense in future years. Another encouragement to take advantage of this opportunity would be a requirement that by a date certain all Medicare-Medicaid EHRs would have to be through certified systems. Congress could also help providers in the future by using the certification process to obtain a discount price for EHR hardware and software. In summary, we urge you to consider alternatives to encouraging the dissemination of this new generation of equipment in ways that do not weaken the nation's anti-fraud laws. If Congress feels compelled to proceed with anti-kickback and anti-referral law changes, we urge you to consider limited exceptions based on modifications to the Administration's October 2005 proposed regulations. These draft regulations would permit exceptions-but not blanket exemptions--to the anti-kickback and physician referral laws for EHR donations. Consumers Union, the National Partnership for Women & Families, and five other national organizations filed formal comments expressing serious concern about the exceptions and urging major changes (see attachment #2). For example, we recommend changing the regulations to: --delay the effective date of the exceptions until the product certification process for ambulatory care that the Administration is now aggressively supporting is in place (otherwise you encourage donations that may lead to technological dead-ends and wasted time and effort-e.g., Beta v. VHS competing donations); --limit the exception to donations to physicians or clinics that provide a certain level of uncompensated charity care or serve a significant number of Medicaid patients; or if that is not possible, require donors to offer the technology to all (their) physicians, not just those who provide high volumes of profitable business; --sunset the exemptions; --require recipients to copay a portion of the cost: totally free equipment is likely to sit in the closet. The equipment needs to be something that the recipient wants enough to put some of his own resources into. Thank you all for your time and attention. Attachment #1 Health Information Technology - Consumer Principles March 2006 An interoperable system of electronic health information holds many potential benefits for consumers, including: better coordination of health care regardless of patient location, higher quality and more efficient care, increased system transparency, and patient access to information about providers that allows them to make better decisions. At the same time, such a system raises serious concerns among consumers about personal privacy, data security, and the potential misuse of their information. And while an interoperable system of electronic health information holds great promise, the many possible benefits will not be realized unless appropriate policy measures are established up front. Consumer protections and potential benefits from health information technology (HIT) should not be left to chance. The success of efforts to promote widespread adoption of HIT, including electronic connectivity and data exchange across health care institutions, ultimately will depend on the willingness of consumers to accept the technology. Given the pervasive concerns expressed by the public about unauthorized disclosure and use of their health information, it is critical to build a foundation of public trust. To that end, as efforts move forward to develop networks for the electronic exchange of information between institutions, there must be a clear, deliberate, and open forum for addressing and setting matters of policy. As organizations representing a broad and diverse set of consumer interests, we believe that the following set of principles should underpin such efforts. Principles Individuals should be able to access their personally identifiable health information conveniently and affordably. <bullet> Individuals should have a means of direct, secure access to their electronic health information that does not require physician or institutional mediation. <bullet> Individuals should have access to all electronic records pertaining to themselves (except in cases of danger to the patient or another person). <bullet> Individuals should be able to supplement, request correction of, and share their personally identifiable health information without unreasonable fees or burdensome processes. Individuals should know how their personally identifiable health information may be used and who has access to it. <bullet> Individuals should receive easily understood information identifying the types of entities with access to their personal health information and all the ways it may be used or shared. The explanation should include any sharing for purposes other than the immediate care of the individual, and should explicitly identify intentions for data use such as public health protection, quality improvement, prevention of medical errors, medical research or commercial purposes. <bullet> Access to personal health information must be limited to authorized individuals or entities. <bullet> Tracking and audit trail systems should be in place that permit individuals to review which entities have entered, accessed, modified and/or transmitted any of their personally identifiable health information. Individuals should have control over whether and how their personally identifiable health information is shared. <bullet> Individuals should be able to opt out of having their personally identifiable health information - in whole or in part - shared across an electronic health information network. <bullet> Individuals should be able to limit the extent to which their health information (with or without personal identifiers) is made available for commercial purposes. <bullet> Individuals should be able to designate someone else, such as a family member, caregiver or legal guardian, to have access to and exercise control over how records are shared, and also should be able to rescind this designation. Systems for electronic health data exchange must protect the integrity, security, privacy and confidentiality of an individual's information. <bullet> Personally identifiable health information should be protected by reasonable safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. These safeguards must be developed at the front end and must follow the information as it is accessed or transferred. <bullet> Individuals should be notified in a timely manner if their personally identifiable health information is subject to a security breach or privacy violation. <bullet> Meaningful legal and financial remedies should exist to address any security breaches or privacy violations. <bullet> Federal privacy standards that restrict the use and disclosure of personally identifiable health information should apply to all entities engaged in health information exchanges. The governance and administration of electronic health information networks should be transparent, and publicly accountable. <bullet> Independent bodies, accountable to the public, should oversee electronic health information sharing. <bullet> Consumers should have equal footing with other stakeholders. Recognizing the potential of electronic patient data to support quality measurement, provider and institutional performance assessment, relative effectiveness and outcomes research, prescription drug monitoring, patient safety, public health, informed decisionmaking by patients and other public interest objectives, systems should be designed to fully leverage that potential, while protecting patient privacy. Implementation of any regional or national electronic health information network should be accompanied by a significant consumer education program so that people understand how the network will operate, what information will and will not be available on the network, the value of the network, its privacy and security protections, how to participate in it, and the rights, benefits and remedies afforded to them. These efforts should include outreach to those without health insurance coverage. AARP AFL-CIO American Federation of State, County and Municipal Employees American Federation of Teachers Center for Medical Consumers Communications Workers of America Consumers Union Department for Professional Employees, AFL-CIO Childbirth Connection Health Care for All Health Privacy Project International Association of Machinists and Aerospace Workers International Union, United Auto Workers March of Dimes National Coalition for Cancer Survivorship National Consumers League National Partnership for Women & Families Service Employees International Union Title II Community AIDS National Network United Steelworkers International Union (USW) Attachment #2 Comments of Groups on HHS Proposed Regulations on anti- kickback and physician referral Comments on Office of the Inspector General Proposed Rule OIG-405-P As organizations representing a wide range of consumer interests, we are pleased to have the opportunity to comment on the proposed rule OIG-405-P that would add a new paragraph (x) to the existing safe harbor regulations at 42 CFR 1001.952. The proposed safe harbor would protect donation of specific items and services for prescribing drugs electronically. The preamble to the regulations also describes the scope of two planned additional safe harbors for electronic health records software and directly-related training services, but the Office has not proposed actual regulatory language for such a safe harbor. We recognize the potential of health information technology (HIT) to improve health care quality. Furthermore, we support efforts by the Department to promote the use of HIT by physicians and other health care providers, and are encouraged by the prospect of reduced errors and higher quality if e-prescribing is implemented. Below are our comments on the proposed safe harbor. Pre-interoperability Electronic Health Records Safe Harbor The Office is considering the creation of a safe harbor for donations of electronic health record technology made prior to the adoption of product certification criteria by the Secretary. We oppose this provision and recommend it not be included in the final regulations. The Department is moving aggressively to put product certification criteria for ambulatory care in place in 2006. Promoting investment in this technology before DHHS adopts those criteria may seriously impede reaching the goal of a common platform - a goal which is part of the rationale for making this safe harbor. Furthermore, allowing the safe harbor to be in effect prior to certification could encourage providers and manufacturers to press for delay in adoption of the certification standards in order to avoid having to make new investments or to retain the market advantages they have created by installing their systems in physician offices. Post-interoperability Electronic Health Records Safe Harbor In a parallel proposed rule, CMS-1303-P, the Department has included the actual text of a proposed regulation to provide an exception to the Stark statute for donations of electronic health records software if the donation is made after the product certification criteria are adopted and if the software is compliant with the certification requirements. We support the intent of this exception but have some concerns about some of the text; we have outlined our concerns in comments filed today on CMS-1303-P. The Office has asked for comments on its plans for a similar safe harbor, described in section II.B.2 of proposed OIG-405-P. Our comments on the potential safe harbor are similar to those expressed with regard to the Stark exception. For convenience, our views are set forth below in the context of the proposed CMS Stark exception text. Subsection 411.357(x)(4) [of CMS 1303-P] requires that neither the selection of the physician nor the amount or nature of the items and services donated can turn on the volume or value of referrals or other business generated between donor and recipient. The section then enumerates six specific criteria that a donor might use that would be deemed compliant with the exception requirements: 1) total volume of prescriptions the recipient writes; 2) size of the medical practice; 3) number of hours the physician practices medicine; 4) extent of use of automated technology in the recipient's medical practice; 5) if the donor is a hospital, whether the physician is on its staff; or 6) another method that "is based on any reasonable and verifiable manner that is not directly related to the volume or value of referrals or other business generated between the parties." This section is the heart of the proposed rule. The widespread adoption of EHR and EP technology can bring great benefits to patients, providers and insurers. Health information technology can help reduce medical errors, encourage patient activation and adherence to recommended regimens, and provide tools to evaluate clinical effectiveness, population health status, and the quality of medical care. The drive to promote the wider use of EHR and EP technology should not, however, trump the consumer protection or program integrity brought by the antifraud and abuse prohibitions. Donors should not be allowed to selectively fund physicians based on the volume of their prescribing, size of practice, or whether they are likely to be high users of technology since these could be proxies for the generation of referrals and revenue. We therefore recommend the following changes: --Eliminate item #6, above. It is too open-ended and subjective and could become a major loophole. --Our preference would be to require that donors offer the technology to all their physicians. In the case of hospitals that would be all physicians with privileges; for MCOs, all physicians in the MCO network; for group practices, all physicians in the group. In the case of an MCO, where it might be impractical to include all network participants, donors could be permitted to give priority to those physicians or clinics that have a certain percentage of their patients in the MCO. Similarly, for hospitals the alternative might be all physicians with privileges of a general category such as: a) practice privileges, or b) admitting privileges. --Add a new exception that permits the donation to a physician or clinic that provides a certain level of uncompensated charity care or a combination of charity care and Medicaid patients. It is these providers - the community clinics, solo practitioners in rural communities or medically underserved areas - who are least likely to have the resources to make the health information technology investments on their own. In the preamble to the proposed regulations the Department asks for comments on a cap on the value of the EHR donation, either a maximum percentage of the value of the technology (which would require the physician to share the costs) or the lower of a fixed dollar amount or the percentage of value. We believe it would be hard to use a fixed dollar amount cap. The cost of technology will change over time and vary depending on the nature of the system. A cap on the percentage of the value of the technology being donated appears to be the more viable option. The physicians or clinics with high Medicaid and/or charity care caseloads should be exempted from cost-sharing. Subsection 417.357(x)(9). This subsection requires that any donated EHR software contain electronic prescribing capability that complies with the electronic prescription drug program standards under Medicare Part D at the time the items and services are furnished. In the preamble the Department states that it "wants to ensure that integrated packages that could positively impact patient care are not excluded from the postinteroperability exception." We support the development of software in ways that promote avoidance of medical errors, improve quality of care, and/or enhance public health preparedness. It would be desirable that, as the Secretary adopts additional standards for EP, and for EMR systems, any donations qualifying for this exemption also have to comply with those standards without the necessity that the Department amend these regulations. We suggest the Department consider that possibility in shaping the final regulations. Sunset section 411.357(x) entirely at a designated date. The rationale for allowing an exception to antifraud prohibitions decreases with the passage of time. Physicians may not purchase EHR technology now, but in the future having such technology will be a standard and necessary part of medical practice. At that point there will be no need for third parties to donate such technology. Furthermore, if interoperability becomes the norm, incompatibility across a network of providers ceases to be an issue. We therefore strongly urge that this entire section authorizing the Stark law exception for EHR be eliminated not later than five years from the date of publication of the final regulations. Alternatively, the sunset date could be delayed for up to two additional years if the Secretary makes an administrative finding that there is still a need for the exception to promote adoption of EHR technology. While we support some limited exceptions to the physician self-referral prohibition, and the creation of additional safe harbors under the Anti-Kickback statute, for donations of EP and EHR technology, we believe these exceptions will have only a modest impact on the expansion of their use. Of much more importance are the standards harmonization and product certification efforts the Department already has underway. Equally important will be direct funding of loans and grants to states and providers and financial incentives for the adoption of HIT being incorporated in federally supported health care programs, including Medicare, Medicaid, FEHBP, TriCare, and SCHIP. Thank you for considering our comments. National Partnership for Women & Families AFL-CIO American Federation of State, Federal and Municipal Employees Consumers Union Department for Professional Employees, AFL-CIO National Consumers League Service Employees International Union MR. DEAL. Thank you. Mr. Neaman. MR. NEAMAN. Chairman Deal and members of the subcommittee, good afternoon. On behalf of the Healthcare Leadership Council, thank you for the opportunity to testify before you this afternoon on the importance of health information technology and some of the important steps that need to be taken to create a national health information network. I am here this afternoon wearing two hats, first as the Chairman of the Healthcare Leadership Council, a coalition of many of the Nation's leading healthcare companies and organizations. The HLC has a longstanding interest in this issue and shares the President's and this Congress' commitment to achieving widespread adoption of health information technology. I am also here today speaking as the President and Chief Executive Officer of Evanston Northwestern Healthcare, a large academic medical center in northern Illinois comprised of three hospitals, a 500-physician multi-specialty group practice, and a medical research institute that has over $100 million of NIH grants. At our organization the dream of electronic medical records is no longer a dream. It is a reality across all three of our hospitals and over 70 of our doctor offices and clinics. We have had a full electronic medical record up and running for over two years, and I can tell you that it is powerful and transformational and really makes a difference in the quality of care and the reduction of medical errors, improvement of life for our nurses and our pharmacists and our staff, and improving the efficiency for all consumers. In 2003 we launched the EPIC comprehensive electronic medical records system that indeed provides all of our hospitals and physicians with a single, legible, unified source of clinical information. The healthcare professionals at Evanston can tell you firsthand, and with great confidence, that health information technology can and must transform our Nation's healthcare system for the better. We have been able to deliver medications to patients faster. We have significantly reduced medical errors, and in one specific example when the manufacturer of Vioxx took the drug out of commission, we were able to communicate and identify over 2,000 patients on the drug, communicate with their physicians and the patients, and make changes to this drug in three hours. That would be impossible to achieve with paper records. The task before us is to make sure that this capability is available to all patients in the United States through interoperable electronic health records, and today I would like to highlight three challenges that must be met in order to achieve this goal. First, we have to have a multi-State interoperable health information system that must have uniform Federal standard governing patient privacy. Our current confidentiality framework rests upon literally thousands of State statutes, regulations, common law principles, and advisories. Not only do States differ from each other on their privacy rules, but virtually no State requirement is identical to the Federal HIPAA privacy regulation. This checkerboard of varying rules would definitely stand in the way of an interoperable multi- State information network. To address this problem, we urge Congress to act on H.R. 4157, the Health Information Technology Promotion Act of 2005, which is co-sponsored by several members of this subcommittee. This bill establishes a process to ensure a uniform national standards is achieved that preserves and protects the security and confidentiality of patient health information. We believe this legislation is critical to achieving the Nation's HIT objectives. Another challenge we face concerns HIT financing. Developing the EPIC system at Evanston Northwestern Healthcare required over $40 million of investment and our operating expenses initially went up by over $5 million per year to make sure that the system runs and runs well. Many healthcare providers, I would suggest most, do not have the capital on hand to make this kind of investment, not only in our hospitals but certainly in our physician offices. We believe that is in the Nation's interest, given the importance of interoperable HIT to patient safety and the Nation's emergency preparedness to drive implementation through financial incentives and creative funding mechanisms, and we are prepared to work to help you shape such an initiative. Finally, we believe that greater physician adoption is essential for electronic health records to occur in our hospitals and medical groups and to occur well. This will lead to greater integration of physician and hospital information systems that will result in better quality of care for patients and saved lives. For this to happen though, Congress needs to provide exceptions to the current physician's self referral prohibitions and anti-kickback rules that were not intended to prohibit the kind of beneficial patient-centered actions we are discussing today. Let me close, Mr. Chairman, by again thanking the subcommittee for spotlighting the vital importance of these issues. We look forward to working with you in the months ahead to bring advances in technology closer to the patients and families that we are privileged to serve, and we would be very pleased to address your questions. Thank you. [The prepared statement of Mark Neaman follows:] PREPARED STATEMENT OF MARK NEAMAN, PRESIDENT AND CEO, EVANSTON NORTHWESTERN HEALTHCARE, ON BEHALF OF HEALTHCARE LEADERSHIP COUNCIL Chairman Deal and Members of the Subcommittee, I want to thank you on behalf of the members of the Healthcare Leadership Council (HLC) for the opportunity to testify on legislative proposals that will promote electronic health records and a smarter health information system. My name is Mark Neaman and I am president and CEO of Evanston Northwestern Healthcare of Evanston, Illinois. We are an academic health center connected with Northwestern University, comprised of three hospitals, a 463-physician medical group, a home health services agency and a medical research institute. My interest in coming before you today is twofold. First, I am chairman of the Healthcare Leadership Council (HLC), a not-for- profit membership organization comprised of chief executives of the nation's leading health care companies and organizations. Fostering innovation and constantly improving the affordability and quality of American health care are the goals uniting HLC members. Members of HLC - hospitals, health plans, pharmaceutical companies, medical device manufacturers, biotech firms, health product distributors, pharmacies and academic medical centers - envision a quality driven system built upon the strengths of the private sector. More to the point, the Healthcare Leadership Council shares President Bush's goal that most Americans have electronic health records by 2014. And we appreciate the bi-partisan commitment by Congress to encourage widespread adoption of health information technology. I'm also here to share my own institution's experiences with health information technology. In July of 2001, the Board of Directors of Evanston Northwestern Healthcare gave the go-ahead to design and implement a patient-centric electronic health record system, a system that we call EPIC. Our goal was to utilize health information technology in a way that would improve clinical outcomes, enhance patient safety, provide greater patient satisfaction, and create a better working environment for our system's health care professionals. I can testify, from our own experience, that all of the discussion about the promise of health information technology is not hyperbole. It is quite real. Let me give you some examples. EPIC was launched in our Medical Group offices in January 2003 and then introduced incrementally in our hospitals over the next 12 months. We now have, throughout our three hospitals and all of our physician offices, a single, unified source of clinical information. With this accessible, comprehensive database, we have cut in half the amount of time it takes to deliver the first dose of an antibiotic to an inpatient, because of the speed with which we can check the possibility of conflicting medications or allergic reactions. In one year, we reduced by 20 percent the number of reported medication errors. I think it would be useful for the committee to hear of a particular anecdotal benefit of the EPIC system. When the drug Vioxx was pulled from usage by the drug's manufacturer, we were able to use the EPIC system to remove the drug from our hospitals and physician offices, block future orders, send notices to physicians regarding which of their patients were on the drug, and send electronic links to websites with information on Vioxx substitutes. This process affected over 2,000 patients and was completed in just three hours. To undertake this same task manually, utilizing paper records to try to find which patients were taking Vioxx, would have taken days if not weeks. It is important to note that Health Information Technology is not just limited to electronic medical records, it also includes integrated medication delivery systems that reduce bedside intravenous medication delivery errors and the resultant harm to the patient. These state-of-the-art systems enable communication between doctors, patients, and pharmacies to ensure that the proper patient is receiving the proper drug in the proper dosage after the proper precautions were taken. The Healthcare Leadership Council has such a strong interest in this issue because we've seen firsthand what widespread adoption of HIT can mean for patients and health care providers. Several HLC member organizations have been among the earliest adopters and pioneers of health information technology. We believe HIT has the power to transform our health care system and provide increased efficiencies in delivering health care; contribute to greater patient safety and better patient care; and achieve clinical and business process improvements. Our interest in this issue is