VA Testimony of Kenneth W. Kizer, MD, MPH before Congress on September 24, 1998

STATEMENT OF
THE HONORABLE KENNETH W. KIZER, M.D., M.P.H
UNDER SECRETARY FOR HEALTH
DEPARTMENT OF VETERANS AFFAIRS
BEFORE THE
SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS
COMMITTEE ON VETERANS' AFFAIRS
U.S. HOUSE OF REPRESENTATIVES

Good morning, Mr. Chairman and members of the Committee, I appear before you today to comment on the impact of Year 2000 (Y2K) technology problems in medical devices in the Veterans Health Care System. Medical devices and biomedical equipment that will not function normally due to misinterpretation of dates in the next century pose significant health care issues and potential risks to patient safety. VHA is acutely aware of this potential and is highly motivated to identify and correct devices and systems that may be affected by this problem. Indeed, VHA has been working on this problem for nearly two years.

Advances in computer technology have been responsible for many of the improvements in modern health care, so it is ironic that these same advances may now become a hazard to patient care as the 20^th century comes to a close.

Most medical devices utilizing microprocessors or computers, like other information technologies, were designed when there was little concern about how year references were reflected in hardware or software. Historically, most dates programmed in computers and medical devices were based on a two-digit year – i.e., "97" rather than "1997." This was initially done in an effort to conserve costly data and program storage space. The practice of using two-digit years was continued until relatively recently.

The essence of the Y2K problem is that when the year changes from 1999 to 2000 and the date is entered as "00," systems and devices may not recognize this date as the intended or correct year. Several outcomes are possible. The device (i.e., its program) may fail to perform as designed; it may reject the legitimate date entry; or it may yield an erroneous result. Thousands of medical devices may be affected by one or more of these problems that constitute what I have called the "Millennium Bug Syndrome" or "MBS".

The MBS may occur within any date-related process, including such processes as sorting by date, performing comparisons by dates, or calculating age. For example, in the output of a blood gas analyzer an incorrect date in a time sequence of results could result in a misinterpretation of the data, causing an error in diagnosis or treatment. Likewise, MBS could cause an incorrect age calculation on an automated chest X-ray, and prompt unnecessary further testing or even result in a misdiagnosis.

Medical devices are not the only advanced technologies to be affected by the MBS. Hospital information management systems; building systems controlling heating, ventilation and air conditioning, security, and elevators; and billing and accounting systems also are subject to this problem. All such systems and devices must be thoroughly checked, and repaired or replaced, as required, before January 1, 2000.

While most of the Y2K problems identified to date are relatively minor and can be repaired, many healthcare institutions across the country are not prepared to identify or accomplish these needed repairs. At this time, many healthcare institutions do not yet know whether they have a Year 2000 problem, or how big it is.

For the health care industry, the inability of many computers to process date information later than December 31, 1999, is more than just a computer or information management problem. For hospitals and health care systems, Year 2000 failures may, if unrecognized, threaten the entire institution, not just information systems departments. Uncorrected Year 2000 problems could compromise patient care, disrupt core business functions, and create substantial liability exposure.

I believe the health care industry is at greater risk than many of the other industries that are also grappling with the Y2K problem because there are so many information technologies in hospitals. Information systems such as: admissions, discharges, transfers, medical records, inventory control, clinical informatics and billing may be affected by Y2K problems and may have both direct and indirect effects. Delays in payments from third parties could delay cash flow. Similarly, a Year 2000-induced error could cause a piece of laboratory equipment to skip a function, or perform a function twice. A patient’s lab result could be mistaken for the lab results of the patient who preceded or succeeded him or her, with potentially dangerous consequences in treatment. Likewise, without accurate dating systems, inventory reorder dates may be missed raising the risk of depleting needed supplies. This could be particularly problematic for hospitals, since they typically maintain a minimal depth of inventory for perishable items such as blood products.

Further, modern healthcare institutions interact with many external information technology systems. Simply resolving Y2K issues in a hospital’s systems and biomedical equipment will not necessarily guarantee a smooth transition into the new millennium. Every health care system depends upon suppliers for goods and services. If the linen service, food suppliers, ambulance services, power management systems, oxygen suppliers and reference labs have problems in their systems, they may not be able to take orders, manage inventory, or deliver ordered supplies or services. Failure or malfunction of any of these services could disrupt or impair quality patient care.

Several manufacturer-related concerns have become evident as we have addressed this problem. Some equipment that we purchased is no longer supported because the manufacturer has gone out of business. Since the primary source of compliance information for these devices is not available, we must turn to local engineering knowledge to assess and remedy the devices. Similarly, we have received promises by some equipment manufacturers to deliver remedies for Y2K compliance problems. Information from the medical centers indicates that these dates are in some cases slipping dangerously close to fail dates for this equipment. With insufficient data about the correction of the Y2K problem, the risk of equipment failure could prompt medical centers to replace expensive equipment when an inexpensive repair might do. Lastly, Y2K ‘upgrades’ are becoming a more frequent response, especially from smaller companies. Companies selling device upgrades to defuse Y2K compliance issues are charging nominal fees, for example $100. While this seems like a small amount, it amounts to a large sum when VHA must ‘upgrade’ thousands of these devices.

