This is an archive page. The links are no longer being updated.

Testimony on HCFA Y2K Progress by Gary Christoph, Ph.D.
Chief Information Officer
Health Care Financing Administration
U.S. Department of Health and Human Services

Chairman Horn, Chairwoman Morella, Congressman Turner, Congressman Barcia, distinguished Subcommittee members thank you for inviting me here today to discuss the Health Care Financing Administration=s (HCFA) progress in meeting the Year 2000 (Y2K) challenge. I am happy to report today that HCFA continues to make solid progress.

Y2K remains our Agency=s top priority, and we are on track to meeting the Year 2000 challenge successfully. We have continued our aggressive Year 2000 activities since we last came before the Government Management, Information, & Technology Subcommittee this past April. Our success is due in large part to the leadership of these Committees and Congress, as well as to the commitment and dedication of our Administrator, Nancy-Ann DeParle. Clearly, we would not be where we are today without the help and resources you have provided.

My testimony today will focus on two main issues. First, where we are in our Year 2000 effort and second, where we see the greatest risk to our programs, which comes from areas outside our direct control, namely the uncertain readiness of Medicare providers.

Medicare Systems Readiness

As we reported last April, all of HCFA=s internal systems were renovated, fully tested, certified compliant, and implemented by the government-wide Year 2000 goal of March 31, 1999. This includes the systems that manage the eligibility, enrollment, and premium information of Medicare beneficiaries, and those that make payments to managed care organizations that contract with HCFA. In addition, all of the external claims processing systems, those operated by private insurance contractors that process Medicare fee-for service claims and pay bills, have been fully-tested, including future-date tested, and certified as compliant. All of these systems are in production and are processing and paying Medicare claims today. Our independent verification and validation (IV&V) contractor, with oversight from the Department=s Inspector General, has verified the readiness of these external systems. Last April, you urged us and the GAO to work together to achieve our common goal of having Medicare continue to function with minimal disruption because of Year 2000 issues. We have taken your advice to heart and have worked diligently with the GAO to assure that Medicare=s core business activities will continue to operate effectively into the new millennium. We appreciate the General Accounting Office=s (GAO) continuing oversight of our efforts; they have provided us with valuable independent perspective.

The GAO has highlighted several areas where we could improve our efforts and we are Acting on each of them. For example, we are using software tools to improve our test coverage and execution. We have imposed a moratorium on system changes through March 31, 2000. We have begun monitoring provider testing of electronic claims submissions. We have increased our efforts to determine the readiness status of Medicare managed care organizations (MCOs). We are successfully managing contractor and data center transitions. And we continue to pay close attention to Medicare contractor and MCO business continuity and contingency plans.

Testing

We have developed and implemented a process for performing Year 2000 renovations, certification testing, and validation which ensures our work is of the highest quality and that our systems will be Year 2000-ready by January 1, 2000. Our IV&V contractor, AverStar, has characterized some of the steps we have developed as Abest practices@ that they have recommended to their other Year 2000 customers.

We have closely followed and even exceeded the GAO=s recommendations in the design and performance of our testing regimen. These activities have included:

• Unit testing to provide evidence that the smallest defined feature of a particular piece of software works as it was intended.
• Integration testing to verify that various units of software, when combined with other units, work together as expected.
• End-to-end testing to ensure that a defined set of interrelated systems, which collectively support HCFA-controlled core business functions, work in combination as intended in a fully operational environment. This includes integrated testing of contractor systems with the Common Working File (CWF).
• Employing validation tools to certify the quality of code renovation.
• Future-date testing of all Medicare fee-for-service systems in a future-date environment.
• Independent testing of Medicare contractors= standard systems.

We are now completing recertification testing to re-verify that our systems are working and that software changes made this past summer to fulfill legislative mandates and improve program operations have not affected previously achieved Year 2000 compliance. This recertification testing is being done on all of our external systems and those internal systems that have undergone any significant change. We will complete our recertifications by November. These extensive tests will provide further assurance that all of our systems will function in the new millennium so that there will be no disruption in payments to providers.