long-standing. In the summer of 2003, HLC established a Technical Advisory Board, comprised of clinicians and others with information technology expertise within HLC's member companies to provide information about their HIT implementation experiences. Attached to my testimony is a copy of the White Paper that resulted from this effort. The paper attempted to quantify key benefits of HIT along with barriers to HIT implementation. The paper concluded with the following recommendations: <bullet> Standards to assure interoperability; <bullet> Financial incentives and funding mechanisms; <bullet> Liability protections to facilitate sharing of safety and quality data; and <bullet> Stakeholder collaboration on best practices. In looking at these recommendations, it is clear that there has been significant progress since 2004. Last summer, the President signed into law the, "Patient Safety and Quality Improvement Act." HLC advocated for this legislation as an important step toward fostering a culture of safety - through liability protections to allow voluntary information- sharing and reporting. I thank the Subcommittee members for all of your work to enact this important legislation. In the area of standards, several public and private sector initiatives are making great strides to identify or develop health information interoperability standards that will enable disparate systems to "speak the same language." And the work of the Certification Commission for Health Information Technology will complement these efforts by certifying that products are compliant with criteria for functionality, interoperability and security. This will help reduce provider investment risks and improve user satisfaction. As important as it is to applaud the progress that has been made, it is necessary to focus on the barriers that stand in the way of widespread HIT implementation. We have some significant challenges ahead of us, and I'll begin by discussing patient privacy regulations and standards. Developing a multi-state, interoperable system depends on national technical standards as well as national uniform standards for confidentiality and security. The Health Insurance Portability and Accountability Act (HIPAA) governs the privacy and security of medical information. Though HIPAA established federal privacy and security standards, it permits significant state variations that create serious impediments to interoperable electronic health records, particularly when patient information must be sent across state lines. We believe Congressional action to establish a uniform federal privacy standard is essential in order to ensure the viability of a national health information network. Because the HIPAA Privacy Rule's preemption standard permits significant state variation, providers, clearinghouses and health plans are required to comply with the federal law as well as many state privacy restrictions that differ to some degree from the HIPAA privacy rule. State health privacy protections vary widely and are found in thousands of statutes, regulations, common law principles and advisories. Health information privacy protections can be found in a state's health code as well as its laws and regulations governing criminal procedure, social welfare, domestic relations, evidence, public health, revenue and taxation, human resources, consumer affairs, probate and many others. Virtually no state requirement is identical to the federal rule. HLC is not alone in calling for action in this area. The 11 member Commission on Systemic Interoperability, authorized by the Medicare Prescription Drug, Modernization, and Improvement Act to develop recommendations on HIT implementation and adoption, recommended that Congress authorize the Secretary of HHS to develop a uniform federal health information privacy standard for the nation, based on HIPAA and preempting state privacy laws, in order to enable data interoperability throughout the country. H.R. 4157, the "Health Information Technology Promotion Act of 2005," which several Members of the Subcommittee have cosponsored, anticipates and addresses this need. The bill sets forth a process by which the Secretary of HHS develops a uniform standard for privacy laws. The bill does not simply adopt HIPAA "as is." Rather, the legislation requires the Secretary to conduct a study of state and federal security and confidentiality laws to determine the degree of variance and how such variation adversely impacts the privacy and security of health information as well as the strengths and weaknesses of such laws. The Secretary then submits a report to Congress including a determination as to whether state and federal security and confidentiality laws should be conformed to create a single set of national standards; and what such standards should be. If the Secretary determines that a single federal standard is necessary and Congress does not act to create a standard in three years, the HIPAA privacy regulation, as modified by the Secretary based on the results of the study, will become the national standard. We believe that this legislation is critical to achieve our critical HIT objectives. Since 1996, HLC has led the Confidentiality Coalition, a broad- based group of organizations who support workable national uniform privacy standards. The Confidentiality Coalition includes over 100 physician specialty and subspecialty groups, nurses, pharmacists, employers, hospitals, nursing homes, biotechnology researchers, health plans, pharmaceutical benefit management and pharmaceutical companies. Many organizations and companies that are members or supporters of the Confidentiality Coalition sent a letter to Chairman Deal in support of a national standard for privacy and the provisions of H.R. 4157 that lay the groundwork for developing such a standard. In discussing this issue, let me make one point abundantly clear. While we believe strongly in the need for a national privacy standard, HLC believes just as strongly that any regional or national system designed to facilitate the sharing of electronic health information must protect the confidentiality of patient information. Health care providers and others involved in health care operations have appointed privacy officers, adopted compliance plans and conducted training with their employees to assure patients that they will protect their privacy in accordance with the HIPPA privacy rule. Addressing this issue appropriately will be essential to achieving the interoperability necessary to improve the quality and cost effectiveness of the health care system - while still assuring patients' confidence that their information will be kept private. To further underscore the importance of this issue to HIT development, I have attached to my testimony a map developed by the Indiana Network for Patient Care. Each dot represents a patient seen at an Indianapolis hospital during a six month period. While the dots are stacked very deep around Indianapolis as you would expect, patients served by the Indiana health providers during this period were also located in 48 of the 50 states. Today's health care providers, meeting the needs of a mobile society, serve patients from multiple and far-flung jurisdictions. Looking at this map it is easy to see why regional agreements will not be adequate to address the myriad regulations with which providers and others will need to comply to achieve "interoperability." In addition to national privacy standards, the lack of funding or adequate resources - combined with the high costs of HIT systems - was repeatedly cited in our member study as a barrier to effective implementation of HIT systems. There are significant front-end and ongoing maintenance and operational costs for HIT, including software, hardware, training, upgrades, and maintenance. Systems are virtually unaffordable for those providers who do not have ready access to the operating capital needed for such an investment. Developing the EPIC system at Evanston Northwestern Healthcare required hard capital costs of $35 million. This does not include an additional $7.5 million for consultants to write code for the system and undertake other essential tasks. Furthermore, our annual operating costs are increased by $5.5 million to support additional IT staff, training and software maintenance agreements. In an age in which health care providers, in many cases, must deal with rising costs associated with uncompensated care, medical liability rates, homeland security needs and addressing staffing shortages, it is a simple fact that many providers do not have the financial wherewithal to invest in these new systems. HLC believes that the federal government should drive the nation's implementation of HIT through financial incentives and funding mechanisms to help providers defray the huge costs of acquiring and operating HIT. Rapid implementation of interoperable HIT is also a critical component of the nation's emergency preparedness. While the Agency for Healthcare Research and Quality (AHRQ) and Office of the National Coordinator for Health Information Technology (ONC) contracts and grants will support the development of a national information network and interoperability standards, we need to do more to get every provider using electronic health records now. HLC advocates the consideration and implementation of multiple HIT funding mechanisms. However, we also recognize that current fiscal deficits and budget constraints will limit the ability of Congress to directly fund any new program or initiative. HLC is working with the chief financial officers of our member companies and organizations to develop workable, creative financing proposals for HIT. We look forward to sharing those ideas with the subcommittee. There is one other critical issue I need to address today. One way Congress can facilitate greater physician adoption of electronic health records is to allow hospitals and medical groups that have successfully implemented electronic health records to share their expertise and IT investment with physician offices. This will facilitate better integration of hospital and physician information systems to improve continuity of care, decrease duplicate tests and provide greater safety and quality of care to consumers. By providing exceptions to the physician self-referral prohibition (Stark) and anti-kickback rules for HIT, Congress can accelerate physician use of electronic health records. Current law prohibits anyone who knowingly and willfully receives or pays anything of value to influence the referral of federal health care program business, including Medicare and Medicaid. Physicians are also prohibited from ordering designated health services for Medicare patients from entities with which the physician has a financial relationship - including compensation arrangements. The penalties for violating Stark and anti-kickback rules are significant. The Stark law is a "strict liability" statute and no element of intent is required. Violators are subject to significant civil monetary penalties and risk being excluded from participation in the Medicare and Medicaid programs. The anti- kickback law is a criminal statute that also provides significant penalties - including fines and imprisonment - for knowing and willful violations. Though HHS has released proposed regulations that would provide limited exceptions to the Stark and anti-kickback rules for e-prescribing and electronic health records, industry analysis suggests that the exceptions will be of little value to hospitals and medical groups wanting to assist physicians with the adoption of HIT because they are too restrictive and contain overly burdensome requirements on donors and recipients of IT products. Due to the severe consequences of violating these laws, providers need a workable safe harbor for HIT. Congress must provide a clear roadmap for hospitals, medical groups and others to provide HIT hardware, software, and related training maintenance and support services to physicians. Pending legislation, such as H.R. 4157, establishes a safe harbor to the anti-kickback and physician self-referral rules for the provision of health information technology and related training services to health professionals. Under the safe harbor, non-monetary remuneration in the form of HIT and training services is allowable if the remuneration is made without conditions that limit the use of HIT to services provided by physicians to individuals receiving services at the entity; restrict the use of HIT in conjunction with other HIT; or take into account the volume or value of referrals. We believe that enactment of this type of safeharbor will help spur adoption of electronic health records and provide immediate benefits to consumers in the form of improved quality of care and patient safety. In conclusion, HLC believes that HIT legislation should especially focus on areas in which Congress and the President must act to remove barriers and facilitate successful implementation of HIT. Therefore, HIT legislation should accelerate the adoption of health information technology and interoperable electronic health records by ensuring uniform IT standards including privacy and security and providing exceptions to Stark and anti-kickback rules to allow hospitals, medical groups and others to share their expertise and investment in electronic health records with physician offices. HLC will continue to work with Congress to continue to explore other funding mechanisms to promote wide spread adoption of HIT. The Healthcare Leadership Council appreciates the opportunity to testify on the development of health care information technology, and I will also be pleased to discuss in greater detail with the subcommittee our firsthand experiences with health information technology at Evanston Northwestern Healthcare. Any questions about my testimony or these issues can be addressed to me or to Ms. Theresa Doyle, Senior Vice President for Policy, Healthcare Leadership Council (telephone 202-452-8700, e-mail tdoyle@hlc.org). <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> MR. DEAL. Thank you. Mr. Pyles. MR. PYLES. Good afternoon, Mr. Chairman. I am pleased to be here. I am Jim Pyles, representing the American Psychoanalytic Association, and I would like to just associate my remarks a bit, I guess, with the remarks of Mr. Vaughan, who I think beautifully expressed the concerns of consumers, and those are largely the same concerns by our members because we found that psychotherapists are essentially the canaries in the coal mine when it comes to medical privacy. When there is a threat to medical privacy you cannot provide effective psychotherapy. It just does not happen. I have worked on this issue now for about 15 years, and I found that there is absolutely no end to the number of people who want to eliminate your medical privacy so they can help you. So I would urge you to think carefully about that. The fundamental question I think we have to ask ourselves as we look at a health IT system is are we going to compel Americans to disclose all of their most sensitive health information about themselves and their families into or from a national interoperable health information system without meaningful, informed patient consent, against their will, without adequate enforcement against unauthorized uses, disclosures, and just essentially disregarding their views. One of the things I have not heard much of in the testimony today is what do the patients want, and I will be addressing that. I have learned in working on this issue that if you have no privacy, you have no liberty, and if you have no privacy, we do not have access to effective healthcare. It just does not happen. If Americans do not have a right to privacy to their innermost thoughts and their genetic makeup, what possible privacy could they have, what other things could be more private than that? What does meaningful consent and privacy mean? According to HHS it means the ability of individuals to determine for themselves when, how, and to what extent information about them is communicated. I think if you ask any person on the street they will have the same definition. Courts have said it really is essentially the right to control the disclosure of your information, at least in some routine circumstances. Why is the right so important? Again, HHS concluded that in short the entire health delivery system is built upon the willingness of individuals to share the most intimate details of their lives with their healthcare providers. If that does not happen, an IT system is irrelevant, so that is the most significant concern when it comes to effective healthcare. HHS also concluded that unless public fears are allayed, it will be unable to obtain the full benefits of an electronic health information system. And yesterday former Speaker Newt Gingrich presented testimony before the Subcommittee on the Federal Work Gorce, and here is what he had to say about the patient's right to control their information: "Individuals have the right to control and must have the ability to control who can access their personal information." I could not agree with Mr. Gingrich more. We know that we have sources already of national privacy standards. They appear in the Hippocratic Oath. It dates back to the 5th Century B.C., which is administered by 98 percent of the medical schools in this country to their graduates. We know that established standards for the ethical practice of medicine adopted by every segment of the medical profession to essentially assure the patients that their information will not be disclosed without their consent. The AMA standard, for example, says, and I quote, "The physician should not reveal confidential communications or information without the express consent of the patient unless otherwise required to do so by law." We also know that this right to privacy for personal information is a fundamental concept of our system of government. It is embedded in the Fourteenth Amendment, the Fifth, the Fourth, and the First Amendments to the U.S. Constitution. This is the informational branch of the right to privacy, not the decisional branch where there is so much controversy. The Supreme Court is rock solid on protecting the right to informational privacy, and as I said, consent must be voluntary and it must be informed. We also know that this right to privacy is grounded in the physician-patient privilege recognized in most States, including your own. The psychotherapist-patient privilege is recognized in all 50 States and the District of Columbia and in Federal common law. The right to privacy is also reflected in the tort laws and the statutory laws of all 50 States, and the States of Tennessee and California have the right to privacy in their State constitutions. We know also that the citizens of Georgia and the citizens of Ohio think pretty keenly about their right to privacy, and they have enacted a lot of laws to specifically protect it. And if you look at tab two, which I will not go into, it lists the privacy laws in the State of Georgia that could be preempted by a bill such as H.R. 4157. Both of these States also recognize the private act of action which HIPAA does not. There are many other States that recognize similar privacy protections in areas of mental health information, genetic testing information, cancer diagnosis and treatment information, HIV/AIDS, drug and alcohol abuse diagnosis and treatment, birth defects, and many of these States give a private right of action. So I would urge you to be very careful about any bill that would preempt these laws the citizens of these States have said they need and want. There are many other privacy protections under State law. Twenty-nine States now have breach protection or breach notification laws. I mentioned private rights of action are there. Let us look for a moment at the right of privacy under HIPAA. The HIPAA privacy rule really should be named a HIPAA disclosure rule because it provides regulatory permission for all covered entities and business associates to use and disclose identifiable health information for all routine purposes defined as treatment, payment, and healthcare operations, without notice to the patient, without the patient's consent over the individual's objection, even if the individual pays privately, and even retroactive to the beginning of time, even information that was created prior to the compliance date. Treatment, payment and healthcare operations, the reason for which this information can be disclosed without permission is a lengthy list. If you look at tab four you will see that list of purposes. HHS responded to many of the concerns that consumers had in adopting that regulation by saying it was only a floor, that still practitioners could still obtain consent, that more stringent laws remain in effect, and that ethical standards retain their vitality. I would urge you that with any law that you are thinking of today you preserve those protections. What does the public want and expect? If you look at HHS' findings they have found that the public has a common belief and strong expectation that their identifiable information will not be disclosed without their consent. Sixty-five percent of Americans would not disclose sensitive information and necessary information to their physicians and providers if they thought it would go into the electronic record. Seventy-five percent are concerned about the loss of medical privacy due to the use of electronic information, and we know that this concern translates into adverse effects on healthcare. Six hundred thousand people a year according to HHS, 600,000 people a year, do not seek early diagnosis and treatment for cancer, 2 million more annually do not seek needed treatment for mental illness. Thousands do not seek treatment for sexually transmitted diseases. One in six Americans takes evasive actions to avoid privacy violations, including providing inaccurate information, changing physicians or avoiding healthcare altogether, and 87 percent of physicians report withholding information from a patient's medical record due to privacy concerns. So we would urge you to start this process with strong privacy protections. Also, we know that an IT system poses a greater threat to health information privacy. The President's Information Technology Advisory Committee concluded that the Nation's electronic information systems are highly vulnerable to corruption by hackers and others, that the threat is growing by over 20 percent annually, and the increasing vulnerabilities cannot be addressed by current technology. MR. DEAL. May I ask you to summarize rather quickly, please? MR. PYLES. I will. In conclusion, I would just like to say that the the right course of action for Congress to take, I believe, is ground any health IT system in strong privacy protections reflected in the history of the Nation in its medical and professional standards, the law of psychotherapy patient privilege, and the constitutional common law provide for meaningful, informed patient consent, provide a private right of action, and prompt notification for any breaches. Lastly, I would just mention the concern for the loss of medical privacy should be a particular concern for Members of this body because under the Supreme Court's decision in 2001, Bartnicki v. Vopper, the court held that information about a public official or a public event which is obtained, even if it is obtained unlawfully, can be published by the press and the press has a First Amendment right to do it, and Congress cannot prevent that publication. So we know these electronic information systems cannot be rendered secure. It is very likely that elections in the future are going to turn on what is in a politician's medical record as well as his talents he brings to the table. Thanks very much. [The prepared statement of James C. Pyles follows:] PREPARED STATEMENT OF JAMES C. PYLES, ATTORNEY MEMBER, POWES, PYLES, SUTTER AND VERVILLE, P.C. <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> MR. DEAL. Thank you. Dr. Detmer. MR. DETMER. Good afternoon, Chairman Deal, members of the Health Subcommittee. I am Don Detmer, President and CEO of the American Medical Informatics Association, whose 3,500 members include physicians, nurses, other health professionals, computer and information scientists and managers, biomedical engineers, academic researchers, and educators. Over the years AMIA's members have been the pioneers of information knowledge relating to healthcare. In the early days of HIPAA rulemaking from 1996 to 1998, I served as the Chairman of the National Committee on Vital and Health Statistics, and I also was a member of the IOM committees that produced the Errors report and the Chasm report. More recently, I was one of the Speakers appointments to the Commission on Systemic Interoperability. It is a pleasure to appear before you today. I would like to briefly summarize a few key points, and my written testimony expands on those to some extent. The need for Federal leadership. Today, too few individuals have access to electronic health record systems and there is little interconnectedness of the systems that exist. And yet, significant improvements in healthcare safety and quality cannot be achieved without robust secure electronic record systems that can be securely communicated across a national information network as we heard from Mr. Neaman. Without Federal leadership our national goal of safe, efficient, effective, equitable, timely, and patient-centered care will remain unfulfilled dream because the necessary integrated health information systems will not be there. My comments will touch on a few points that are needed to move our national vision forward at this time. First, the Office of the National Coordinator for Health Information Technology, ONC, led by Dr. David Brailer, is doing an excellent job. H.R. 4157, the Health Information Technology Promotion Act would establish the ONC in statute and AMIA applauds this. Second, the Department of Health and Human Services should be given explicit responsibility and sufficient ongoing resources for the National Library of Medicine to assure that the ongoing maintenance and open dissemination of agreed health information standards can be pursued as Dr. Braithwaite mentioned. Similarly, we are pleased that H.R. 4157 provides explicit and reasonable rulemaking procedures for the Department to undertake long overdue upgrades of data vocabularies and classification systems, the U.S. thus showing the world and shaping global vocabularies and classifications as a source of primary data in electronic health records, including contemporary disease classifications and coding systems, specifically ICD-10, for a host of legitimate purposes that go well beyond reimbursement. Today they just do not accurately reflect modern medical practice, nor do they help the needs of medical researchers. HIPAA. From my perspective as a physician, the privacy rule has been largely successful in clarifying the individual rights of all patients in relation to their health data on a national basis in establishing the responsibilities and legal obligations of all providers to whom patients interact. It is now time to take a rigorous look at lessons learned. Some argue that States must have the capacity to enact more stringent requirements for privacy. In the name of better health and healthcare, I must respectfully disagree. In fact, I do not see how, in practical terms, we can get to widespread adoption of electronic health records without establishing meaningful floor to ceiling standards that preempt idiosyncratic State approaches. Speaking realistically, only through Federal and State leadership can we truly connect our Nation for healthcare purposes. As a matter of record, AMIA has supported the need for appropriate Federal protection of genetic data. H.R. 4157 calls for a study of the impact of varying State statutes on the rights and protections afforded to patients and importantly on the impact of the requirements on