As you are aware, the Veterans Health Administration (VHA) operates the largest fully integrated health care system in the United States. A wide range of electronic information systems, biomedical equipment, facility management systems and other computer-based system products provide vital support to the delivery of health care and other services to veterans at over 1,100 sites of care delivery. (VA medical care assets include 171 hospitals, over 600 ambulatory and community-based clinics, 132 nursing homes, 40 domiciliaries, 206 counseling centers, and 75 home health programs, as well as various contract treatment programs.)

VHA currently has an installed inventory of over 125,000 models of medical devices with an acquisition value of several billion dollars. The inventory is diverse and ranges from rudimentary devices such as suction machines and sphygmomanometers to complex magnetic resonance imaging systems and extracorporeal lithotripters.

In addition to its medical equipment, VHA’s diverse systems and equipment inventory affected by MBS include hospital information systems and applications, corporate information systems and databases, commercial off-the-shelf (COTS) hardware and software, communications systems and networks, laboratory and research systems, and computer-controlled facility systems. There are many data interfaces among these systems and thousands of types of equipment and devices in this extensive inventory. At the core of VHA’s systems environment is the Veterans Health Information Systems and Technology Architecture (VISTA). VISTA is a critical element of the total systems environment that provides information management support to VHA healthcare facilities. It is continually reviewed, developed, and enhanced by our staff in Technical Services.

To address potential Y2K problems, VHA established a Year 2000 Project Office in 1996. This office has been responsible for coordinating all Y2K compliance efforts within the agency. The Project Office prepared The VHA Year 2000 Compliance Plan in April 1997, which included a structured compliance plan for all categories of VHA’s systems and equipment inventory, assigned responsibilities for all actions and provided performance tracking and reporting requirements. This plan is updated regularly to reflect current information and to address new issues as our efforts proceed.

Although my comments today are primarily focussed on biomedical equipment and medical devices, I wish to briefly describe our efforts outside the biomedical device area at this time.

To ensure coverage of all affected VHA medical devices, systems and software, we prepared plans tailored to specific classes of products, as follows:

VISTA software applications - The Veterans Health Information Systems and Technology Architecture (VISTA) is the heart of information resource management activities at VHA medical facilities. VHA’s VISTA application development requirements in effect since 1984 dictate a standard method of storing and deriving date information through the use of a pre-existing database management system known as VA File Manager.

VA File Manager uses a seven digit date field that has three digits for the year (rather than the common two-digit year field in most legacy systems) and two digits each for the month and day (date format is YYYMMDD). The year is specified according to the number of years from the base year 1700.

Because VHA decided to use the VA File Manager date standard, the core applications were expected to be able to support date information through the year 2699. This expectation was confirmed in our assessment phase. Our programming approach eliminated most of the two digit year issues for the majority of VISTA applications at VHA medical facilities. The databases used by and linked to these applications, interfaces between these applications and other systems and equipment, and other system products that do not use the VA File Manager date format, have been carefully assessed for Year 2000 compliance.

Our VHA in-house technical staff assessed, repaired, and tested needed repairs to the applications. While assessment, repair and testing were done centrally, implementation is being done locally by each medical center’s information management staff.

Local software applications - Many special purpose programs have been developed by VHA medical centers. Local Information Resource Management staff or other system users have written these programs on-site, or they have been acquired from other VA medical centers. These programs generally meet a local need or extend the functionality of nationally released VISTA applications. These applications have more non-compliant code than VISTA, but they have fewer users and less mission and financial impact. Such programs are being assessed and repaired at the local level. Many of these local applications have been discarded as a result of the Y2K assessment.

VHA corporate systems - These systems and databases involve a wider range of programming languages (including OS/VS COBOL, COBOL II, and ALC) than the VISTA application suite. VHA corporate systems are applications and databases that gather and store information from one or more field facilities. An example is the National Mental Health Database System, which runs on a PC at the Pittsburgh (Highland Drive) VA Medical Center. This system is used for performance measurement purposes, and it is updated weekly by 97 substance abuse treatment programs and 73 post-traumatic stress disorder (PTSD) programs that are located at 120 medical centers. These types of corporate systems are being assessed by their sponsors and repaired either by in-house staff or contractors.

Commercial Off-the-Shelf (COTS) software - There are over 3,000 COTS software packages in use at VHA facilities. These include various versions of PC operating systems, office automation products, communications software, desktop publishing software, and project management software. There are also clinical software packages for such applications as intensive care unit monitoring or nurse scheduling. In addition, there are server operating systems and utilities, Internet services packages, network management tools, database and software development environment tools, and operating systems utilities. While we have done some in-house testing of these software packages, VHA, like other organizations, is dependent on manufacturers to provide the Y2K compliance status of their products, because the number of products is so large.