Acting on the advice of the GAO and using what we learned in our first round of testing and recertification, our recertification testing surpasses our previous tests in both its sophistication and scope. I am convinced that our systems will be ready for the millennium and, frankly, believe that our testing has put our systems in better shape than ever before. Our IV&V contractor is working closely with us on our recertification effort. We are taking steps to quickly address any concerns highlighted by their evaluations. Their independent reviews are central to our recertification effort and provide us with a key Year 2000 management tool to help us better target our resources in the limited time remaining.

Contingency and Day One Planning

Risk mitigation is essential to our Year 2000 contingency planning effort, which we have largely based on the GAO published guidance on contingency planning. While we believe the risk of Year 2000 failures of our systems is low, we are working diligently to prepare for any potential failures. Following the GAO=s recommendations, we assembled our own handbook on contingency planning and made it available to our contractors, states, managed care organizations, and the provider community. This handbook goes beyond the GAO=s recommendation for the level of detail necessary for successful contingency planning. We and our claims processing contractors have adhered to our more stringent standards, and we have urged states and Medicare MCOs to follow them as well.

We are now in the validation phase of our own internal contingency planning process. Each contingency plan has a designated Emergency Response Team responsible for executing the various plans, if necessary. During the validation phase, these teams are running practice exercises and rehearsing plans in a simulated environment.

We have required that our claims processing contractors have appropriate and validated contingency plans in place. We are carefully reviewing these contingency plans on-site at the contractors and have invited the GAO to accompany us on these visits. And we continue to assist our partners, including managed care organizations, state Medicaid plans, and the health care provider community at large, as they develop and validate their own contingency plans.

As part of our overall preparedness strategy, we have in place our new command and control structure to proactively assess the status of all of our systems and partners during the millennium transition, and, as necessary, guide our reaction and management of any unforseen Year 2000 events. This new structure permits us to track the status of our health care programs; organizes our decision-making processes for identifying and resolving problems so as to better recognize trigger events; and reports on the status of all of our programs, including mission-critical system operations and business continuity functions.

While these Day One and contingency plans are important risk mitigation efforts, we have already passed significant Year 2000 milestones which provide real-time evidence that our remediation efforts have been successful and that our systems can function in an actual Year 2000 environment. In August, we successfully received and processed enrollments from the Social Security Administration for beneficiaries who will be newly entitled to Medicare on January 1, 2000.

Outreach

We now see our greatest risk to the program as the uncertainties in the readiness of our partners, namely, our Medicare providers. As the GAO has noted, virtually all of the surveys of provider readiness have fairly low response rates, and the anonymous responses are self-reported data, which may be overly optimistic. While we suspect that larger organizations are in better shape, we are concerned about the readiness of individual providers in rural and inner-city institutions. Accordingly, our biggest risk mitigation effort is an unprecedented outreach campaign to health care providers and their trade associations to raise awareness of the need to make Year 2000 systems changes. We continue to have serious, ongoing concerns about the ability of some Medicare providers to successfully meet this challenge. To address these concerns and to encourage providers to renovate and test their systems, we have engaged in an unprecedented series of outreach activities, including:

• Sending two separate mailings to each of our more than 1.1 million Medicare providers and health plans stressing the importance of Year 2000 readiness, including the need to assess readiness, test systems, and develop business continuity and contingency plans.

• Sponsoring full-day conferences and half-day public learning sessions for health care providers in every state urging assessment, remediation, claims testing, and contingency planning.

• Participating in the production of a Year 2000 Health Network satellite broadcast and Audio Digest taping for distribution in continuing education materials to physicians nationwide.

• Distributing over 1,800 CD-rom based Year 2000 AJump Start Kits@ to health care providers. These kits assist small businesses in assessing their areas of Year 2000 risk and formulating contingency plans.

• Developing a AYear 2000 Outreach Survival Kit@ for Medicare contractors, which includes fact sheets, talking points, web resources, and a provider inventory checklist.

• Creating a website dedicated to the Year 2000 (cms.hhs.gov/y2k) advising providers with up-to-date information on how to identify mission-critical hardware and software and assess its readiness; test systems and their interfaces; and develop contingency plans should unexpected problems arise. The website includes links to other relevant sites, such as the Food and Drug Administration=s website on medical device readiness.