the quality, cost, and effectiveness of healthcare. The study of HIPAA privacy and security standards represents an absolute minimum. Two other items will be valuable to add to the study. First, in addition to the effects on care, the study should examine effects on legitimate biomedical research. And, second, our Nation genuinely needs a consistent way to reliably and accurately authenticate the identity. Both safety and privacy are compromised when the right health information for one patient gets associated with or sent to the wrong patient. Addressing disincentives to HIT dissemination. Reasonable safe harbors to permit dissemination of health information technologies and services intended to improve healthcare quality, efficiency, and access would encourage the deployment of essential health information systems. And I am very pleased that provisions to that effect are included in Chairman Deal's bill. Educating the workforce. Ultimately health IT comes down to healthcare workers and patients being sufficiently skilled to take real advantages of the opportunities for improved care, efficiency, and access that health information technologies and the interconnected national health information infrastructure can provide. In November 2005, AHIMA, the American Health Information Management Association, and AMIA, my organization, convened a workforce summit to develop initial strategies to address challenges relating to effective implementation of electronic health records and personal health records. The resulting white paper, I guess you might call it line paper, Building the Workforce for Health Information Transformation, presents nine targeted recommendations that key stakeholders, including government, can use to support the existing workforce and ensure that sufficient number of well-qualified health information specialists are available to achieve the necessary health transformation through IT. We commend this report to you, and AMIA and AHIMA stand ready to help address this challenge. I firmly believe that the development and deployment of an interoperable, interconnected national health information system is not purely a healthcare issue. It is a matter of national security. Whether we face, God forbid, another Hurricane Katrina or an outbreak of avian flu in humans or another episode of bioterrorism, we simply must have a reliable health information and communication system for our people's well-being. Our Nation's safety depends on it. Thank you again for the opportunity to testify, and I look forward to responding to questions. [The prepared statement of Don E. Detmer follows:] PREPARED STATEMENT OF DR. DON E. DETMER, PRESIDENT AND CHIEF EXECUTIVE OFFICER, AMERICAN MEDICAL INFORMATICS ASSOCIATION Good morning. Chairman Deal, Ranking Member Brown, members of the Health subcommittee: thank you for the opportunity to appear before you today. My name is Don Detmer. I am President and CEO of the American Medical Informatics Association, whose 3200 members include physicians, nurses, computer and information scientists and managers, biomedical engineers, academic researchers and educators. Over the years AMIA has provided many of the thought leaders who have pioneered the innovative use of information technologies in healthcare. In addition to my role with AMIA, I am a Professor of Medical Education in the Department of Public Health Sciences at the University of Virginia. I practiced as a vascular surgeon for twenty-five years. From 1996 to 1998 I had the privilege of serving as Chairman of the National Committee on Vital and Health Statistics, whose mission, broadly, is to advise the Department of Health and Human Services on shaping a national information strategy to improve the nation's health. My tenure at NCVHS coincided with the expansion of the Committee's charge enacted in the Health Insurance Portability and Accountability Act of 1996, which gave the Committee significant responsibilities in regard to administrative simplification and privacy. More recently, I was a member of the Commission on Systemic Interoperability, which was created by the Medicare Modernization Act, and which made a series of recommendations concerning the adoption and implementation of health information technology in an October 2005 report to Congress entitled, Ending the Document Game: Connecting and Transforming Your Healthcare Through Information Technology. As you consider, and I hope pass, legislation that aims to facilitate movement toward a 'smarter' health care system through the promotion of widespread adoption of electronic health records (EHRs) and personal health records (PHRs), let me comment today on three important issues: <bullet> first, there is a critical need for ongoing Federal leadership in encouraging and shaping a national health information system that benefits all stakeholders, especially patients; <bullet> second, we should focus on "lessons learned" from the rollout of HIPAA standards to date and identify issues to be considered as additional health information standards and initiatives are developed and disseminated; <bullet> and, third, we should address some current disincentives - both real and perceived - that slow the implementation of health information technologies in our healthcare system, the most information-intensive enterprise in our economy. The Continuing Need for Federal Leadership While it is the undoubted world leader in high technology clinical care and biomedical research, the US healthcare system is an incredibly fragmented mix of very large and very small players - a conglomeration of 21st century medical science and cottage- industry business practices, and too often characterized by uneven access, delivery and outcomes. Significant improvements in healthcare safety and quality will not be achieved for Americans without robust, secure electronic health records within a national health information infrastructure (NHII). Market forces alone have not driven the necessary integration of the interests and needs of disparate participants: hospitals - physicians and other providers - payers - employers - researchers - educators - and, most important, patients. As a result, too few individuals have access to electronic health record systems today and there is little interconnectedness of the systems that exist. Without Federal leadership to encourage the deployment of interconnected, interoperable health information systems, our progress toward integrated and quality-based care delivery will continue to be lurching and inconsistent. AMIA has been encouraged by Congressional attention to health information issues as evidenced by the introduction of HR 4157, the Health Information Technology Promotion Act, and HR 2234, the 21st Century Health Information Act, as well as the passage by the Senate late last year of S 1418, the Wired for Health Care Quality Act. And, we have been pleased to provide input to several legislative proposals to make personal health records (PHRs) available to Federal Employee Health Benefit Plan (FEHBP) beneficiaries. These bills are important not only for their specific provisions, some of which I will focus on today, but also because they convey an important message to the public - that their elected representatives recognize the critical importance of improving the health care system in ways that will empower consumers, while also improving the quality, safety, cost- effectiveness and accessibility of healthcare. Over the last two plus years, the Office of the National Coordinator for Health Information Technology (ONC), which is headed by Dr. David Brailer, a Fellow of AMIA's College of Medical Informatics, has done an excellent job in communicating a vision to support widespread adoption of interoperable electronic health records within the next 10 years. AMIA is pleased that among the projects currently funded by the ONC are contracts for an Internet-based national health information network and for the development of processes for the harmonization of the various health information standards that are emerging. AMIA itself has a contract with the ONC to create a plan for a national framework for clinical decision support. In regard to interoperability standards and the development of processes to certify health information technologies that can actually 'talk' to each other and will allow the seamless integration of information systems to facilitate quality care, AMIA is also very supportive of the work of the public-private American Health Information Community (AHIC). We believe strongly that HHS should be given explicit responsibility for ensuring the ongoing maintenance and dissemination of health information standards, with authorization for licensing and/or other types of support. To give you a successful example of Federal leadership, I would point to Secretary Tommy Thompson's drive to complete the licensure and distribution of SNOMED-CT, a vital 'dictionary' of medical terminology, by the National Library of Medicine in 2004. AMIA firmly believes that the Department should draw heavily on the resources and expertise of the NLM, and we support additional funding for the Library to ensure that approved vocabulary and other data content standards are maintained, coordinated and updated regularly to permit appropriate alignment and uniformity of the sets of standards that underlie genuinely workable EHRs and PHRs. Just like the NLM's PubMed, these standards should be openly available on the internet. Importantly, HR 4157, the Health Information Technology Promotion Act, introduced by Chairman Deal and Representative Nancy Johnson, provides explicit and reasonable rulemaking procedures by which HHS can undertake long overdue upgrades to data vocabularies and classification systems. Simply, if we are going to facilitate development of an interoperative nationwide network of electronic health records (EHRs), we must address the issue of interoperative data. This means that we must have standard vocabularies as the source of our primary data in the electronic health record, and use contemporary disease classifications and coding systems, (ICD-10), not only for traditional reimbursement purposes but to permit meaningful and accurate secondary uses of data for quality, biosurveillance, and public health monitoring, health research, injury prevention and policy making. As a physician and a health informatician, I find it unacceptable that the US remains one of a true handful of countries in the world to use a 30-year old classification system for diagnoses and inpatient procedures. If we are serious about deploying electronic health record systems for the benefit of individual patients and the nation as a whole, we must attend to the need to improve data standards and speed our capacity to update those standards. At the end of the day, our data systems and standards should primarily foster better care, not better reimbursement. HR 4157 establishes the Office of the National Coordinator for Health Information Technology in statute, and I believe this step is a crucial one in clarifying Federal leadership. As part of our support for the Office of the National Coordinator, AMIA will continue to urge the appropriators on both sides of the Hill to provide for adequate funding of the ONC. Examining HIPAA Lessons Learned So Far As we move to develop an interconnected, interoperable health information system that will facilitate quality, access and patient- centeredness on a national and international basis, it is prudent to identify lessons we have learned so far from the administrative simplification provisions of HIPAA. Though the road was often difficult, if not actually painful, we have made a great deal of progress in establishing the rights of individuals to expect that their health information will be used appropriately and their privacy and confidentiality protected, and in imposing meaningful and reasonable obligations on health care providers, plans and payers, and others to comply with consistent Federal standards for the use, disclosure and transmission of health information. Where once some people in the healthcare system may have treated individual health information too cavalierly on at least some occasions, from my perspective it is manifestly clear that since the Privacy Rule took effect in 2003, doctors, hospitals, pharmacies, health plans and others have made really extraordinary efforts to inform individuals of their rights and to establish policies and procedures that protect sensitive health information. Today every individual has a Federal right to access his or her medical record and to expect that the healthcare system will keep that record secure and confidential. And these norms are national - no longer are your rights, or the legal responsibilities of those healthcare providers you deal with, defined by the unique features of the State in which you live. Even if HIPAA may have 'backed' the nation into reasonable privacy and confidentiality protections, the roll-out has proved, on the whole, successful. Notwithstanding what I think have been extremely good faith efforts to ensure that personal data is adequately protected, I do not discount that some people - for instance, those with concerns about the security of especially sensitive information, such as HIV status or relating to mental health treatment - have continued concerns about health privacy. To my knowledge there have not been reports of any large-scale violations of the framework set in place by the HIPAA Privacy Rule. That is, individually identifiable health information is used and disclosed only for "treatment, payment and health care operations" or as otherwise specifically authorized by the individual. Does the Privacy Rule protect against patently unethical or extraordinarily careless acts - like the leaking of a celebrity's medical record to a tabloid magazine or the disposal of old medical records in a dumpster or a straightforward instance of identity theft? Of course not - but we cannot expect even the most carefully crafted information standards to prevent all illegal behavior. In such instances, active pursuit and strong penalties are needed when intrusions and misuses are identified, as a lesson to dissuade others from similar illegal behavior. Some argue that the States must have the capacity to enact 'more stringent' standards for health information - as is true under the current Privacy Rule - for all health information standards, including those that are absolutely necessary for the development of an interconnected, interoperable national health information system. In the name of better healthcare, I must respectfully disagree. About half of all Americans live near State lines and multiple State approaches complicate the efficient and seamless transmission of crucial health information. For example, it is hardly unusual for an individual to work in the District, live in Maryland, and receive health care in Virginia, with payments made by an insurer located in still another state. If we are to ensure real- time availability of accurate and complete clinical information at the point of care, we simply cannot have the standards for the use, disclosure and transmission of the patient's health information subject to idiosyncratic requirements of individual States. Personally, I don't see how we can get to the common standards and interoperability that underlie the widespread adoption of electronic health records without Federal preemption of conflicting State laws. But rather than simply assert that proposition, let me note that, in relation to the Privacy Rule, since 1999 AMIA has called for a study of the impact of the lack of Federal preemption and the impact of varying State statutes on the rights and protections afforded to individuals and upon the quality, cost and effectiveness of health care. Thus, I am very pleased that HR 4157 calls upon the Secretary to undertake such a study in relation to standards that have been adopted subsequent to HIPAA. This is a prudent approach; however, if the study shows that varying State laws and requirements have a negative impact on health care delivery, quality and access, and that HIPAA has established meaningful privacy and security protections, it makes sense to move forward without delay on Federal preemption for all adopted HIPAA standards. As you may recall, the original HIPAA legislation called for the development of a unique personal healthcare identifier for individuals. All other developed economies in the world have already or are currently implementing such identifiers to assure proper authentication of people seeking care services. Whether we do so with via a voluntary opt-out approach or through the use of reliable identification algorithms, the United States needs a uniform approach to authenticating one's identity, and having the benefit of a unique identifier to help increase the ease and accuracy of this authentication is not trivial. Indeed, I fear that short of such a move, we will be left behind the other nations with whom we should be seeking secure ways to collaborate on global standards. This topic was a key recommendation from the Commission on Systemic Interoperability, and I would strongly recommend that consideration of the issues involved in the reliable authentication of individuals be included in the Secretarial study called for in HR 4157. Disincentives That Have Slowed Implementation of Information Technologies From 1999 through 2003 I had the privilege to serve as the Gillings Professor of Health Management at Cambridge University in England and to consult to the National IT programme of the National Health Service. As you may know, the British government is investing billions of pounds to implement a fully functional, patient-friendly, electronic health record and system. While this task might appear to be easier in some aspects because of Britain's single-payer system, of particular note to me was the observation that, even before the government's new investment, well over 80 percent of England's primary care physicians were facilitating patient care electronically. Today they are moving forward with booking appointments, writing prescriptions, making electronic referrals, recording clinical notes and tracking treatment compliance. By contrast, it is estimated that fewer than 20 percent of US primary care physicians utilize electronic health records. Interestingly, England's primary care practices were 'wired' initially not because of government investment, but because the British pharmaceutical industry years ago offered to supply the necessary hardware and software to primary care doctors in return for access to anonymized prescribing information. In the United States I think such an arrangement would be seen as unseemly at best, and illegal at worst; certainly in the U.K. there were those who held the same view. While the British are neither less ethical nor more permissive of the misuse of identifiable health information than are Americans, in this country hospitals, physicians and other providers are incredibly reluctant to pursue any innovative financing for health IT, including networks that can securely link together a region's providers, because of their concerns about the Stark self-referral prohibitions and other fraud and abuse standards. Whether these concerns are reasonable, today we have hospital lawyers who absolutely insist that it is simply not acceptable for any third party to furnish any information technologies - whether hardware, software, training or other services - to any provider at less than a full, fair market price. Yet, the aims of HIT dissemination are to improve the availability of accurate and timely health information in order to improve the quality of care, and I am aware of no evidence that such dissemination by a hospital, for instance, could actually serve to drive 'new' referrals or business into that hospital. While some healthcare systems and providers are moving forward under the current standards, the general consensus in the healthcare community is that the Stark provisions, while quite important in many respects, are significantly constraining progress on the roll-out of electronic health record systems. It is in the interest of all stakeholders, particularly patients, that functional electronic health records and an interoperable health information system be deployed as promptly as possible. But the entities that are one key to making crucial progress with that deployment, the small and rural physician practices that still provide a majority of health care services in this country, are those that are least able to afford the capital investment for the purchase and hassle of implementing state-of-the art IT systems. Especially because most of the 'savings' of health IT accrue to other system participants, including employers, health plans and patients, financial outlays necessary for the purchase of the very building blocks of an NHII should reasonably come from a wide variety of sources, including government outlays and pay-for-performance programs. Actually, pay-for-performance programs represent a clear argument for payers to provide some of the financing for health IT - because in order to pay-for-performance you have to be able to track performance and quality in the delivery of care, and to do that efficiently you need sophisticated information capabilities embedded in the healthcare system. Reasonable safe harbors for dissemination of health information technologies and services intended to improve healthcare quality, efficiency and access would encourage deployment of essential health information systems, and I am very pleased that provisions to that effect are included in Chairman Deal's bill. Educating the Healthcare Workforce There is no question that momentum for bringing healthcare into the information century is building, but this won't happen purely through a widespread distribution of hardware and software and standards and certifications. Ultimately, IT comes down to healthcare workers and patients being sufficiently skilled to take real advantage of the opportunities for improved care and efficiency and access that health information technologies and an interconnected national health information infrastructure can provide. Assuring these skills throughout the workforce will necessitate sufficient numbers of well educated health informaticians. Because the field is advancing so rapidly, we are seriously undersupplied to meet this challenge. Last year to help address this challenge, AMIA announced its 10 by 10 program, which aims to realize a goal of training 10,000 health care professionals, especially in applied clinical informatics by the year 2010; we just passed our first 100 graduates of a largely web-based course developed by William Hersh and his colleagues at the Oregon Health and Science University. Other universities intend to participate as well. Our program uses classes, tutorials, web-based and in-person sessions to equip health care professionals to use health information and health information technologies to benefit patient care and to advance medical knowledge. In fact, we know from the research of AMIA members that well-trained health providers combined with robust IT systems can produce safer, higher quality care delivery. With the supply of physicians essentially constant and the nursing workforce aging along with the baby boomers, we will only be able to address the increasing demands for care of a growing and aging population by developing a better trained workforce, especially more nurses skilled in the use of information and information systems. Increased Federal support for education and training will be needed to address this workforce reality - and in November 2005 AMIA, in conjunction with our colleagues of the American Health Information Management Association (AHIMA), convened a workforce summit, which included broad representation of stakeholders across the healthcare enterprise, to develop initial strategies to address challenges related to effective implementation of EHRs and PHRs. The resulting white paper, Building the Workforce for Health Information Transformation presents nine targeted recommendations that the industry - including employers, employees, vendors, the government and professional organizations - can use to prepare the existing workforce to use technology tools and to ensure that we have a sufficient number of well-qualified health information specialists to achieve the promise of health IT transformation. A Few Conclusions In terms of the development and implementation of integrated health information systems with sophisticated capabilities, we have seen a great deal of progress in the last few years. Within the Veteran's Administration, for instance, the case for improved safety and higher quality through the proper use of IT systems - including electronic records, decision-support programs, and process tracking and change analyses - has been largely made. We have seen the creation of the Office of the National Coordinator for Information Technology and a Commission to Certify Health Information Technology. The Commission on Systemic Interoperability mandated by the MMA has provided an important set of recommendations to Congress, and Secretary Leavitt has pressed the American Health Information Community (AHIC) to take on a range of public-private initiatives to develop information standards, certify new technologies, and provide long-term planning and governance for the electronic health environment. Someday we may look back at this moment and say, "The rest is history" - but not just yet. Additional legislation and Federal support, and the development of accepted, enterprise-wide standards will be required if true interoperability and connectedness are to occur. Clearly, HR 4157 does not try to address all of the issues involved in creating an NHII to improve healthcare quality, access and patient-centeredness. But it does forthrightly address some key 'sticking points' that are keeping the nation from moving forward as quickly as we should and among them are first, establishment of the Office of the National Coordinator in statute; second, addressing the impact on patient's rights and on healthcare quality and safety of varying and conflicting State and Federal information standards; and, third, reducing some current disincentives to the adoption of available health information technologies. AMIA looks forward to prompt consideration of the legislation and to supporting its implementation. Finally, let's not forget that an interoperable, interconnected national information system is not only a healthcare issue; it is a matter of national security. When I testified to the House Ways and Means Committee on July 25, 2005, I stated that it wasn't clear what would bring this reality to the American public. I mentioned an outbreak of avian flu in a US population center or an episode of bioterrorism or the occurrence of transmissible disease in our food supply chain. Instead, a few months later Hurricane Katrina drove home my point. In the first weeks and months after this national disaster, two contrasting points were made abundantly clear. First, public health and individual patient care of thousands of Americans was jeopardized as paper medical records were destroyed by mud. Second, the electronic medication and health records of veterans were available wherever and whenever their availability was authorized, offering immediate help to hundreds. People's lives do hang in this balance. We must have a reliable, ubiquitous electronic health information system for our nation. It is crucial for personal health, public health and the economic interests of our country. While widespread dissemination of electronic health record systems and the development of a functional NHII will facilitate broad improvements in health care quality, access and affordability, it will also assist in protecting our security and I would urge your leadership in facilitating this development with all due speed. Thank