• Establishing a Year 2000 toll-free phone line, 1-800-958-HCFA (1-800-958-4232) where providers can receive current information and answers to Year 2000 questions that relate to medical supplies, their own facilities and business operations, and, if necessary, referrals for more specific billing-related information. The hotline also updates callers on HCFA=s Year 2000 policies and provides general Ahow to@ assistance to help callers prepare their own computer systems for the millennium.

• Hosting a number of Year 2000 seminars and provider educational conferences in cities across the country to provide attendees with insights about what doctors= offices, hospitals, equipment suppliers, pharmacies, and other health care providers, and their billing agents need to do to be Year 2000-ready, including readiness strategies as well as information about biomedical equipment and pharmaceutical risks.

• Working in consultation with rural provider associations to hold smaller, more individualized Year 2000 educational sessions targeted towards rural providers.

• Participating in and sponsoring hundreds of conferences, symposiums, and outreach programs through our own Year 2000 speakers bureau.

• And working with Congress to encourage providers to understand the importance of the Year 2000 issue.

Despite these unprecedented efforts, we remain deeply concerned that many providers still do not appear to be doing all that they must to prepare for the Year 2000. As the millennium deadline approaches, we are, therefore, refining and re-targeting our outreach toward those provider groups we and others have identified as needing the most attention. And we are interested in working with the Congress and pursuing any ideas you might have as to how best to reach these providers.

As part of this re-targeted effort, we are placing special emphasis on reaching out to the larger billing companies and clearinghouses that many of our provider partners use to submit Medicare claims to our claims processing contractors. We want to encourage these larger companies to test their ability to submit Year 2000-compliant claims to their contractors to ensure through testing that their remediation efforts have been successful.

Last Wednesday, here in Washington, we co-sponsored an all-day summit specifically designed for billing clearinghouses, third-party billing services, practice management companies, software vendors, and other claims processors. The summit provided information on the mission critical steps these partners need to take to continue processing claims successfully in the new millennium, as well as up-to-date information on best practices from individuals in the field, including claims processing contractors, billing service providers, and others.

Also, as part of our outreach strategy, we continue to strongly encourage health care providers to test future-dated claims with our claims processing contractors. Such testing will assist them in determining whether they can successfully generate and submit future-dated claims to our contractors. Too few providers are taking advantage of the opportunity to submit test claims to our contractors. This typifies our concern: If submitters have not tested with us, it is likely they have not tested with other payers. If providers do not test, then they really do not know whether their claim submission will work. We are redoubling our efforts to encourage all of our partners and their billing agents to test their systems and ensure they will function in the new millennium.

Managed Care

We have been working diligently to address the Year 2000 readiness of Medicare managed care organizations (MCOs) as well. While our own internal systems for paying MCOs are compliant, we remain concerned about some MCOs= preparation for the Year 2000. We required all Medicare MCOs to certify to us that their systems will perform into the new millennium. We also required the Medicare MCOs to provide us with their contingency plans and we are reviewing those plans. Approximately two-thirds of the plans we have reviewed needed improvement. Our review of the contingency plans for national chains indicates that 50 percent are reasonable or in need of minor improvement, while the other 50 percent need major improvement.

We have required those MCOs whose plans need improvement to resubmit revised contingency plans to us. To assist MCOs in improving their plans, HCFA hosted three technical assistance workshops in Los Angeles, Denver, and Atlanta to provide guidance on contingency planning principles, as well as to respond to particular concerns. Through these workshops and other communications, we have endeavored to assist those MCOs with less-than-adequate plans in revising and strengthening their plans. And we will continue to monitor the progress of MCOs, paying particular attention to MCOs= contingency plan testing, for the remainder of the year.

Medicaid

We also have been working closely with our nation=s Governors and state Medicaid Directors to ensure that state Medicaid agencies are ready for the Year 2000. We have undertaken an extensive effort to assess the Year 2000 readiness of state Medicaid agencies as well as provide technical assistance on compliance protocols, testing, contingency planning strategies, and best practice information. We have taken the extra step of hiring expert consultants who, through site visits, are assessing states= progress against their own goals and standards in becoming Year 2000 compliant, as well as providing detailed feedback and technical support. We have conducted site visits to every state and the District of Columbia and are continuing to assist those that are having particular difficulties, including providing technical support in developing and evaluating their contingency plans where needed. Based on observations obtained through our site visits, states have made substantial progress.

Conclusion