you for the opportunity to appear before you today. I will be happy to answer any questions. MR. DEAL. Thank you very much. Thanks to all of you. There were some very interesting comments. I think with maybe one exception, Mr. Pyles being the exception, most of you have agreed we need to do something in this area. Mr. Vaughan has his reservations about it. I understand the privacy issue, and I certainly agree with it. Hearing some of the testimony sort of reminds me of the old joke about the fellow who went to his doctor, and the doctor asked him, what is wrong with you, and he says that is what I am paying you to figure out. We all want to protect our privacy but there has to be some degree of sharing of that. Now I think that the question of preemption of State law is one of the more significant issues that we have to deal with here. I understand too that there are some very pragmatic problems when you allow States to have their own set of rules. My congressional district borders three States, and the Chattanooga area is to the immediate north of my district. We have doctors who have patients that go to the hospitals in Chattanooga. Other parts of my State, of course, Augusta, which is on the South Carolina border, Columbus, which is on the Alabama border, if we do not have some degree of uniformity of those kinds of regulations statutorily, how do we avoid, if nothing else, those cross-State dealings back and forth of the hospitals and doctors who may be in different States, how do we avoid those kind of problems where one State's rules may be different from the other State's rules? Is that a problem or is that not a problem? Mr. Pyles. MR. PYLES. I would be glad to address that, and I also want to say that I do not disagree that something needs to be done in this area. I think something needs to be done particularly with respect to HIPAA because you have got HIPAA authorizing disclosure for treatment and payment of healthcare operations in your State and most others and standards of medical ethics prohibiting it, so it causes confusion in the consumer community. They do not know if they have a right to privacy or not, and this leads to confusion in the practitioner community. I think a good argument can be made for having greater uniformity and therefore understandability in the privacy standards across the country. MR. DEAL. Should we not be able to all agree on what those would be? MR. PYLES. I would agree with that, and that is why I cited the standards of medical ethics which apply across the country that contain a consistent privacy standard that has been applied for years, cited the constitutional common law that applies in every State, the psychotherapist-patient privilege, and the patient physician privilege which again applies under the State. What we are suggesting is let us look at the common standards we now have that apply across the country and all three of the States your district borders on. Every doctor in those States is subject to standards of medical ethics, everyone is subject to the constitutional common law and physician-patient privilege. We have national standards for privacy. We just do not have them in Federal law. MR. DEAL. Mr. Vaughan, you made reference to a possible model law. Is there one that has been proposed by the National Association of State Legislators, for example? MR. VAUGHAN. Not to my knowledge. I am just reading Don's testimony. This is a problem and how do we deal with it. And it strikes me that under your leadership you could call for the NGA and the National Conference of State Legislators to come together and to really identify where the differences are and where the commonality is, and like when you make a change in long-term care insurance you give the NAIC a couple years to come up with a model, Reagan stuff, and then it goes into effect. You could set up a structure that kind of brings the States together and say what is really important to us and let us try to talk a common language and not this tower of babble, and you have a couple years to do it. It is such detailed work. You do not want this all on your desk, I would think. Get these groups together and see where the commonality lies, and let us try to bring this up for the American public rather than down to a minimum. MR. DEAL. Mr. Mertz. MR. MERTZ. Mr. Chairman, I just wanted to comment on that. We think that the HIPAA standard does create some uniformity. The weakness of it is that it does not preempt these literally thousands of conflicting State rules that are creating an obstacle. And the examples I gave you were various States that actually bar the laboratories from providing lab results. If you set up regional organizations or web-based electronic health records, under the State laws that exist today, we could not transmit laboratory results which make up 60 percent of someone's medical record. That medical record that is on the web would be missing 60 percent of the data that a physician needs. And so we think that the HIPAA standard is a very good one and very protective and sets the standard. We believe that preemption is necessary. You are only doing a study which I think would hopefully identify these conflicting State laws to have the States go back and try to undo the laws. I was involved in doing a study of State laws. There are thousands and thousands and thousands of rules that would take 100 years for the States to unravel all of those. That is why we need one good strong Federal standard. MR. DEAL. My time is expired. Mr. Waxman. MR. WAXMAN. Thank you, Mr. Chairman. Following along the same inquiry, I am concerned about creating a national health information infrastructure without strong privacy protections for patients. HIT will allow providers to not only keep their patients' healthcare records electronically, but share them with others more easily. I do not presume that any of you would be comfortable letting an employer or a health plan know if you were genetically predisposed to mental illness or have the public know your grandchild had been exposed to AIDS or allow a co-worker to learn that your husband or wife has a fertility problem. These clearly are very private matters. With the expansion of the use of electronic medical records comes an increase in the potential for breaches of privacy and the pirating of sensitive personal medical information by unauthorized parties. HIPAA, the Health Insurance Portability Accountability Act, set minimum Federal standards for use in disclosure of personal information. However, when HIPAA was passed, Congress was unable to come to agreement in certain areas so States were allowed to enact additional consumer protections. Similarly, Congress has been unable to come to agreement and pass a Federal genetic non-discrimination law prohibiting employers from learning about and using genetic information about their employees in the work place. Still, there are some HIT proponents who would be comfortable with HIPAA as a Federal privacy standard that would also preempt all State privacy and security laws such as State genetic non-discrimination laws. So Mr. Pyles, could you comment on what would have to be included in a Federal privacy law for it to be protective, especially if it were to supersede State laws? MR. PYLES. Thank you. I will be glad to do that. First and foremost, I think we would want to see a law grounded in the principles, as I said, of standards of medical ethics, otherwise, we would have Congress perhaps authorizing the unethical practice of medicine, which I do not think any physician would want to see happen or any practitioner. It ought to be granted, and the right to privacy reflected in our founding principles of the Constitution, and again those are remarkably similar. There was a comment about thousands of State laws. In fact, there are core concepts in those laws that are remarkably similar. As I said, every State protects mental health information, recognizes a psychotherapist- patient privilege, but beyond that we would need things that HIPAA does not provide. Things like breach notice requirements where patients whose privacy has been breached will be notified and the Secretary will be notified so that we can see a list of companies that do not do a very good job of protecting medical privacy. That could probably be the best enforcement measure we could have. There should be a private right of action that nearly every State recognizes because we know that HHS has done a very poor job. There are over 17,000 privacy complaints that have been filed since April 14, 2003, the implementation date of HIPAA, and only one enforcement action. So we think that there should be an opportunity for patients to establish electronic black boxes. We do not think IT and privacy are incompatible. We think you can actually enhance privacy through the use of health IT, but you need to establish the principles at the beginning. You cannot retrofit an IT system for privacy. MR. WAXMAN. Some States know the ways personal health information can be used without consent. Many States have more protective laws about specific types of sensitive information, HIV/AIDS, mental health records, genetic tests and more. And many States have more meaningful consent requirements. These are the kinds of things you think ought to be in a Federal law if we are going to have preemption. MR. PYLES. I would agree. I would support perhaps a study done by the Secretary as H.R. 4157 provides. But it would have to be a study that is first and foremost directed to identify the commonalities that we see across the country in medical ethics and State laws, in constitutional law. We should build on the foundations we have and that we've formed in this country. We should not assume that we have to operate with a blank slate. MR. WAXMAN. The Federal law only directly applies to providers, health plans, and health clearinghouses. Many States' privacy laws directly apply to a broader range of individuals and entities like those that transcribe records or those that copy or transport files. Do you think that ought to be a Federal law? MR. PYLES. Absolutely, Mr. Congressman. Oddly enough, HIPAA does not apply to hackers unless they happen to be providers or insurers or healthcare clearinghouses. We would think that as with many State laws, Congress should provide for privacy protections that run with the information and should apply to whoever handles the information. It is the same to the patient whether a private individual breaches their privacy or an insurer. MR. WAXMAN. Thank you very much, Mr. Chairman. MR. DEAL. Thank you. I hope we will have a second round too. If we do not have more Members show up, we may have a chance to go around again. Dr. Burgess. MR. BURGESS. Thank you, Mr. Chairman. I forget who it was in their opening statement that referenced the disasters down on the Gulf Coast, which there is no place clearer that we do need to fix this problem. The records room at LSU, you walk through there, the place is ruined and will be ruined for the rest of our natural lifetimes. Contrast that with the parking lot at the arena at Dallas, Texas where you had 400 private doctors show up to triage people after they got off the buses from the Superdome. And I do not remember the drugstore precisely, I think it was Walgreen's, set up one of their remote computer terminals there. They did not have medical records, but at least they had pharmaceutical information on a lot of the people that got off the buses, and it made piecing together the medical story a lot more straightforward, so the value was proven to me that day, but it a difficult climb. And, Mr. Nelson, I just wondered if you had a thought as to how much, looking forward, how much is this likely to cost? If we just look at the Federal government component of healthcare, Medicare, Medicaid, VA, Federal prison system, Indian Health Service, Federal qualified health centers, about 50 percent of the healthcare expenditures are accounted for by the Federal government. Do you have an idea as to what it is going to cost Secretary Levitt when he says he is going to build this platform? MR. NELSON. I cannot give you a specific number. I can say that some of the building blocks that have been put in place, I think by Dr. Brailer if you take the proposal, for example, it essentially was a lot like what a venture capitalist would do when they are trying to infuse an investment and then get a return on that investment. Although that may have been about a $20 million investment on his part spread out across four major corporations, I could tell you for a company like IBM we are taking that and we are starting to build on it. At the end of the day, I suspect that we will probably invest 10 to 20 times that amount into helping to fix the healthcare problems as a part of our replicating the opportunity that he has provided us across this country. So, you know, I applaud that immensely without necessarily having a number that the actual Federal government itself has to invest. I think private enterprise is going to go a long ways in helping solve the problem. MR. BURGESS. When I think back to my days in practice, it is a big expense for a single physician's office to do this. If a hospital puts in an expensive system they of course have borne the cost of that, then to bring individual doctors offices on board would be a relatively inexpensive process because most of the software expense has already been handled. But if the doctors offices then have to individually go out and contract with the software licenses and what have you it does become a good deal more expensive. So, Mr. Neaman, I wonder if there are any thoughts you have of how we might reform some of the Stark laws to allow this to be a more facile process. MR. NEAMAN. Thank you. Your comments are absolutely on track in terms of the relative cost and the ability of extending from the hospital systems to doctor offices. In our own experience for our three hospitals, again we invested a little bit over $40 million to get the system up and running. In our experience it takes on an incremental basis of approximately $50,000 per physician to incrementally bring additional doctors up on the system, so it is a rather large expense. It is also a time consuming expense. We are inhibited by Stark and the anti-kickback provisions from extending our system to other physicians who are in independent or private practice, and that is a big hurdle to overcome, not a risk that we want to take given the penalties that are involved with those statutes. So it would be a relatively easy thing to extend the systems and the software to other physicians if we are permitted to do it under the Stark regulations. MR. NELSON. If I could comment on that, please. MR. BURGESS. Yes, please. MR. NELSON. The $50,000 is certainly a substantial amount of money. To put that in perspective, our data shows that that will represent the cost. The actual market pricing and what physicians are willing to bear, the costs that they are actually willing to pay, is probably more than $300 to $400 per doctor per month range, so there is a bit of a gap there between what the cost is and what the delivery is. Of course, with the Internet and hosting services they do not necessarily have to go out and buy complete systems. The average size of a physician's group is like 2.5 or less, so they are small groups. They do not have the capital to be able to spend the money, and so we are going to have to come up with alternate solutions that are very cost effective to make that work. MR. MERTZ. Congressman, can I make a quick comment on that? We represent the labs and you were not in the room at the time. MR. BURGESS. Let me make one other point because I am about to run out of time. If we get a second round, I will be happy to come back to you. From the physician's perspective too it is also a question of time for us to do electronic prescribing or even electronic medical records. The average physician has to see between 30 and 50 patients a day in order to pay the overhead and take something home, and if you add a minute and a half to two minutes to every transaction in order to be up to date with electronic medical records or prescribing that is two hours, and how are we going to compensate the physician for that time? MR. NELSON. We are actually doing this right now in Westchester County up north of New York City. There are 60,000 IBM employees. The HR department of IBM actually provided an incentive to the physicians to the tune of 50 cents per member per month to actually use the system, so they get paid in order to get the cost benefits, and what not on a minimum level of adoption. The ROI on that was less than two years. We are seeing a much higher level of adoption than what we expected, you know, but it is a great model, I think, that we could use across other endeavors like this. And I agree 100 percent with your comments on time and doctors. MR. BURGESS. But there the insurance plan bore some of that expense to incentivize the doctors to practice. MR. NELSON. And we need to keep in mind that a great deal of benefit that comes from these systems goes back to the employer and to the payer. MR. BURGESS. Sure. Thank you, Mr. Chairman. MR. DEAL. Ms. Capps. MS. CAPPS. Thank you, Mr. Chairman. I have about four or five questions I want to try to get into the brief time so I am maybe asking for brief responses. Mr. Nelson, I will start with you. We have been hearing from others on the panel about the complexity of multiple State privacy laws. I wanted to know technologically do we have--can you speak to the capability of technology to accommodate different State privacy laws? MR. NELSON. I do not think it is a technical problem at all. MS. CAPPS. Okay. MR. NELSON. The technology can handle it and we have experience with ATMs, the banking industries, all of which have their own unique regulatory issues. MS. CAPPS. So that is not the issue. But then let me ask about privacy, and I guess I will address you, Mr. Pyles, but I do not care who jumps in. Under current legislative proposals do patients have to consent to having anonymous information shared with researchers? Do they have to give their approval? MR. PYLES. I am sorry. Could you restate the question? MS. CAPPS. Under current legislative proposals, or at least some of them, do patients have to consent like give some significant assent either in writing to having anonymous information shared with researchers? MR. PYLES. Well, I do not know about pending legislation. If it is de-identified information then it certainly could be disclosed under HIPAA. MS. CAPPS. Without them even knowing if it is anonymous. MR. PYLES. Without them knowing, that is correct. Yes. And under the proposed legislation, I cannot think of any of the proposed legislation that addresses that issue. MS. CAPPS. The way it is now then, who is responsible for determining whether this is legitimate, you know, if lines have been crossed if there has been boundaries, and in proposed legislation? MR. PYLES. Well, under HIPAA it is very, very difficult to know that their information has been disclosed and therefore, since they get no consent or opportunity, so that in effect is no notice, I am stunned that there are 17,000 complaints that HHS has received because I do not know how those patients would have known. So there must be many thousands, tens of thousands more breaches of privacy that are out there that people would object to if they just knew about it, but they probably do not. MS. CAPPS. And they do not know about it. In some of the proposed legislation, is this dealt with? MR. PYLES. No, that is one of the things most disturbing about all of the legislative proposals I see. It seems that privacy is always the last issue to be discussed, if it is discussed at all. A number of the proposals do not mention anything about privacy at all. MS. CAPPS. They do not mention privacy at all. MR. PYLES. Correct. MS. CAPPS. Well, that is certainly something I would hope, given the questions today that certainly is on our minds, and we reflect our constituents so I am hopeful that this will be interjected into any kind of studies. Mr. Chairman, I would hope that that would be the case. I am wondering now with the little more time that I have if you, Mr. Pyles, or anyone could comment on some of the shortcomings in Federal law currently with regard to enforcement of Federal uses of personal health information. You touched on it a bit. The disparity is, are there States that do a better job, for example? MR. PYLES. Well, States can do a better job but even with the authorization for disclosures, without consent under HIPAA, it also means that patients often cannot even assert the rights they have under State law because many States prohibit the disclosure of many types of information. But HIPAA allows the disclosure, and if a practitioner follows HIPAA then not even a patient would know enough to assert their State rights. Plus HIPAA requires a notice of privacy practices to be given to every individual. The notice compels the practitioner to describe the disclosures that are made under HIPAA, authorized under HIPAA, even if that is not their practice. So they are all supposed to include a notice of rights the patients would have under State laws, but I have seen very few notices that include any reference to State rights. MS. CAPPS. But Mr. Nelson, if we can use him as the standard, says there is no barrier in the technology for allowing-- MR. PYLES. I have total confidence in Mr. Nelson. If Congress said that a national privacy standard had to reflect the right to privacy under medical ethics, constitutional law, and law of privilege, that tomorrow morning Mr. Nelson would have a product on the street that did just that, and also accounted for variations in the State laws. MS. CAPPS. And accounting for the variations in State laws, so there is nothing that should stand in the way of this being pursued in the interest of consumers or patients. MR. PYLES. Well, I am not the-- MR. MERTZ. Could I comment? MS. CAPPS. I would love to hear-- MR. MERTZ. I am with American Clinical Labs. What is a technological barrier, the example I gave there is definitely a barrier in State laws. I gave the example of in Florida and Georgia, the laws do not allow the laboratories to transmit results to an electronic health record. If there is a disease management program that has been mandated under Medicare, we cannot transmit because they forbid us transmitting lab results to anybody except the ordering physician, even with the patient's consent. We cannot provide lab results for disease management, for an electronic health record. So with all due respect, maybe you could build a computer that could do it but we cannot transmit the results, so that is a State barrier that is absolutely insurmountable for us with these programs. MR. DEAL. That would be a very remarkable State law that did not allow a disclosure with patient consent. MR. MERTZ. Well, it is not remarkable in Georgia and Florida. MR. DEAL. Well, I know one thing. The citizens of Georgia care a lot about their privacy judging from the laws you have on the books. MR. MERTZ. Well, it is not remarkable there because there are dozens of States that have those laws, so it is not unusual at all, Mr. Chairman. MR. DETMER. I do think that one of the really strong points is that you do mandate a study and I think there will be things we will learn from that, and I think that is why in fact I really am so supportive of that part of the legislation. MS. CAPPS. Mr. Chairman, this has been a good hearing. MR. DEAL. Thank you very much. Mr. Green. MR. GREEN. Thank you, Mr. Chairman. Having served years in the legislature before, I tell people I lost my mind and came to Congress. I am surprised a lot of States have it where they prohibit the individual patient from receiving that information. I assume it is not just Georgia and Florida. It must be a number of States. MR. MERTZ. Well, it is unusual and it is one of those areas where the State law actually prohibits the patient from having access to their own records, which we find kind of odd. Again, we are the labs. We do the testing, and our business is really to get the data back to the physician. But, you know, Congressman, there are so many important things. Diabetes management, they need to get hemoglobin H1C tests every six months. We have almost 10,000 people die a year just because they are not tested for their hemoglobin regularly. So these programs are so important to save people's lives, or cholesterol, people with heart disease. It is essential that these programs be able to manage their disease, and so that is why, while we are very careful, we do not want to give results out to everybody. Genetic tests, we are the people who do the genetic tests. We certainly do not want to send those out to anybody who does not have an absolute need for disease management, hemoglobin, diabetes, asthma, heart disease, yes, those are important tests but we will be careful about it. MR. GREEN. Mr. Vaughan, do you have a response to that? MR. VAUGHAN. We are very much for consumers being able to have access to their medical records and if there is an error in there and it asks for an edit and a correction, yes, this is the kind of thing that we need to work out. MR. GREEN. Can you tell me, does Texas have that prohibition? MR. MERTZ. I have not looked at Texas specifically. I know that Georgia, Florida, New York, California do have them. I would have to get back to you on Texas. MR. GREEN. We can check because-- MR. MERTZ. Generally what the State laws say is that the ordering physician or his or her designee may get the lab results, and unfortunately it has been interpreted to mean the designee is only someone in the doctor's office can get the results so generally, almost in every State, we cannot report to a RIO or to a disease management organization, so I think Texas would be the same. MR. GREEN. I will have to talk to my legislators because that is a concern because I think the patient ought to make that decision anyway. Mr. Vaughan, you give some examples of your concern about the abuses under the Stark and anti-kickback laws, and Dr. Burgess talked about, and the panel all morning has talked about some of the things we have to do to be able to protect that. How are physicians' choices influencing the patients affected now on some of the examples? MR. VAUGHAN. Well, the law was designed to deal with the fact, and started with labs, that doctors who invested in a lab everybody who walked in, you know, maybe just, gee, am I pregnant, would get a full lab workup. There was just documentation by GAO and OIG of tremendous over-utilization, and then we found the same things in X-rays and MRI machines and so forth, and so it spread to try to get a bright line because the anti-kickback laws, you have to prove intent. This was meant to be a bright line to say, gee, people who make these investments or get remuneration tend to, whether they are aware of it or not, start over-ordering and start doing more of a particular service, and it was driving up cost something awful. The worry is that if stuff is provided free or at a reduced rate to a doctor it makes you a good friend of that person who gave it to you, and you tend to gravitate that way. Maybe that is not the best place to send your patient, and so that is what we are trying to be careful about, opening that door to over-utilization or misapplication of medicine. It is important to coordinate care, goodness, yes, but how about making that part of pay-for- performance or finding other ways to coordinate the care. MR. GREEN. One of the suggestions I know--in fact, we are having enough trouble dealing with our lobbying reform, much less looking too much at the physicians situation, but on the electronic records technology that is something that has obviously a greater good. Not that a doctor having immediate access to the test, but if we are looking at the good as a whole, is there a way that we can draft something if we are trying to actually have that that maybe we would not run afoul of those whether it is IBM or whoever is selling this equipment that they do not all decide that is the one. I know one of the suggestions I heard is that, for example, for the greater good we might want to have some non-profit or maybe the medical society in a given community or a State saying this is the depository, this is the information, and anyone who is a member, for example, could then access that without someone feeling like maybe they are utilizing that. MR. VAUGHAN. I mean a way to deal that you would not have to change any laws or get any IG opinions is if people have some money and they want to encourage the spread of this technology to doctors in a State who maybe do not have the resources or behind the eight ball on it, give it to a foundation, Robert Wood Johnson or some State foundation and they would give out the money. I think you will find a lot of opposition or objections to that idea, and that should tell you something. The people who want to give this hardware and software, they want a tie with that doctor. They want a tie that binds so that that doctor will send patients to that hospital. Coordinating care with the patients is great, but if that hospital that gives the data or the software, is it the best place for that patient. MR. GREEN. I see I am out of time. Mr. Chairman, if you would allow me just to ask if anyone else on the panel would like to respond. MR. DETMER. Yes. I just wanted to weigh in on this. Right now our biggest challenge in the U.S. is particularly the small provider office. That is really our biggest challenge. The hospitals, frankly, are getting there and they are building their systems. The thing is our country is a very complex, large place, and I think some of these issues are working, do work, can work, and will work in some settings, but in other settings that opportunity and that kind of option is just maybe going to be very hard to put in play. I think what we are really advocating for, if we can get the regulations right, security and those kinds of design features. Then our feeling is to have this connectivity means that actually a doctor in West Bicycle, Texas can easily get a consultation with the Mayo Clinic electronically, as easy as they can actually with the provider that maybe gave them that connection. In actual fact I think it is that kind of connectivity that really has significant offsets in terms of these arrangements. So I would like to think you could craft it. I certainly hope you could craft it because I think we need it. MR. GREEN. Thank you, Mr. Chairman. MR. DEAL. Thank you. I believe we will start a second round. Is that okay with you all? Okay. Let me start it off. I am going to try to simplify because I think of it in rather simplistic terms, in terms of the problems that I see are encountered. First of all, with regard to a hospital sharing its software with physicians, virtually all of my physicians practice in only one hospital. It does not make a whole lot of sense to me that they should not have some way when the patient goes to the hospital instead of asking the patient when he comes back to the doctor's office, well, what did they tell you. It sort of reminds me of a story of one of my clients. I asked him one time, I said, well, what did the doctor tell you? He said I have no idea. I do not even think he spoke English. We have got to have a better way of transmitting information that helps the patient. The one situation, the hospital sharing what their tests were, what their findings were back with the treating physician, he needs to know that. Also, let us suppose there is a consult with a specialist in the same community who does something. He prescribes some medication. Instead of the patient then going back to his primary doctor and being asked, well, what did he give you? Well, I do not really know. What did he tell you? I am not really sure. I did not understand all that. There has to be a better way of doing this. Now there are several things that pop out to me as major problems of what I am talking about. We have alluded to them in some of your testimony. One is the coding and whether we are talking about the ICD-9 versus the ICD-10. Mr. Mertz alluded to some of the potential problems with the additional codings that are there. Let us talk about that for just a minute. How many of you believe we should go to a broader coding such as the ICD-10? Would anybody care to comment? Dr. Detmer. MR. DETMER. Yes. Actually I am actually a fellow of the American College of Sports Medicine, and you held up your sheet talking about some of these sports issues. I practiced surgery, vascular surgery, as well as sports medicine for about 25 years, and for 15 years I published a fair amount of work that was internationally verified as being valid. To this day, the coding words or the diagnosis I made in athletes, sometimes Olympic athletes, still does not exist in ICD-9, as well as being able to for payment purposes, I would have to find a code that is sort of related to the leg. In actual fact, what works for billing does not capture what you really need to really try to do research as well as even just talk about. For example, asthma today does not have a lot of the codes in 9 that really are in 10. So there is a set of these. We do not know how slippery this all is because it is very hard to track down. But suffice it to say there has been a lot of progress in medicine in 23 years, and that is how old that coding system is. So, yes, it does create problems. We not only need to worry about 10, but that is why I talked about the National Library of Medicine. We need to put in this process that can keep that going over time so that we do not have these very tough dislocations every ten or so years. We really need to put in process something that will catch us up but then hopefully keep us up. MR. DEAL. Mr. Mertz. MR. MERTZ. Yes. Just briefly on that. ACLA labs, we support moving to the ICD-10, but I would just remind you, first of all, you are going from 12,000 or 13,000 codes to 120,000 codes, so it is ten times as complex. You may recall that we are just now after four or five years finally adjusting to the HIPAA transaction codes, the new claim standards that took us years to get that. That was much less complicated than moving to this. We almost had a train wreck where providers were not going to get paid by payers because of the complexity of it. So we just want to make sure as we move to this, two years is not enough. We need at least five years to train the people on new systems. We have to train all of the doctors who submit the diagnosis to us. They are going to have to put eight or ten times as much information on the form that the doctor sends to the lab. If every T is not crossed and every I is not dotted, we do not get paid. We perform the test. We do no get paid, and the system will really shut down. So I would just urge some caution in having a long enough transition period so that we can go there. MR. DEAL. Yes, Dr. Braithwaite. MR. BRAITHWAITE. Mr. Chairman, I think that many of the systems that are in electronic health record systems today are based on these coding systems. We get paid for practicing medicine when we submit a certain code. The problem is that those codes are very broad, they are very general, and they do not really reflect, this is what Dr. Detmer said, what is actually done to the patient. If we cannot come up with a coding system that is detailed enough so that what we record in our electronic health systems actually represents what is done to the patient, then we cannot even look forward to that vision I put forward about how we can practice medicine better in the future by actually having computers help us to interpret what those codes mean with respect to the rest of the data about that patient, not necessarily ICD-10, SNOMED CT is a national coding system for example that has that level of clinical information. As we implement electronic health record systems we now have computers to help us to come up with the right code. It does not have to be done manually out of a book with pen and paper as it is done now in most places for ICD. So I think there is a good balance. MR. DETMER. You also mentioned the importance of the patient being in play here, and if you have terminology where the patient can see some of these codes that do not really reflect particularly what happened you really help bring that patient into that care environment. MR. DEAL. Very good points. Ms. Capps. MS. CAPPS. Thank you again, and you are talking about barriers of some kind and maybe we need to pursue that line of questioning that you started, Mr. Chairman, but I want to see about HIT implementation, what barriers there might be there. And I will continue with you, Dr. Braithwaite. Everyone seems to agree that adoption of electronic health records and a move toward interoperability would allow different providers, health plans, labs, and others to talk to each other, and that that is a good thing. It would improve quality, save resources, eliminate harmful errors. Yet, a recent Rand study found only about 20 to 25 percent of hospitals and 15 to 20 percent of physicians offices have an HIT system. Talk a little bit more, I know we brought this up, but focus in on barriers to implementation. And if we design some legislation, we are going to hopefully have a study, but what should we do or could we do that might help get past some of those barriers? And anyone else can jump in as well. MR. BRAITHWAITE. Well, as I mentioned, one of the major barriers is the incentive system. We are reimbursed in the system for piece work. We are not reimbursed for the health of the patient. And so coming up with several different mechanisms to incent the appropriate implementation of health information technology in the clinical practice would be appropriate. I think in surveys that we have done, people have problems with up front funding as has been discussed. The capitalization of this in practices that do not really have that much capital is difficult. Coming up with the changes in the reimbursement policies so that, for example, a pay-for-performance program under Medicare that actually paid for improved outcomes of the patient based on the data that is produced from an electronic health system would in fact encourage the physicians to get information technology in their clinics and provide higher quality care, as long as the result was not that their incomes actually went down because of these strange reimbursement policies that come out sometimes. I think in aligning incentives so that the people who purchase the systems and the people who benefit from them are appropriately aligned with the implementation of health information technology. MR. MERTZ. May I address that? As I mentioned in my statement, some of our national labs, they are connected with about 50 percent of the physician offices, and the figure that was given is right. It costs $30,000 to $50,000 to create this conductivity with the physician office. It is not just the hardware and the software but the training, marrying all the different systems. It is extremely complicated. Half of the offices that we do not have relationships with tend to be the smaller practices where they do not have the resources to do it. The labs, we have been the ones who invested millions and millions of dollars. We pay for this conductivity. But you get to a small physician office, and they do not have the volume of lab tests to make it economical for the labs to make a $50,000 investment so that they can order the results of their tests and get the results electronically. So that is, I think, one of the key areas where help is needed to provide incentives and resources. We get paid for doing the test. We do not get paid for spending $50,000 to hook them up electronically. So that is where we need some help. MR. NEAMAN. If I could just comment from the perspective of somebody that has done it and been there, I think half of the issues relate to financing, where are you going to find the money to do it. MS. CAPPS. Right. MR. NEAMAN. The other half relates to the huge behavioral changes for electronic medical records, and the hospitals and the doctor's offices-- MS. CAPPS. Behavior changes by whom, everybody? MR. NEAMAN. Every clinician, every nurse, every physician, every technologist under an electronic medical records system must change the way they practice. It is no longer writing things out by hand or trying to decipher the physician's handwriting. Everything changes, and for the most part it changes for the better. MS. CAPPS. Several of you have mentioned incentives. Voluntary, is that sufficient? If we are the ones who would design legislation, is it significant enough for our national interest to mandate some things, or are we even to the point of talking about that? MR. NEAMAN. I think, from the providers' side, the hospitals and the physicians lack trust. If there is going to be anywhere near the sufficient level of funding to bring doctor offices or hospitals up when we are facing another $36 billion of Medicare cuts. MS. CAPPS. I hear you on that one. MR. NEAMAN. I think it is going to have to be again some kind of opportunity included in the private sector to invest monies to make this a real reality, unless the Congress wants to take on a project like rebuilding the Federal highway system of hundreds of billions of dollars to really make this a reality in the near future. MR. DETMER. I think I would like to comment on that, I think that puts tension in this, as it is not like there is an EHR system. MS. CAPPS. Right. MR. DETMER. In fact, there have been some very good studies done that show that if you go for EHR light, in other words, the cheapest kind of way to just get something in, you do not have the decision support infrastructure where you really get your quality, safety, and your ROI pay back. By one calculus of that, if you are willing and can find the scratch to pay four times more you will get 12 times back. So it is not like it is just sort of the thing to do. And so education and change management is a major piece of this. The other thing that I want to echo, again, that I mentioned earlier in my testimony has to do with authentication. It was interesting, the day that the commission report on systemic interoperability was put out, and I was on that commission, we happened to have our annual meeting. The same afternoon we had a presentation of some of the folks that were on the commission and talking about it. A woman in the audience said I have a problem for you. She says I am Mary Smith. I have a problem with authentication. MS. CAPPS. Great. MR. DETMER. She says I get other people's bank statements when I do on line banking. I need some unique way both for my protection as well as for everybody else's to identify who that is. This issue of being able to have at least a national way of uniquely identifying folks is really something that is a barrier that, again I think is a Federal issue if we are going to address it. Thank you. MS. CAPPS. And I know I have overstayed my time but this is our last round. I started out by talking as a nurse about patient safety and the benefits of IT. Somewhere in our study, I would hope we could find some way of demonstrating that in the long run the initial outlays will be significant of resources. There ought to be a pay back to society at least for mortality rates dropping, and I would--we get to that as IT--can the study even demonstrate some things? MR. NEAMAN. In our studies, we can tell you that right now. It does not take a long term. We have shown in our studies in our hospitals, our doctor offices, there is a payback, economic, clinical, saving lives. It works. It absolutely works. MS. CAPPS. And is there demonstration of that already? MR. NEAMAN. In our system, yes. MR. DETMER. Speaking of the nurse and the education challenge, the strategy we really need is educating nurses in particular. MS. CAPPS. I do not believe we will end up doing all of this, not all of it, but a fair amount of it at least in the-- MR. NEAMAN. If I might, just get a lot of great benefit out of it too. MS. CAPPS. I should say. MR. NEAMAN. Better care. In our studies we saved 20 percent of the nurse's time instead of babysitting the chart and trying to decipher the doctor's handwriting. MS. CAPPS. And you are all talking about it in acute care probably, but look at long-term care and who delivers that care and who has to take a huge chunk out of every hour of patient care to documenting. MR. NEAMAN. Absolutely. MR. DEAL. Let me go to Dr. Burgess next. MS. CAPPS. It is tough for the doctors, isn't it? Thank you. MR. DEAL. Dr. Burgess. MR. BURGESS. You know, I think back over 25 years of medical practice, the two things that came out of Washington that destroyed a better part of the joy of life were the Stark laws and HIPAA, and I cannot help but feel we are today with the grand daddy of them all, and I do worry about what the world will look like so it is terribly important for us to get that right. So with that sort of onus, Mr. Mertz, I interrupted you before. Let me let you finish what you were trying to tell me about the Stark laws. MR. MERTZ. Well, actually the point I was trying to make, I eventually made which was that it is a sizable investment, $50,000 or so, to set up that conductivity between the labs and the physician offices. So it is going to take a lot of money and the labs have made that investment. I just want to reiterate, we very much support the Stark law in many ways because it does not allow the abuses that happened many, many years ago. We are able to only provide the equipment that is needed just very narrowly to ordering tests and reporting results. But we see the need to expand it a little bit to allow more investment and IT. We just want to make sure that we are still included in an exemption, but that it is done carefully. So I appreciate the opportunity to finish up. Thank you. MR. BURGESS. And, Mr. Vaughan, on that, does it ever increase the cost of care to not share information? MR. VAUGHAN. Sure. MR. BURGESS. I can tell you in my hometown of Denton, Texas that I encounter that situation every day where they've got two hospitals that are competing, and not only do they not communicate with each other, they are forbidden from communicating with each other. So a CAT scan in one hospital on a Friday night means you get a CAT scan in the next hospital if you go into the other emergency room on the next Friday night because you did not like the care you got across town. It is a system that creates more expenditure, I believe, by not communicating. MR. VAUGHAN. Absolutely. This is where so much of the savings will be, but how you can get this information, the software, the hardware, into doctors offices, how can we do it where it does not lead to some distortions that we might not even see for a while where one hospital that has got good cash flow in a year, the other one has been doing charity care, might be a little starved. This one donates some stuff. Just consciously or unconsciously doctors will say I like those guys. They have been helping me. They have been helping my office. I move my patients there and they may not have the best department and everything. So you get those goofy, almost unconscious distortions, can't we pay for this up front? I know with the Federal budget situation, you know, get a life. There is no cash lying around. MR. BURGESS. Mr. Neaman has found the savings for us in the Medicare, is that what you just told us a minute ago? MR. NEAMAN. In our system, yes. MR. BURGESS. So how much money are you going to save us? If the Chairman and I are successful in getting this done and your company is the one that gets the contract, are we going to save that $34 billion in Medicare this year that we can then turn back over? MR. NEAMAN. I can only comment on our system and what we have actually found. The point being is that the systems that we have experienced really do save lives and they do less testing, not more testing, and they protect patients from abuses of testing. We have even shown in our studies that the efficiency improves so much that we were able to save cost-wise $17 million a year in our system by doing things right the first time, not having to do them time and time and time again, so there is a small incremental savings once you get the system up and running. Again, all the other benefits are tremendous. I think Mr. Vaughan's examples might be a little confused with what the real issues are here. In the examples of over-testing, such as too many lab tests or too many X-rays when a physician owns that equipment, that is not what we are talking about here. If you want to preclude that, then do not let physicians own MRI machines, a whole other issue. MR. BURGESS. It is not a good idea, by the way, but continue. MR. NEAMAN. I was not advocating it as a principle, particularly my orthopedic surgeons would let me know about that. But what we are talking about here is the sharing of data, and shouldn't we be focused on the patient here, to share that data between our hospitals and our physicians. Doesn't the American public expect our hospitals and doctors to work together around a central point of data? The answer is quite clear in our experience. Absolutely yes. MR. BURGESS. Mr. Pyles. MR. PYLES. I have been wanting to get this in. You asked a question in your last round, and I think it touches on what you are asking now. How much you save I think is going to depend on how much you need. The numbers I have seen on the cost of wiring the country for health IT are $176 billion initially as start up-front costs and $46 billion annually. Now keep in mind you are going to have to replace that information system. They have a life span of about, as I understand it, three to four years, so you are going to be continually replacing them. It is not to say you should not do it, but when you are talking about a solo practitioner in Shady Side, Maryland where my family physician is, that is a big chunk. His share of that is a big chunk. He was chosen actually as one of 200 physicians in Maryland to use an electronic information system by Blue Cross. He has found that it is out of order. He carried around a little box that he is supposed to input information in. He cannot communicate with the system, at least a minimum of three times a day, and the information he gets back is often times so garbled he cannot understand it. So he is a little frustrated. I have heard healthcare is the last area where we do not have IT. It may not be such a bad thing because we are dealing with people's lives, and we would not impose a drug or a procedure on the public unless it was proven safe and effective for patient use. So I would just urge you to be careful. As a lawyer, one of the questions I have always had too is what is the standard of care for an electronic health information system? When you go into the hospital and a patient has a seizure you punch the screen to get the patient's current status and what they are on, and it says access denied and you prescribe something and the patient dies. What is the standard of liability there? A judge is going to have to figure that out. Were you negligent? Was the hospital negligent? Was it expected for the system to be down once a week, once a month, once a year? My computer is down a minimum of twice a week. Maybe these systems are more reliable but that is a whole area that is completely unexplored as far as I can tell. I do not see any standard of care like a Xerox standard. Xerox will tell you the copier machine will never be down more than four hours. MR. BURGESS. Can Dr. Detmer respond, Mr. Chairman? MR. DEAL. Sure. MR. DETMER. I agree with him on one point, and I disagree with him on another. I agree with him that IT is not some kind of magic. It has got to be done right for it to work, and we have heard from some places that are doing it right, and, boy, it does work. That is why this education issue is also a huge piece of this, because if you just try to do it, I am not sure in fact you will ever see a ROI. On the other hand, if you do it right I think we now do have enough body of evidence to be able to speak to safety, efficiency, cost effectiveness, patient centeredness, timeliness. As prices drop, you do start improving equity as well, and that is a U.S. problem. MR. DEAL. Why don't we let Mr. Nelson defend his industry? MR. NELSON. I think the comment that I would make is we've got to keep in mind that the bulk of the healthcare dollar really goes to chronic disease, and there are not a lot of them. Interesting, you know, there is various data out there to support this, but the average patient when we get down to actually looking at it on a by patient basis, they have on average between five and ten physicians if you have a chronic disease. Those doctors do not talk to each other. So it is real obvious that the only way that we are going to actually make that work and reduce the redundant tests and improve the quality of medical errors and all that is if we give smart people information so that they can make smart decisions, but allow those smart people and physicians, I think as Dr. Burgess mentioned earlier, it has got to be in a way so that the physician is not penalized in the process. We got 16 percent of the gross national product right now going to healthcare which is far over any other country in the world. Any other outcomes are not even in the top ten right now, you know. I think it is a shifting of the dollar that we are talking about. Medicare and Medicaid employers and payers are the ones that are the biggest beneficiaries of these systems, and we shift the dollars to some extent from there to the primary care physician, which are the guys who really I think are in control of the healthcare system today. MR. DEAL. Well, thank you. MR. BURGESS. Mr. Chairman, could I ask a question? MR. DEAL. Sure. MR. BURGESS. We are going to have a bill before us either in this subcommittee or the full committee about this, and if it would not be out of order to ask each of our respondents to give us their impressions about what they like, what they dislike about the bill. This is important that we get it right because this could be the headache for the next two or three generations of physicians or the benefit for the next two or three generations of physicians. MR. DEAL. Certainly. That would be appropriate, and there may be other questions from other members of our committee that were not here that may be submitted to you in writing. We would appreciate your response on that. I commend all of you. Somewhat different points of view on some issues, but generally I think there is a consensus that this is an area that is worth exploring. It is worth us trying to move forward on the issue. We appreciate your various points of view. As Dr. Burgess indicated, if we can move a legislative agenda, we would appreciate your further comments with regard to that as we attempt to refine those. We do appreciate your time, and thank you for your attention and your being with us on this occasion. I am not going to adjourn the hearing because we expect to have in the next few weeks a follow- up panel that will be from a Federal point of view and so therefore in light of the fact that that further panel will elaborate on the same general issue, we will simply just suspend this session of the hearing on IT. Thank you all for being here. [Whereupon, at 1:56 p.m., the Subcommittee adjourned.] RESPONSE FOR THE RECORD BY WILLIAM BRAITHWAITE, MD, PHD, CHIEF CLINICAL OFFICER, EHEALTH INITIATIVE AND FOUNDATION FOR EHEALTH INITATIVE Responses to Questions following March 16, 2006 Subcommittee on Health Hearing entitled: "Legislative Proposals to Promote Electronic Health Records and a Smarter Information System" 1. How important is it to think realistically and not try to do everything at once in terms of a complete electronic medical record, but instead focus on things like e- prescribing, lab results, and patient information? Through eHI's Working Group for Value Creation, Working Group for Practice Transformation and other organizational efforts, eHI is exploring important issues in this topic area. To the question specifically, trying to do everything at once in terms of a complete electronic medical record, to me, is like trying to boil the ocean. Although an electronic health record system for every clinician, including functional clinical decision support systems, is a necessary vision and goal to work toward, this development and implementation process will take decades to complete. It is much better to implement some "low hanging fruit" for which a return on the investment can be demonstrated as a way to support the longer term effort. To the functions you mentioned, e-prescribing, lab results, and patient information, I would add medication history (including allergies) and clinical reports to complete the set of commonly mentioned electronic health information exchange functions that clinicians agree would help provide higher quality healthcare in the short term. 2. Can you give an example of some of the decision support systems that are possible by moving towards smarter information systems? Some examples of decision support functions include: <bullet> Advising a clinician that a drug he/she is trying to prescribe has contraindications that must be considered (and possibly explained or justified) such as allergies, potential drug-drug interactions, instance of another prescription or OTC drug the patient is taking with similar physiological activity and existence of a less expensive alternative with similar activity. <bullet> Advising a clinician that a lab test that he/she is trying to order was done recently on the same patient and present the results of that test for consideration to avoid redundant procedures. <bullet> Advising a clinician that a result of a test (laboratory, radiology, pathology, or other) indicates an abnormality that has not been documented and/or acted upon. <bullet> Advising a clinician that a screening or follow-up test judged to be appropriate for the particular patient (age, weight, sex, diagnoses, health status, etc.) has not yet been ordered or has been ordered but not produced a result in the expected timeframe (e.g., results of ordered Hgb A1c test have not been received within 2 weeks of follow-up patient visit for diabetes control). <bullet> Advising a patient that a refill of a prescription for a drug that should be taken daily to treat a chronic disease is overdue. RESPONSE FOR THE RECORD BY ALAN MERTZ, PRESIDENT, AMERICAN CLINICAL LABORATORY ASSOCIATION April 18, 2006 The Honorable Nathan Deal Chairman, Subcommittee on Health House Energy & Commerce Committee 2125 Rayburn House Office Building Washington, D.C. 20515-6115 Dear Chairman Deal: Thank you for the opportunity to testify before the Subcommittee on Health at the March 16, 2006 hearing entitled, "Legislative Proposals to Promote Electronic Health Records and a Smarter Information System." Per your request, attached are answers to the questions posed in the April 11th letter to the American Clinical Laboratory Association (ACLA). The Honorable Nathan Deal 1. What particular function of healthcare do labs provide that makes them a good starting ground for smarter health information systems? Laboratory data are the heart of the medical record. Laboratory data represent 60- 70% of the medical record while comprising only 5% of total hospital costs and only 1.6% of Medicare costs. The vital information provided by laboratory data directs the diagnosis and treatment of disease, improves the efficiency of the clinical care provided, and most importantly, improves clinical outcomes for patients. The long-term benefit of these effects is reduced health care costs. For instance, 62% of the Health Plan Employer Data and Information Set (HEDIS) effectiveness of care measures are informed by diagnostic tests. Diagnostic tests are specified as important to measure in 80% of the clinical evidence based guidelines for the most costly disease conditions in the U.S. It is for these reasons that virtually every health care community trying to develop an electronic health information infrastructure is looking to laboratories first. In a survey of hospitals, the number one health care information technology (IT) function in use by the majority of hospitals today is the electronic order entry and review of results for diagnostic services. For example, ACLA member Quest Diagnostics, a commercial laboratory with business relationships with over half of the nation's physicians and hospitals, currently sends 60% of its results and gets 40% of orders via the Internet. The investment that laboratories have made in health IT also includes public health - ACLA member companies report to over 3,000 public health agencies at the local, regional, and national level - much of which is done via electronic means. 2. I understand that labs have a limited exception under the Stark law. Can you explain how this exception works and whether there are any examples of abuse in this area with respect to labs? The terms of the Stark law are defined to exclude from the law's scope the provision of hardware or software by a clinical laboratory to an ordering clinician provided such items are "used solely to order or communicate the results of tests or procedures for such entity." This provision was added to the Stark law when it was amended by Congress in 1993. Under the terms of this provision, laboratories are not permitted to include other types of functionality in the hardware or software they are providing to the ordering physician without charging fair market value for this added functionality. For example, one of ACLA's members currently offers a product which, in addition to being able to order tests and transmit results, also enables the physician the means to electronically order prescription drugs. Due to the limited nature of the Stark law provision discussed above, this laboratory must charge fair market value to the participating physician for this additional e- prescribing functionality. The laboratory provision has helped shepherd health information technology into numerous physician offices and hospitals throughout the country today. The ability to provide clinicians with this limited hardware and software is fundamental to rendering efficient, comprehensive laboratory services to patients - a critically important function that must be maintained. Clinicians place a high value on being able to order laboratory services and receive laboratory results electronically because it improves legibility, decreases error rates, produces more timely results, and allows the monitoring of redundant or duplicative testing. ACLA member laboratories strive to fully comply with the parameters of the Stark law and we are not aware of any examples of abuse in this area. 3. With respect to ICD-9/ICD-10 issues, would it be safe to say that we would get more detailed and accurate information by switching to ICD-10? If yes, why have we been so slow to move toward this code change? Transition from ICD-9 to ICD-10 does hold great promise - provided clinicians accurately use the more detailed diagnosis and procedure codes offered by the ICD-10 Clinical Modification (CM) and Procedural Coding System (or PCS). More detailed procedure codes could allow for enhanced tracking and analysis of clinical and economic benefits and better outcomes research. However, the transition to ICD-10 has justifiably been slow due to the massive overhaul to providers and payers' computer systems, and the time and expense needed to provide appropriate client education, training and testing of the new systems. This transition would be particularly difficult for laboratories since they bill Medicare directly, yet depend on the ordering physician for the diagnosis codes to include on the claim they submit to Medicare. While the current iteration of ICD-9 consists of roughly 13,000 diagnosis codes, problems persist today with physicians not providing the appropriate ICD-9 codes in order for laboratories to get paid. ICD-10's 120,000 codes have the potential for delays in reimbursement if providers are not well educated on how to use the new system. Finally, other regulatory changes (including the replacement of Version 5010 of the 837 claim standard) must occur before ICD-10-CM can be implemented 4. Having uniform standards for the transmission of laboratory results is an essential part of promoting electronic health records and a smarter health IT system. Can you share with the Subcommittee what progress has been made in establishing such uniform standards? Much work has already been accomplished in developing uniform standards for laboratory result reporting. Currently, most laboratories and other diagnostic services use HL7 to send their results electronically from their reporting systems to their care systems. In that transmission most laboratories utilize Logical Observation Identifiers Names and Codes (LOINC) to facilitate the exchange and pooling of results, such as blood hemoglobin or serum potassium for clinical care, outcomes management, and research. The laboratory portion of the LOINC database contains the categories of chemistry, hematology, serology, microbiology (including parasitology and virology), and toxicology. The Consolidated Health Informatics (CHI) initiative, one of the Office of Management and Budget's eGov initiatives adopted LOINC as one of its core uniform standards on March 21, 2003. However, what is also needed is an implementation guide for this system, given the variability among laboratories in reporting different LOINC codes for the same test (there are over 25,000 LOINC codes for laboratory tests). The EHR-Lab Interoperability and Connectivity Standards (ELINCS) project, a non- proprietary effort involving various players within the health care delivery system (including those focused on the transmission of lab results), has been doing just that. In March of 2005, ELINCS, through the leadership of the California Healthcare Foundation, began developing an implementation guide to 'map' the top 80% of performed laboratory tests. This 'mapping' essentially creates uniformity among laboratories, providers and vendors alike in terms of which LOINC codes refer to which laboratory results. The initial effort was completed in late 2005 (v1.0) and additional work on v2.0 is nearing completion, which expands the project to cover the top 95% of all performed tests (around 170 tests). In September of 2005 the Certification Commission for Health Information Technology (CCHIT), which was awarded an HHS contract for health IT product certification, included ELINCS v1.0 among the handful of interoperability specifications it has proposed for its first round of certification criteria for electronic health record systems. 5. Establishing an electronic connection between labs and physicians or hospitals for ordering tests and receiving results can be very costly. This cost is a significant barrier for many physician offices, particularly smaller practices. How costly is it to establish such interfaces, why is it so costly, and what is the impact on health care practices? The eHealth Initiative, in a recent report entitled, "Practice and Laboratory Connectivity," estimated that establishing custom interfaces between physicians, hospitals and laboratories can cost anywhere between $30,000 to $50,000. This high cost is due to two factors: (1) the cost of the actual hardware/software, installation and training of staff; and (2) the cost to "marry' the existing data streams of the participating provider and the laboratory. This cost burden, most often paid to a vendor, is the direct result of the lack of uniform electronic test requisition and result reporting standards. Due to the significant cost involved with establishing this connectivity, the provision of this technology is a business decision - one which often times prevents this technology from reaching both rural and small physician/hospital locations. However, with the ongoing work of the ELINCS project in creating an implementation guide for electronic results reporting (and plans to tackle the test requisition in the near future), it is our hope that in the next few years the cost prohibitive nature of custom interfaces will abate, thereby leading to greater access to this technology for physicians/hospitals both in rural areas and in smaller practices. Thank you once again for the opportunity to testify before the Subcommittee. If you have questions or need any additional information, please do not hesitate to contact me. Sincerely, Alan Mertz President RESPONSE FOR THE RECORD BY MARK NEAMAN, PRESIDENT AND CEO, EVANSTON NORTHWESTERN HEALTHCARE, ON BEHALF OF HEALTHCARE LEADERSHIP COUNCIL <GRAPHICS NOT AVAILABLE IN TIFF FORMAT> RESPONSE FOR THE RECORD BY JAMES C. PYLES, ATTORNEY MEMBER, POWERS, PYLES, SUTTER AND VERVILLE, P.C. April 25, 2006 Dear Mr. Grant, Please accept my response to the letter from Chairman Deal of April 11. I was unable to respond to the letter when it arrived because I was completing the petition for certiorari to the Supreme Court in Citizens for Health v. Leavitt which challenges the constitutionality of the HIPAA Amended Privacy Rule. That petition had to be filed on April 13, and I had to be out of the office until this week. My secretary reminded me that this was due today. I think you will find the answers helpful. Question 1: The question does not accurately state the question I raised. My question was, " Will Congress compel Americans to disclose all of their most sensitive health information about themselves and their families to and from a national "interoperable" health information system without meaningful, informed patient consent, against their will and without adequate enforcement against unauthorized uses and disclosures?" The question to me also incorrectly states that "under current health care operations providers may exchange identifiable health information for the purpose of treatment and billing." In fact, the Amended Health Information Privacy Rule that is currently in effect, authorizes covered entities (including doctors, other providers, health plans and health care clearing houses as well as their business associates) to use and disclose virtually any of an individual's identifiable health information for the purposes of treatment, payment and health care operations. These are separate terms and purposes. Treatment and payment are generally defined as uses for the patient's treatment where the patient has requested that treatment and payment where the patient has requested that an insurance claim be filed. So these uses and disclosures are somewhat within the patient's control. Health care operations, by contrast, are a broad list of uses generally for the benefit of the covered entity that are completely outside of the patient's control that include underwriting and premium rating, business planning and development, management activities, and due diligence in connection with the sale of a business. 45 CFR 164. 501, 65 Fed. Reg. at 82,803-04. As the American Medical Association said in its comments on the Amended Rule, "As currently defined, "health care operations" includes a broad array of activities unrelated to a patient's individual treatment or payment and extending far beyond the necessary disclosures and uses patients would expect when they seek health care...An optional consent provision combined with a broad definition of health care operations would effectively compel patients, as a condition of obtaining health care services, to allow uses and disclosures of their protected health information that are not routine or necessary for a covered entity to run its business." AMA letter to HHS, p. 7 (April 26, 2002). The question also states, "Of course, doctors may also not disclose information if they choose or other rules do not constrain it." That choice is not as available as the statement implies. Covered entities may provide a consent process for disclosures for treatment, payment and health care operations, but only by entering into an agreement with the patient to restrict uses and disclosures. 45 CFR 164.522; 67 Fed. Reg. at 53,213. Covered entities are further discouraged from entering into such arrangements because failure to act in accordance with such agreements can result in a violation of the Rule and civil penalties. 67 Fed. Reg. at 53,213. The statement, however, reveals the real change that the Amended Rule made in the practice of medicine and the right to medical privacy. It is correct that under the Amended Rule, for the first time in the nation's history, covered entities have been given the federal authority to decide whether a patient's health information will be disclosed without the patient's consent and even over the patient's objection. The practice under constitutional law, medical ethics and the laws of most states, prior to the Amended Rule, was for THE PATIENT to be able to decide whether his or her identifiable health information would be disclosed. In other words, a patient's identifiable health information could not be disclosed without the patient's consent. This long established principle was recognized in the Original Health Information Privacy Rule. 65 Fed. Reg. at 82,474. When many consumers and practitioners raised the concern that the proposed Amended Rule would violate medical ethics and state laws, HHS responded that The Amended Rule was only intended as a "floor" of protections and that more stringent state privacy laws and standards of medical ethics would remain in effect. 67 Fed. Reg. at 53,212. However, the decision making power was taken from the patients and vested solely in the hands of covered entities. So in answer to the specific question whether current law fails the test, the answer is that the Amended Rule does fail that test to the extent that it authorizes covered entities to disclose Americans' identifiable health information without their consent and against their will. But HHS contends that current law is only a "floor" of privacy protections and was not even intended to be a "best practices" standard. 67 Fed. Reg. at 53,212. Some who testified at the hearing desire for the Amended Rule to become the national privacy standard. The effect would be for the "floor" to also become the "ceiling" which would leave little room for consumers' ethical and constitutional rights to health information privacy. The HIPAA Amended Rule cannot be made the national privacy standard because it essentially eliminates the individual's right to health information privacy rather than protecting it. Question 2: Should a patient be able to "block" a doctor who needs to send certain medical information for the purpose of billing? Answer-A doctor should always act in accordance with standards of medical ethics. The standards of medical ethics of the American Medical Association, as well as virtually every other medical society, state that, "The physician should not reveal confidential communications of information without the express consent of the patient, unless required to do so by law." See Tab 1 to my testimony, item 16.a. HHS also found that this is has been the established practice throughout the history of the country. 65 Fed. Reg. at 82,474. So if a patient, a Congressman for example, wishes to file an insurance claim for treatment of the flu, he or she should be able to expect that their psychiatric record or genetic test for a predisposition for cancer will not be disclosed without their consent. If the insurance company insists that they have to have the entire medical record to pay the claim, the Congressman should have the right to pay privately and not have to disclose this information against his or her will. If we do not allow patients to assert their traditional right to privacy, they will avoid seeking needed health care and/or instruct their physicians to falsify their medical records. HHS has found that many Americans already are taking such self protective measures and physicians are withholding information from patient records. 65 Fed. Reg. at 82,468. Thus, protection of the right to privacy is essential for effective, high quality health care. See HHS determination to this effect. 65 Fed. Reg. at 82,467. So the short answer to your question is that a doctor should only be able to disclose a patient's identifiable health information for billing purposes with the patient's consent. If this means that the claim cannot be paid, the patient will have to pay privately (as has always been the case). The physician can determine this, as they always have, by determining prior to providing the services whether the patient will consent to the disclosure of information necessary for insurance coverage or agree to pay privately. What a physician cannot do in the ethical practice of medicine, is disclose a patient's identifiable health information for billing or other purposes without the patient's consent, unless required to do so by law. Question 3: Should a patient be able to edit or block the sharing of identifiable health information between a physician and a specialist? Answer-Again, we believe in the ethical practice of medicine under which a patient's identifiable health information cannot be disclosed, even to another physician, without the patient's consent. There is no reason why this consent cannot be obtained at the time the patient is accepted for treatment by the first physician. This is not a novel concept. This has been the established practice, as reflected in standards of medical ethics, throughout the history of the country. For example, psychoanalysts often seek consultations from other practitioners, but they never do so without obtaining the patient's consent. Certainly, no physician, even a physician to whom a patient was referred, would ever treat a patient without his or her consent. We do believe, however, that there are situations in which a physician should be able to infer consent where it is necessary to carry out treatment that a patient has requested. This is essentially the approach that was taken in the Original Privacy Rule which allowed health care providers in an "indirect treatment relationship" (such as a consult) to review an individual's identifiable health information without express consent. 45 CFR 164.506(a)(2)(i) (65 Fed. Reg. at 82,810). The point that must be appreciated is that if the individual's right to privacy for identifiable health information is not protected, the information will simply not exist, because the patient will refuse to disclose it. This was expressly recognized by the Supreme Court in Jaffee v. Redmond, 116 S. Ct. 1923, 1929 (1996). That decision has now been followed in over 150 other cases. The right of consent is not new or novel. It is the core concept of medical ethics and the right of all law abiding citizens "to be let alone" as protected by the First, Fourth, Fifth, Ninth, and Fourteenth Amendments to the Constitution. As HHS has found, the right to privacy is a "fundamental right" of all Americans. 65 Fed. Reg. at 82,464. Do not hesitate to contact me if you have further questions. Jim Pyles On behalf of the American Psychoanalytic Association RESPONSE FOR THE RECORD BY DON E. DETMER, PRESIDENT AND CHIEF EXECUTIVE OFFICER, AMERICAN MEDICAL INFORMATICS ASSOCIATION 1. It seems important that when we're talking about electronic health records that we would need to come up with a common medical terminology. Is the licensure of SNOMED the final step in coming up with this common terminology or does more need to be done? Response: The initial comment is accurate; that is, we need to have a common medical terminology. The licensure of SNOMED was not the final step in coming up with a common terminology and more does need to be done. Today, we have three problems. First, we don't have a global system that brings SNOMED and ICD-10 together and, second, we don't have an agreed-upon manner by which the world will maintain the terminology and classification system going forward. Medicine constantly changes due to new discoveries about human biology and diseases, new technologies, and new treatments. The challenge is to find a way to support those groups who can do this kind of work well and also support a method and manner of giving the world timely open access to the terminology and classification into the future. The USA would be very wise to license SNOMED and subsequent terminology and classification for use by the world and not just for USA institutions from the National Library of Medicine as well as support the ongoing maintenance of the standard terminology and classification systems through the NLM; an extra $6-8 million per year would give the NLM the funding it would need to support this but the benefit to the USA itself would more than offset this cost. A joint task force of AMIA and AHIMA experts is currently working on a white paper that discusses this issue in some detail and a copy of that report will be sent to you as soon as it becomes available. Additional funding for informatics research on this and related issues such as that mentioned in the next paragraph is needed. The third problem relates to the movement within the USA of giving patients electronic health records populated upon information used in paying insurance claims. The current terminology on insurance claims that used ICD-9 is so outdated that it will only serve as an approximate representation of a person's health status, treatment, or disease condition(s). We have very little data to show us just how well or poorly it reflects reality but many experts are concerned about the potential distribution of millions of records of dubious accuracy and the confusion this will cause physicians as well as patients as they seek to sort out reality from 'billing' data. We will have integrated computer-based personal and clinician health records in the future and this makes the challenge of addressing the remaining terminology and classification issues for now and going forward. 2. You mentioned the need for ways to authenticate or identify individual patients - what are the privacy aspects associated with a unique personal identifiers, as was called for in the original HIPAA legislation? Response: The privacy aspects of authentication or identification of individual patients fall into two categories based upon what one consider 'privacy rights' to entail in a free society. If 'privacy rights' are defined as a 'right to be left alone', they imply something different than if 'privacy rights' are defined as the 'right to remain unknown'. Since I do not believe a modern society can exist by operating with the second definition as the dominant operating policy, I will respond to policy dimensions relating to the first definition. Indeed, the testimony of one witness at the hearing reflected that latter perspective. The original HIPAA legislation called for unique personal identifiers for health for a number of reasons. First, all developed economies in the world have adopted this approach as the most reliable and cost-effective manner of personal identification for health purposes. Today, we are seeing rising interest and indeed rapid movement to give citizens their personal health information. It is crucial for both health care safety and personal privacy that both doctors and patients exchange data solely to those to whom it is intended and no one else. In all likelihood we will use an algorithm in addition to a unique identifier. If one does not have access to a person's social security number (SSN) for example, the accuracy of the algorithm drops considerably. To assure the greatest accuracy, a unique personal identifier is the most sensible approach. At the minimum we need national public policy that will assign a unique health identifier with an opt-out arrangement for those citizens who fall into the latter category mentioned above. Suggestions have included the SSN plus a four digit PIN and a range of other suggestions have been made. There is ample testimony before the NCVHS on this topic. I see some value for using the first five digits of the SSN plus a four digit PIN that the individual selects. 3. We have heard complaints about the negative impact of the HIPAA privacy rule on clinical research - how would legitimate clinical research uses of information be better facilitated? This question has many potential responses. Unfortunately, the potential for HIPAA to be revised so that it could better support clinical research without legislation being passed or regulations being developed that would in reality make clinical research even more difficult to undertake is a compelling consideration. In light of this, only one recommendation follows. As the nation moves toward an approach to authenticate all individuals in order to improve patient safety and protect the privacy of their data, the citizen at the time of identifier selection could be given the option of 'ticking a box' to allow him or her to be contacted by researcher(s) having clinical research protocols approved by a legitimate institutional review board to see if the individual had any interest in participating in such a study or studies. Those citizens who chose neither to have a unique identifier nor participate in research would not be able to be notified but certainly millions of citizens both could and would choose to participate. This would be enormously helpful to the clinical research community. Obviously, those who chose not to collaborate would still gain the benefits from any findings coming from those sharing their data. Of course, if sufficient numbers of people opted out in a certain category of age or sex, no valid research would be achievable since sample sizes might be too small. This creates a problem known as 'free riders'. Too many free riders and the train won't leave the station. If there is interest in other ways to improve clinical research, I can respond further. Don E. Detmer, MD, MA, President and CEO, American Medical Informatics Association SUBMISSION FOR THE RECORD BY THE BLUE CROSS AND BLUE SHIELD ASSOCIATION Introduction The Blue Cross and Blue Shield Association (BCBSA) appreciates the opportunity to provide testimony to the Committee on H.R. 4157, the Health Information Technology Promotion Act of 2005, and applauds the effort to facilitate and encourage the widespread adoption of health information technology (health IT). BCBSA is made up of 38 independent, locally operated Blue Cross and Blue Shield companies that collectively provide healthcare coverage for more than 93 million people - nearly one- in-three Americans. Blue Cross and Blue Shield Plans across the country are leaders in advancing health information technology, giving providers and consumers tools and information to help them make better health care decisions. Plans are sharing clinically relevant claims information with physicians; giving consumers access to their medical information through personal health records and other internet-based tools; and helping providers adopt health IT, including e-prescribing and electronic health records (EHRs). BCBSA is committed to a health care system that can assure greater patient safety, improved quality of care and increased efficiency. We believe that achieving this goal requires nationwide adoption of health IT based on interoperability standards that support the exchange of information among providers, payers, consumers and government. That is why we strongly support the requirement in H.R. 4157 to establish interoperability standards through a public-private collaborative process. However, we are concerned that the provision calling for switching from ICD-9 to ICD-10 billing codes by October 1, 2009 would threaten the goal of widespread adoption of health IT. Switching to ICD-10 by 2009 is unworkable because: <bullet> ICD-10 is a massive undertaking, not only for payers and hospitals but also for physicians; <bullet> Industry is running at maximum capacity with HIPAA mandates; <bullet> Much preliminary work is needed to make the switch feasible; and <bullet> Medicare would be put at great risk. Our testimony below will explain these factors, and offer as an alternative three additional years to switch to ICD-10, with full compliance no sooner than October 1, 2012. In addition, we would like to draw the Committee's attention to a specific issue concerning the provision creating new safe harbors under the federal anti-fraud and anti-kickback laws: the prohibition on taking into account the volume or value of referrals by entities donating health IT to physician. As explained below, this prohibition would have a chilling effect on donations of health IT that are already taking place today. Switching to ICD-10 by 2009 is Unworkable In 2003, the Robert E. Nolan Company - a respected business consulting firm - estimated that implementing ICD-10 would cost providers and payers up to $14 billion. This cost is indicative of the complexities involved in switching from ICD-9 to ICD-10. Provider and Payer Systems will require a Massive Overhaul ICD codes are ubiquitous in health care. Providers process and store diagnosis and procedure codes in virtually every one of their computer systems, many of which are linked to share information. Payers use diagnosis and procedure codes not only to process claims, but also to design benefit packages, construct fee schedules, operate disease management and quality improvement programs, make medical necessity determinations, and prevent fraud and abuse. The new ICD-10 coding systems are significantly more complicated than ICD-9. ICD-9-CM (volumes 1 & 2) uses about 13,000 codes for diagnoses; ICD-10-CM uses 120,000 codes for diagnoses. ICD-9-CM (volume 3) uses about 11,000 codes for procedures; ICD-10-PCS uses 87,000 codes for procedures. To handle these new ICD-10 codes, provider and payer systems must be completely redesigned: field sizes will have to be expanded, alphanumeric composition allowed, and code values and their interpretation completely redefined. IT staff will have to install new code sets, remap and testing every interface used with vendor software (front-end and back-end) and modify all reports used by providers and payers in clinical, financial, reimbursement and quality analyses. Such far-reaching changes demand adequate time to avoid costly mistakes and disruptions in claims payments. Physician Practices will Require a Massive Overhaul If the advantages of the new coding system are to be realized, physicians will need to become substantially more precise and detailed in documenting patients' medical records. To make sure they get the right information from patients to assure proper coding, physicians will need to know ahead of time all of the information that will be required to code according to the new standard - an impossible task without new electronic decision support systems that take physicians through the "decision tree" for each possible diagnosis. Unfortunately, fewer than 15% of physicians currently have electronic health records systems that could be modified to provide such decision support. A report published last year in the Annals of Internal Medicine projects on the basis of current trends that in five years' time only 25% of physicians in solo or small group practices will have electronic health records. Once they gather the needed information, physicians will need to put additional time and effort into documenting patients' medical records, and completing what is sure to become a greatly expanded "superbill" to assure proper reimbursement. In turn, the physician's coders will need to increase their medical knowledge, and the medical staff will need to be aware of the challenges to the physicians and be prepared for greater interaction between the coding staff and the physicians. Industry is Already at Maximum Capacity with HIPAA Implementing ICD-10 by 2009 would cause system overload. Payers and providers are currently working hard to implement pending and planned HIPAA tasks. These need to be completed or well underway before implementing ICD-10 because they require the same staff resources. Providers, payers and vendors will all have resources stretched thin over the next several years. Currently the health care industry is still working to fully implement all of the initial HIPAA transactions. For payers this work includes trading partner testing and making improvements to the level of response in both the claims status and eligibility response transactions. Another major task currently underway is implementation of the National Provider Identifier (NPI). This project has proven to be much more difficult than originally contemplated because of the complex relationship between NPIs and legacy identifiers. Crosswalks or maps between the two sets of identifiers need to be developed, and in some extremely complex cases re-contracting may be required. The compliance date for this implementation is May 2007, and will most likely require continued use of support staff for the remainder of that year. Other HIPAA projects on the horizon include electronic claims attachments, which will probably need to be implemented starting in 2007, implementation of the 5010 version of the current HIPAA transactions, and the National Payer Identifier (which has the potential to become as complex as the National Provider Identifier). Each of these projects individually will require substantial human and capital resources. All of this work, coupled with the scope and complexity of the move to ICD-10, would severely overload system resources and expose the providers and payers to unnecessary risk. Much Preliminary Work Is Needed Important steps must happen before the switch to ICD-10 can begin. First, industry must move to a new version of HIPAA transactions (5010) because the current (4010) will not work with ICD-10. This change alone is a significant upgrade that will require the two years allowed under HIPAA to analyze, program, test, and implement this more complex version. The "implementation guide" that is part of the new 5010 version shows that thousands of changes will need to be made, from comparatively simple tasks like making a change to a single document, to extremely complex tasks like adding the ICD-10 code list. Only after these changes are made should providers and payers begin implementing ICD-10 H.R. 4157 seeks to hurry the process of implementing version 5010 by eliminating notice and comment rulemaking. This would be a mistake. The notice and comment process is industry's primary opportunity to raise business issues that have broad policy implications. To take claims attachments as an example: the SDO might focus on the business requirements around a specific interaction between trading partners such as an unsolicited claim attachment; but CMS would focus on the larger business/policy issue of whether or not to allow claims attachments. Only the agency's comment and review process gives industry the opportunity to consider the proposed mandate from an enterprise or industry-wide perspective. We believe that global perspective review is essential for the industry and we strongly believe that global review opportunity must be preserved under any revised system for HIPAA changes. Second, the government must release automated crosswalks that map ICD-9 and ICD-10 - a complete set is not yet available - and providers, payers, and vendors must analyze and test those crosswalks to minimize problems. If the crosswalks do not work properly, historical data will be lost, resulting in an inability to run incentive ("pay-for-performance") programs and the risk of increased fraud and improper payments. Any change in the underlying code set for claims will undo years of work on fraud detection and control based in ICD-9 coding. Payers have put logic into place within their systems that enable them to see patterns of utilization (such as multiple surgical procedures, assistant surgeon charges, unbundling, upcoding, appropriateness of care, excluded procedures), draw comparisons among providers, and detect claims that fall outside norms. All of this logic will have to change - which involves the manual process of rewriting all the validity edits - to detect claims irregularities. Depending on the detail and accuracy of the crosswalks, this could be a significant undertaking. Meanwhile, even a small increase in fraud could pose significant risk in a $1.5 trillion health care system. Medicare Would Be Put At Great Risk In the largest contracting change since Medicare's inception, CMS is transitioning more than 50 fiscal intermediary and carrier contracts to 15 Part A/B Medicare Administrative Contractors (MACs) by 2009. This will require multiple claims workloads to move from multiple contractors to a single MAC with new jurisdictional lines. At the same time, CMS will be consolidating Medicare workloads into two data centers, which must be done carefully to avoid service disruptions. The MAC transition will be made in three cycles of competitive bidding, scheduled for completion by summer, 2009. This is a mammoth undertaking with multiple data systems being transitioned to a single entity. The GAO has noted that this massive consolidation in itself has the potential to cause major service problems for Medicare, and the schedule allows little time for CMS to make adjust for any problems. Switching to ICD-10 by 2009 would further overwhelm Medicare contractors' IT departments, leading to claims backlogs, improper payments, increased opportunities for fraud, and provider and beneficiary dissatisfaction. BCBSA Recommendation As switching to ICD-10 by 2009 is unworkable, BCBSA recommends a minimum of three additional years, with compliance no sooner than October 2012. An additional three years would reduce the risk of HIPAA overload and Medicare meltdown, and would provide time for the adoption of decision support systems and significant training and education that physicians and other health care professionals will need. Pilot Testing An additional three years would also provide time for pilot testing, which BCBSA believes is critical for any major systems' change. Adequate pilot testing is crucial to ensure the new system works, providers are educated, and claims will be paid: A key lesson from HIPAA is the importance of pilot testing to avoid costly mistakes and assure smooth implementation. ICD-10 is vastly different from the current billing system, with more than 200,000 codes (compared to 24,000 now). The World Health Organization (WHO) also recommends this essential step: "Before starting full-scale countrywide use of ICD-10, it is advisable to test adapted data registration tools and procedures in a number of pilot areas and hospitals. It will help early identification of outstanding problems and fix these before the countrywide implementation starts." Once comprehensive, automated crosswalks are released, ICD- 10 should be pilot tested. Providers and payers would then be able to adjust their systems, and develop a coordinated implementation strategy based on the pilot results. CMS could then set a compliance date that allows the industry to complete the needed adjustments. Safe Harbors and Limits on Volume H.R. 4157 stipulates that in order for non-monetary remuneration (in the form of health information technology and related training services for a physician) to fall within the safe harbor, the entity offering the remuneration must not take into account the volume or value of referrals (or other business generated) by the physician to the entity. The problem with this provision is that it would have a chilling effect on donations that are already taking place today by health plans. For example, it is increasingly common for health plans to promote electronic prescribing by donating e-prescribing hardware and software to physicians. To optimize the allocation of scarce resources, the donation programs commonly target physicians on the basis of volume of prescriptions written or the value of the drugs prescribed. By taking into account volume and value, health plan donations have the most impact on improving physician prescribing habits and improving services provided to the greatest number of health plan members. Unlike hospitals and group practices, health plans as private payers actively seek to control the fraud and abuse activity the legislation seeks to address-it is a business imperative. As partners with the government on Medicare and Medicaid, health plans are designed to, and have every financial incentive to control utilization costs to compete effectively-the incentives of plans and of the government are aligned by the contractual arrangements to promote gains in efficiency and quality, and to control fraud and abuse. BCBSA Recommendation BCBSA recommends that the legislation specifically allow health plans to determine eligibility or the amount or nature of the items and services in a manner that takes into account the volume or value of referral or other business generated between the physician and the health plan. Conclusion A minimum of three additional years is critical to switch to ICD-10 - with full compliance by no sooner than 2012 - not only to avoid costly missteps in transitioning from ICD-9 to ICD-10, but also to avoid derailing important health IT initiatives to improve safety, quality, and efficiency. Health IT innovations are exploding as providers and payers devote significant resources to advancing the national priority of widespread adoption of interoperable electronic health records (EHRs) and personal health records (PHRs). For example, many Blue Cross and Blue Shield Plans are building payer-based EHRs and PHRs using claims data and developing regional networks for exchanging administrative and clinical information. Having to redirect resources for an immediate switch to ICD-10 could hinder initiatives promising direct consumer benefit. SUBMISSION FOR THE RECORD BY DEBORAH C. PEEL, MD, FOUNDER, PATIENT PRIVACY RIGHTS FOUNDATION Chairman Deal and Members: The Committee on Health deserves thanks for holding hearings to examine legislative proposals to build a national health Information technology network. I appreciate the opportunity to provide written testimony on this matter of critical importance, not only to the future of our healthcare system but also to the future of our Democracy and our cherished rights to personal liberty and freedom. H.R. 4157, the "Health Information Technology and Promotion Act of 2005" promotes the adoption of information technologies to streamline and improve the healthcare system, but at the expense of Americans' most cherished values: personal liberty and privacy. What is Privacy? What exactly does it mean to have the right to privacy? The Original Privacy Rule states, "The right of privacy is: 'the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated'." 65 Fed. Reg. at 82,465 The two key reasons HR 4157 and the other HIT bills (with the exception of HR 2234) will eliminate every American's right to privacy are: 1) HR 4157 relies on the HIPAA Privacy Rule as a privacy standard. But the Amended Privacy Rule deprives all Americans of the right of consent, thereby depriving them of the right to control access to their medical records. [citation: "The consent provisions.are replaced with a new provision.that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, healthcare operations." 67 Fed. Reg. at 53,211] 2) HR 4157 sets up a process to study and eliminate all stronger state laws protecting medical privacy. Setting up a process to eliminate more privacy-protective state laws in the absence of a very high national standard set by Congress is a mistake. States' rights to determine how best to protect citizens must not be eliminated without a strong national standard in place. These two elements of HR 4157 will create a national electronic health system with open access to the nation's medical records by over 800,000 private individuals, corporations, and government agencies; and eliminate states' rights to retain privacy protections stronger than HIPAA. Other aspects of the bill can be negotiated, but privacy rights cannot. Privacy must be the lynchpin of any system for storing and sharing the nation's medical records. Consequences of Building a National Health IT System Without Privacy Without privacy, HR 4157 will have damaging effects that reach far beyond the healthcare system by making electronic medical records instantly accessible for business uses that have nothing to do with healthcare. Broad dissemination of the nation's medical records to hundreds of thousands of covered entities will facilitate discrimination against every man, woman, and child. HR 4157 will enable electronic access to a mother lode of the most commercially valuable databases on earth: the nation's medical databases. Armed with detailed medical records, private businesses and government agencies will be tempted to discriminate against people based on fears about their future health, rather give them opportunities based on their qualifications and abilities. Will we get jobs, promotions, or bank loans? Our children's opportunities and livelihoods will be more severely limited than ours, as opportunities will be denied to them earlier in their lives. Will our children and grandchildren get into colleges, get jobs, or be able to buy their first homes? As the health care system increasingly becomes the province of big business and government, threats to patient privacy will increase exponentially. The immense commercial value of identifiable medical records explains why corporations and the government want unfettered access to everyone's medical records. Privacy (the right to control personal health information) is an important substantive limit on the power of the government and the power of corporations; it limits what they can do. HR 4157 without privacy is a prescription for disaster. Introduction My name is Deborah C. Peel, MD. I have been practicing medicine for 32 years. My specialty is adult psychiatry and Freudian psychoanalysis. My career as a mental health professional put me at ground zero for privacy. No one would tell me anything if their treatment could be used to harm them. People paid me cash long before managed care or computers were invented, in order to assure their privacy. Mental health treatment requires the most stringent privacy protections so people will trust mental health professionals with their most painful and terrifying thoughts, feelings, and memories. Patients need privacy and the trust it engenders to speak freely and fully. Mental health professionals need privacy to offer effective psychotherapy, just as surgeons need sterile fields to operate. I've seen so many people be harmed over the past 32 years when their medical or prescription records were disclosed without their consent. Without privacy, people will refuse to get treatment and the help they need when they are sick. They will lie and omit data, and refuse genetic and other tests and treatments that could stigmatize them. People will risk worsening illness and even death, rather than risk losing their jobs or reputations. As a physician, mother, patient, and consumer, I could not stand idly by and watch the destruction of our privacy rights. No national medical privacy watchdog organization dedicated to fighting to save our rights to privacy existed, so I started Patient Privacy Rights Foundation about three years ago. Our mission is to inform and empower Americans to save their human and civil rights to medical privacy. Consequences: What happens when patients can't control access to their medical records 1) Diane O'Leary (permission was granted to tell her story). Ms O'Leary is a journalist by profession, living in NY. She developed a rare neurological condition. After the first neurologist she sought treatment from did not help her and the medications he prescribed made her worse, she stopped going to him and sought care elsewhere. But the doctor she fired sent her medical records with his opinions to the new specialists she consulted, without her knowledge or permission. He claimed the HIPAA Privacy Rule gave him the right to disclose her medical records. The disclosures effectively kept her from getting the correct diagnosis and treatment for three years. She was partially disabled and can no longer work as a journalist. 2) Patricia Galvin (permission was granted to tell her story). Ms Galvin is a lawyer who was being seen in a sleep disorders clinic at Stanford University. She saw a therapist in the clinic who repeatedly assured her that the handwritten records she kept of their therapy sessions would not be entered into Ms Galvin's general medical record. But they were. Once her therapy records were scanned and placed in her general medical record, Ms Galvin could not prevent the records from being repeatedly disclosed by the hospital without her permission, because HIPAA allows disclosures of medical records for all routine uses. Her medical records were sent to her insurer and employer, who fired her and because of some errors in the records and she also lost her disability coverage for an unrelated back injury. 3) A physician whistleblower wrote Patient Privacy Rights about his concerns that the VA's electronic medical records system allows anyone with access to the system to see any patient's medical records without the patient's knowledge or permission (permission was granted to share his story). He gave 3 examples of very sensitive records that VA staff could view: <bullet> a man had a device inserted into his penis, the nursing notes described the time, length, and size of his erection <bullet> a woman suffering from painful intercourse had detailed chart notes about the depth and timing of her partner's vaginal penetration to remedy her symptoms <bullet> an x-ray technician who took a shoulder x-ray of a man had read his mental health notes and asked him if he was still suicidal. The man went to the VA psychiatrist and fired her and refused further treatment 4) Parents of children diagnosed with autism expressed outrage that the CDC was obtaining their children's medical records and school records without notice or consent, a use the HIPAA Privacy Rule makes fully legal for covered entities. [National Autism Association Press Release - 3/1/2006 - CDC Obtains Children's Confidential Records Without Parental Consent For Autism Study] 5) A college student was expelled from GWU because his medical records concerning his depression were disclosed to the college without his consent. [GWU Suit Prompts Questions Of Student Liability; School Barred Depressed Student, Washington Post - 3/10/2002] 6) Insurers now ask doctors to disclose patients' complete medical records, using HIPAA to justify access without patient consent: Email from Robert Charles Powell, MD, PhD on 3/11/06 to a psychiatric listserv (permission was granted to share the email for testimony): "Now that HIPAA is attempting to be lord of the land, there are more and more requests for "all medical records and notes" -- which is an illegal request of a psychiatrist under the Illinois Confidentiality Act. I don't know how this ultimately will shake out, but it is worth noting that the Ohio Supreme Court recently upheld that state's confidentiality act -- almost as good as Illinois' -- noting (a) that the state act offered the patient more protection than HIPAA and therefore should be followed plus (b) that the physician had a responsibility to protect the patient's privacy regardless of whatever piece of paper the patient might have signed [the Illinois act specifies likewise that a patient can NOT sign away protected confidentiality rights. [Grove v. Northeast Ohio Nephrology Associates (Ohio Ct. App., Nos. 22594, 22585, 12/26/2005)] 7) Wal-Mart: Quotes from the Memorandum to Wal-Mart's Board of Directors: <bullet> "Redesign benefits and other aspects of the Associate experience, such as job design, to attract a healthier, more productive workforce." <bullet> "The team is also considering additional initiatives to support this objective, including: all jobs to include some physical activity (e.g., all cashiers do some cart gathering)." See New York Times story October 26, 2005: Wal-Mart Memo Suggests Ways to Cut Employee Benefit Costs, By Steven Greenhouse and Michael Barbaro. [Supplemental Benefits Documentation, Board of Directors Retreat FY06, Wal-Mart Stores, Inc., Reviewing and Revising Wal-Mart's Benefits Strategy, Memorandum to the Board of Directors, http://www.patientprivacyrights.org/site/DocServer/WalMa rt_memo.pdf?docID=501] 8) FDIC Notice on Medical Privacy. This example is included to show how access to medical records is widespread, far beyond the direct uses in the healthcare system. Enough medical records were in the hands of banks and financial institutions for the FDIC to issue a formal memo on April 28, 2004. Furthermore, the Gramm-Leach-Bliley Financial Services Act permits banks and financial institutions to share medical and financial records with all their affiliates and non-affiliates without consumer consent. The FDIC acknowledges that banks and financial institutions have medical records, "section 411 prohibits creditors from obtaining or using medical information to make credit determinations. Except as permitted by the regulators or the FACT Act itself, section 411 treats medical information as a credit report when a creditor shares it with an affiliate." Further, section 411 states that "a creditor may not obtain or use a consumer's medical information, as defined in the Act, in connection with a determination of a consumer's eligibility, or continued eligibility, for credit...section 411 states that when affiliates share certain medical information, that information will be considered a consumer report under the FCRA." 9) Patients' medical records can be sent around the world without their knowledge for transcribing, because under HIPAA patients have no right to consent to or even be notified of this "routine" practice. See San Francisco Chronicle story by David Lazarus: A tough lesson on medical privacy, Pakistani transcriber threatens UCSF over back pay Wednesday, October 22, 2003 URL: sfgate.com/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8 G.DTL 10) "Placentas taken, but moms were not told." Susan Goldman of the Oregonian reported on Sunday February 12, 2006, that "as many as 700 afterbirths, many involved in difficult deliveries, made their way to a Portland registry, records show." Not getting consent to analyze women's body parts following births of children with injuries or defects is a severe violation of their privacy. [http://www.oregonlive.com/search/index.ssf?/base/news/1 139707514288820.xml?oregonian?lctop&coll=7] 11) Patients can no longer control who can access their records, so as our medical records are disclosed over and over to people we do not about, our records will be stored in many more locations we have no knowledge of, exposing us to high risk of identity theft because electronic systems are NOT secure. See: TechWeb News March 9, 2006, by Gregg Keizer: PIN Scandal 'Worst Hack Ever'; Citibank Only The Start "The scam has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, all of which have re-issued debit cards in recent weeks, says a Gartner research vice president." http://www.informationweek.com/story/showArticle.jhtml? articleID=181502474 ] 12) There is no meaningful recourse or right of action under HIPAA if your privacy is violated. You can only complain to HHS. The woman caught in an FBI sting operation is only the second conviction for a privacy violation since HIPAA took effect. The first was a conviction for identity theft that was later overturned. The second story from TMCNews reported that of the 17,000 complaints of privacy violations made to the government, only one person was prosecuted. 70% were dismissed because they were legally permitted disclosures. Because HIPAA grants legal access to over 800,000 individuals, corporations, and government agencies, patients have no right or opportunity to stop access by any of them. See Laredo Morning News - 3/7/2006, Alamo Woman Guilty of Selling Medical Information at: http://www.patientprivacyrights.org/site/News2?page=New sArticle&id=5807&news_iv_ctrl=-1 See also TMCNet News, February 24, 2006 at http://www.tmcnet.com/usubmit/2006/02/24/1404832.htm Don't Confuse Privacy and Security It is important not to confuse the privacy with security. Security can help protect medical records from illegal users like hackers, but it cannot restore or substitute for the right to control who can see and use your medical records. The terms are often used interchangeably, confusing their different effects on access to medical records. Privacy means that patients control who can see and use their electronic medical records, which means they can exclude any individual or corporation from having access to their medical information. Security measures such as encryption, firewalls, passwords, levels of access, and other physical and technical measures can help protect medical records from illegal access by hackers and identity thieves. But security measures do nothing to stop the over 800,000 covered entities that currently have legal access to medical records from using them. Strong security measures are not a substitute for privacy. Need for a system of trusted couriers and trusted custodians The health IT system should be designed and engineered to be a system of trusted couriers and custodians. It should be structured to permit access to medical records only with patient permission (emergencies could be specifically excluded). That is how FedEx works. We trust FedEx to deliver our packet of information to only the person we specify. Instead, in the electronic world, any data broker, data warehouse, and any healthcare business that handles, stores or processes medical records simply appropriates them for corporate use. If FedEx operated like that-where anyone who happened to handle the packet of information could tear it open, make copies, and use and sell the data, it would not have any customers. Surely our sensitive health information should not be accessible to all covered entities to copy and steal just because they happen to be in a business that is connected to the healthcare system. Conclusions <bullet> Congress should intervene when private actions have such vast public consequences. The failure of Congress to intervene and specify the rights patients should have---the right to control access to their medical records----will undermine significant Constitutional values and impair important individual privacy rights. <bullet> Congress should set privacy standards, not delegate the task to unelected officials with no Congressional or public input or oversight. <bullet> With ironclad privacy standards and patient privacy rights in place, patients will be willing to trust and use the national electronic health system and the incredible and transforming benefits that IT can bring to the healthcare system will be fully realized. Solutions to Insure the Privacy Of Medical Records In Electronic Networks and Systems <bullet> Patients must control who has access to their personal health information over any electronic health networks <bullet> Allow patients to opt-in and opt-out of health information networks <bullet> Allow patients to segregate their most sensitive medical records <bullet> Require audit trails of all disclosures <bullet> Require patient notification of all suspected or actual privacy and security breaches <bullet> Deny employer access to employee medical records <bullet> Allow access to de-identified medical records for research, public health, and other legitimate uses <bullet> Preserve stronger state laws protecting medical privacy <bullet> Enact criminal penalties for use or possession of medical records without permission Deborah C. Peel, MD Chairman, Patient Privacy Rights Foundation Austin, Texas 512-732-0033 www.patientprivacyrights.org SUBMISSION FOR THE RECORD BY ADVANCED MEDICAL TECHNOLOGY ASSOCIATION AdvaMed and its member companies thank the Committee for holding this hearing on health information technology (HIT). HIT promises to revolutionize the health care delivery system and dramatically effect patient safety, quality of care, and efficiency. HIT products and applications are greatly expanding throughout vital sectors of the American health care delivery system, including clinical operations, decision support, devices, equipment, distribution, administrative tasks, and the interface with payers. As a result, HIT is helping to significantly reduce medical errors, improve the quality of care, speed paperwork, and reduce administrative costs. AdvaMed is the world's largest medical technology association representing manufacturers of medical devices, diagnostic products and medical information systems. AdvaMed's more than 1,300 members and subsidiaries manufacture nearly 90 percent of the $75 billion of health care technology purchased annually in the United States and more than 50 percent of the $175 billion purchased annually around the world. Many of these technologies - such as electronic infusion pumps that administer intravenous (IV) drugs, verify correct drugs, and check dosages, as well as remote physiological monitoring (RPM) technology - save lives and improve the quality of life for patients by preventing medication errors and managing disease. The Role of Technology Universally interoperable electronic health records (EHR) hold great promise in reducing health care costs and improving the quality of care delivered to patients. The Department of Health and Human Services (HHS) cites two studies that estimate savings from implementing EHRs to be between $78 and $112 billion. HIT, however, is expanding far beyond the EHR to include devices that are already dramatically improving patient safety, quality of care, and health care efficiencies. Combined, the EHR and these other innovative technologies will ultimately play a major role in reducing overall health care costs. Examples of these innovations include: <bullet> Computer-assisted physician order entry devices to increase patient safety and health system efficiency; <bullet> Hand-held Personal Digital Assistants (PDAs) to allow doctors making rounds to immediately access each patient's complete medical record; <bullet> Electronic lab results to allow test results to be stored and sent to physicians electronically; <bullet> Electronic prescription orders to allow physicians to send prescriptions directly to pharmacists to ensure accurate order submissions and allow pharmacists to conduct drug interaction reviews; <bullet> Infusion pumps to prevent drug overdoses and enable hospitals to re-engineer their systems to avoid medical errors; <bullet> Image-guided or computer-assisted surgery (CAS) to allow surgeons to more precisely position their instruments for less invasive operations and to document procedures; <bullet> Remote monitoring, telemedicine, and other devices with computerized components, such as implantable cardioverter-defibrillators (ICDs), to allow heart patients to send vital data to their physicians via a secure Internet connection, often reducing trips to the doctor; and <bullet> Picture archiving and communication (PAC) systems to store and permit the transmittal of radiological images, such as X-rays. Improving Patient Safety and Quality of Care The Institute of Medicine (IOM) estimates that 44,000 to 98,000 deaths each year result from preventable medical errors in hospitals. Studies have shown that there are errors in 24.9 percent of hospital patient records. An estimate by the Food and Drug Administration (FDA), found that as many as 372,000 preventable adverse drug events occur each year. These errors result from administering incorrect dosages, errors in filling prescriptions, and adverse drug interactions. Technologies that support IV drug administration can help prevent medication errors using automated dosage limits and alerting systems. Electronic physician ordering systems and data management software reduce transcription and dosing errors, promote process standardization, increase access to patient specific medical information, and reduce laboratory turnaround time. For example, a report by the National Academies in 2003 recommended that health care organizations adopt information technology systems capable of collecting and sharing health information about patients and their care. Computerized physician order entry (CPOE) devices can link the health care worker with the facility's computer system to avert medical errors. These computerized systems can automatically alert the practitioner to past drug allergies, potential drug interactions with a patient's current medications, and incorrect dosing. The Children's Hospital of Pittsburgh (Children's) launched its CPOE program, Children's Net, in October 2002. It helps this pediatric hospital with its special challenge with medication errors due to their patients' weights, as well as meeting the regulatory requirements for compliance to reach certain care benchmarks. Children's CPOE system allows doctors to show lab or diagnostic test results to parents at the child's bedside, chart functions, and graph progress. Its warning system provides an alert if a dose seems out of line, based on predetermined standards, and the CPOE has reduced medication errors by 75% and virtually eliminated weight related adverse drug events. Reducing Costs By reducing duplicative care, lowering health care administration costs, and avoiding care errors, health information technology could save approximately $140 billion per year, according to HHS. Studies cited by HHS in its 2004 Health IT Strategic Framework Report suggest the use of EHRs can reduce laboratory and radiology test ordering by 9 percent to 14 percent, lower ancillary test charges by up to 8 percent, reduce hospital admissions ($16,000 average cost) by 2 percent, and reduce excess medication usage by 11 percent. Two studies have estimated that ambulatory EHRs have the potential to save all payers $78 billion to $112 billion annually. HHS also cites evidence that EHRs have the potential to reduce administrative inefficiency and paperwork. A 2004 study in Critical Care Medicine found that using remote Intensivists (intensive care specialists) to monitor patients electronically from a remote location as part of an ICU telemedicine program not only improves clinical outcomes, but also enhances hospital financial revenues. Cost savings resulted both from a reduction in the average length of stay in the ICUs (3.63 days vs. 4.35 days) and from a decrease in daily costs. In addition, picture archiving and communication systems (PACS) enable hospitals, imaging centers and multi-site health care organizations to manage, store and transmit patient medical images such as digital X-ray, MRI and CR images. Combining this kind of technology with a digital patient information system allowed several Boston-area hospitals to save an estimated $1 million annually by, in part, reducing the time spent searching for files and manually admitting patients. Policies to Foster HIT Adoption To assure appropriate access to continued innovations in health information technologies for patients, AdvaMed believes that policies should evolve with the technologies. We support developing incentives that will overcome the barriers to timely adoption HIT. Providers, payers, and medical technology manufacturers should all be involved in developing the ways to address these issues and enable interoperable and efficient use of these technologies to improve the quality of care, patient safety, and health outcomes overall. Specifically, we support the following provisions for inclusion in HIT legislation: Regulatory Reforms: The implementation of the International Classification of Diseases, version 10 (ICD-10) will have an impact on the timely adoption of life-saving and life-enhancing medical technology. ICD-10 is the next generation of the coding system that will modernize and expand CMS's capacity to keep pace with changes in medical practice and technology. Its unique structure will incorporate all new procedures as unique codes that would explicitly identify the technology used to perform the procedure. The transition from the currently used ICD-9 system to the internationally used ICD-10 system is time-sensitive as the number of available codes under ICD-9 is rapidly dwindling. The availability of new codes has been raised in public meetings as a potential basis for CMS to deny applications for new codes, and this reluctance to issue new codes will hinder appropriate tracking, identification, and analysis of new medical services and technologies. In 2003, after several years of hearings, the National Committee of Vital and Health Statistics (NCVHS) raised concerns about the viability of the ICD-9-CM as it was "increasingly unable to address the needs for accurate data for health care billing, quality assurance, public health reporting, and health services research." NCVHS also noted in 2003 that these concerns have been "well documented" in the testimony and letters provided to the NCVHS over the past several years. HHS has yet to begin this important transition. Without adoption of ICD-10, it will be difficult to track new and emerging public health threats, such as avian flu. ICD-10 is also the key to collecting the information needed to implement a proper pay-for-performance system for providers and carry out Medicare's road map for the future, which depends on accurate data on the effectiveness of treatments. ICD-10 will also enable better patient care through better understanding of the value of new procedures, improved disease management, better understanding of patients' health care outcomes, and an improved ability to study patient outcomes. While concerns have been raised about the cost of implementing ICD-10, we note that the 2004 RAND study found that the financial benefits of ICD-10 significantly outweigh the costs, and the study did not even account for the significant costs that will accrue for not adopting the system in a timely fashion. Additionally, several cost estimates that have been circulated to attempt to dissuade support for ICD-10 are flawed by failing to net out costs of the normal upgrading of all payment systems that would occur independent of ICD-10. We believe that the long term and ongoing benefits of improved measurements of efficiency, complications, resource use, and improved accuracy of payments would more than offset the one-time or short-term costs of the conversion to ICD-10. Some existing laws and regulations present barriers to the adoption of HIT. Currently, unless an exception is met, provisions of the federal health care program anti-kickback statute prohibit the offer or acceptance of anything of value in return for patient or item/service referrals. Likewise, unless an exception is met, the physician self-referral law (the "Stark" law) bars hospitals from billing for items or services provided by physicians who have financial relationships with the hospital. While an exception to Stark has been promulgated by the Centers for Medicare and Medicaid Services for community-wide health information systems, the exception is not well defined or understood, and a much broader, clearer exception is needed. A parallel safe harbor to the federal health care program anti- kickback statute is also necessary. These barriers to the dissemination of resources (financial, equipment or otherwise), such as a hospital financially supporting its referring physicians in the acquisition and use of health information technology, must be removed. While the proposed EHR and e-prescribing exceptions to both the anti-kickback and Stark laws are an important step in the right direction, they do not go far enough to protect the adoption of HIT. In addition, AdvaMed is concerned with the impact of an increasing array of state and local laws on interoperable health systems that resulted from the enactment of the Health Insurance Portability and Accountability Act (HIPAA). Our member companies operate in a multi-state, multi-jurisdictional environment, and the overlapping multiplicity of these laws makes it costly and complex to develop compliant processes and systems for protecting confidentiality and securing information. AdvaMed believes that uniform federal standards for privacy, security, and technical regulations are critical to achieving a nationwide electronic health information exchange, and the lack of uniform federal standards should not delay this effort. Standards: AdvaMed endorses the FDA's current software regulation policies, under which it only regulates software if its output directly results in software-directed treatment or diagnosis of patients. We also believe that the FDA's regulation of any software associated with medical devices should be risk-based and only at the minimum level necessary to protect public health. Since the EHR is not a medical device and simply stores data for retrieval by a health care professional (EHR algorithms do not make diagnostic or treatment decisions), FDA regulation is not warranted for EHRs under the FDA's own standards. Financial Incentives: Many providers lack the financial ability to make the upfront investment needed to install and operate an advanced health information technology system. The federal government and other payers should provide financial incentives sufficient to spur widespread, rapid adoption of health information technology throughout the health care system, including universal adoption of EHRs. "Pay-for-performance" proposals should include incentives for adoption and use of HIT. Direct Reimbursement: Reimbursement systems should reward new modes of providing services that result in quality improvement or cost reduction for patient care. Remote patient management of chronic diseases is one example of a quality- enhancing technology for which health care practitioners are not directly reimbursed under Medicare. Many Medicare beneficiaries living in rural or underserved urban areas are unable to make regular visits to their physicians. As a result, patients with treatable chronic diseases such as diabetes, cardiac arrhythmia, and heart failure do not receive the care they require to manage their conditions. Remote patient management would ensure that Medicare beneficiaries would have access to real-time disease management services for covered chronic conditions. Direct reimbursement to health care practitioners for utilization of remote patient monitoring devices would facilitate use of this technology and lead to improved patient outcomes. AdvaMed also supports providing physicians with a quality-of-care incentive bonus for meeting specific standards of care for covered chronic diseases. Quality and Safety Studies: The e-health system should be designed to assure that data from the electronic medical record would be available, with appropriate privacy protections under HIPAA, for studies to improve patient safety, and quality of care. Conclusion Again, we thank the Committee for holding this hearing today. HIT holds great promise for improving patient safety, improving the quality of medical care, and increasing efficiency. While EHR is one of the many medical devices that can attain this goal, HIT is expanding far beyond this and dramatically improving patient safety, quality of care, and health care efficiencies. Despite the existing and growing body of evidence that HIT will improve patient safety, enhance the quality of care, and increase efficiency of care provided, many barriers to adoption remain. We urge expeditious implementation by CMS of the ICD- 10 system and federal preemption of HIPAA rules to ensure that data may be stored, updated, and transmitted electronically anywhere in the United States. Legislation is needed to address the regulatory barriers to HIT adoption, like the federal health care program anti-kickback statute and the "Stark" physician self- referral law. As clinical and interoperability standards are developed by Congress and the private sector, it is paramount that the standards are designed to evolve with advancements in technologies and that financial incentives are provided to allow providers to purchase and maintain the HIT. 42 USC 1395nn(h)(1)(C) See as just one example Caroline Broder, "Survey: Consumers Concerned About Control, Access to Medical Info," Healthcare IT-News, January 18, 2006. For example, polling of Americans shows 63% to 75% would not participate in, or are concerned about loss of medical privacy in an electronic system. See work of Professor Alan Westin, February 23, 2005; California Health Care Foundation, January 2000; and 65 Federal Register 82,466. Testimony of Joy Pitts, Assistant Research Professor, Georgetown University, July 27, 2005 before the Ways and Means Health Subcommittee, citing the Rep. Velasquez and former President Clinton examples, page 2. See also Robert Dallek's An Unfinished Life (p. 261ff) for a description of LBJ's efforts to obtain medical information on JFK and how Kennedy avoided certain important medical tests so as not to have a medical record. As HHS said in the Federal Register, "there is no such thing as a totally secure [electronic information] system that carries no risk." 68 Federal Register at 8,346. For very recent examples of hacking and intentional misuse of data, see Information Week, March 9, 2006, "PIN Scandal 'Worst Hack Ever'; Citibank Only the Start," and The Washington Post, March 14, 2006, Business Section, page 2, "Datran Media Settles Probe." Joy Pitts, op. cit., p. 4. See letter from National organizations representing consumers, family members, advocates, professionals and providers, c/o Peter Newbould, American Psychological Association Practice Organization, 750 First Street, NE, Washington, DC 20002. Reportedly millions of Americans already forgo sensitive treatments because of privacy concerns. 65 Federal Register 82,778. Eleven footnote references to sources for statements omitted from quote. For a less scholarly description, see "The Drug Pushers, by Carl Elliott, MD, Ph'D in The Atlantic Monthly, April, 2006: "After awhile even the most steel-willed doctors may look forward to visits by a [drug] rep, if only in the self-interested way that they look forward to the UPS truck pulling up in their driveway. A rep at the door means a delivery has arrived: take-out for the staff, trinkets for the kids, and, most indispensably, drug samples on the house. Although samples are the single largest marketing expense for the drug industry, they pay handsome dividends: doctors who accept samples of a drug are far more likely to prescribe that drug later on. Such gifts do not come with an explicit quid pro quo, of course. Whatever obligation doctors feel to write scripts for a rep's products usually comes from the general sense of reciprocity implied by the ritual of gift-giving." This is the comment on anti-kickback proposed rule. Basically identical comments were filed on CMS-1303-P, relating to the physician referral proposed rule. 1 Terri Simmonds. "Using The Trigger Tool to Detect Potential Harm in Medication Management." Infusion Safety: Addressing Harm with High-Risk Drug Administration. The ALARISr Center for Medication Safety and Clinical Improvement. San Diego, California. 2004, pp 10. Steven Tucker. "Analysis of Impact of the Food and Drug Administration's Proposed Bar Code Label Requirements for Human Drug Products and Blood." Hospital Pharmacy. 38 (11), Supplement 1, pp S11. Breslow MJ, Rosenfeld BA, Doerfler M, Burke G et al. Effect of a multiple-site intensive care unit telemedicine program on clinical and economic outcomes: An alternative paradigm for Intensivist staffing. Crit Care Med 2004;32:31-38. Networking Health: Prescriptions for the Internet, Institute of Medicine, National Academy of Sciences, p. 81, 2000.