Databases and data archives - There may be as many database files as there are application programs in the VHA inventory. Today’s relational database structures encourage large numbers of interrelated files. If any file has a two-digit year field, then it must be thoroughly assessed. If one database must be changed in order to be made Year 2000 compliant, then databases and programs linked to it may also need to be changed. Data archives might have to be converted if the databases to which they refer are upgraded for Year 2000 compliance. Local owners of databases and files are responsible for their assessment, repair, validation, and implementation.

Computer and communications hardware - In addition to personal computers on employees’ desks, there are servers for printer and file sharing, automated phone systems, voice mail and fax back services, computers for electronic mail, computers in fax machines and in-network hubs and switches, and computers that monitor system activity. These systems are often highly interlinked and interdependent.

Assessment of this equipment has been done through testing and from information from manufacturers. Repair and replacement is a local business decision.

Facilities-related systems and equipment - Facilities-related systems and equipment are fundamental to the operation of VHA in providing quality health care service. These include those systems that control elevators; heating, ventilating, and air conditioning equipment; lighting; security; and disaster recovery. Personnel from engineering, information resources, facilities management, acquisition and administration are coordinating to ensure that facility-related equipment will be Year 2000 compliant.

Biomedical equipment - Biomedical equipment includes an array of products that record, process, analyze, display and transmit medical data. Such equipment and devices include computerized tomographic (CT) scanners, and magnetic resonance imaging (MRI) systems, cardiac monitoring systems, tissue and blood gas analyzers, cardiac defibrillators and various laboratory analyzers, to name a few. Some devices interface and exchange data with VISTA application systems and other VHA system products. In addition to the medical devices used in clinical care, devices and equipment used in medical research facilities also are being inventoried and assessed for Year 2000 compliance.

Because manufacturers have been aware of the year 2000 problem in recent years, most currently manufactured medical devices should be unaffected by the Year 2000 problem. However, most hospitals and health care systems utilize a wide range of devices that have been manufactured over the past two or three decades. In an effort to define the extent of VHA’s potential problem with biomedical equipment, early last summer we identified over 1,600 manufacturers from whom we had purchased equipment or devices over the years; this is out of a universe of over 16,000 medical supply and device manufacturers. During the past ten months, we have solicited data from these manufacturers with as many as four letters each (depending on the manufacturer’s responsiveness). The communication continues with manufacturers who have not responded or who have advised us about non-compliant products.

VHA has met with General Electric, Hewlett Packard, and Picker International and is planning to meet with Phillips Medical Systems later this month. These meetings with some of the largest manufacturers of medical devices assist VHA, and other Federal and private consumers.

VHA has established multi-disciplinary oversight teams to investigate medical devices for compliance at each VA medical center. Each Medical Devices Integrated Product Team (MDIPT) includes a radiologist, a pathologist, a cardiologist, a surgeon, and a nuclear medicine physician, along with engineers, acquisition specialists and administrative personnel.

VHA has developed a process for identifying, inventorying, assessing, and evaluating VHA medical devices at risk of failure from the millennium bug. We have also developed a Year 2000 patch for the VISTA software module used by each medical center for equipment inventory and preventive maintenance programs. The software patch for Y2K compliance provides additional fields to store and report data associated with conducting assessment, renovation tracking, and estimating cost of device repairs or replacement.

VHA has produced a medical devices, Y2K guidebook to assist biomedical engineers and all VA facilities. VHA expects to customize this guidebook for users outside of VHA in order to assist these facilities to manage such a complex task.

VHA is currently on target to achieve Year 2000 compliance for its mission-critical systems within the schedule imposed by the Office of Management and Budget (OMB). This includes complete renovation of both VISTA and Corporate Systems by March 1999. The renovation of all VISTA and Corporate Systems applications is projected to cost less than $2 million.

The results of VHA’s assessment revealed that approximately 8% of the total VISTA code required renovation to achieve compliance. Renovation was contained in 66 applications, with none of the renovation work being categorized as more than minor repair. Renovation is now 100% complete. Hospitals are currently averaging 77% implementation of the 68 enhancement or modification patches released to bring VISTA applications into compliance.

Y2K assessment of VHA’s Corporate Systems identified 14 systems that required repair or replacement. Seven of these systems have completed renovation and validation and are implemented into production as compliant systems. Five systems are renovated and are currently being validated. The remaining two systems are finishing renovation this month and are expected to complete validation next month.

In the biomedical equipment and medical device area we can report as of August 1998 that:

728 manufacturers (46%) have certified to us that their products are Y2K compliant or do not rely on date coding. (Many of these devices are items manufactured in recent years.)
65 manufacturers (4%) have reported that their models of equipment or devices are not Y2K compliant and are no longer supported by the manufacturer. These models are considered obsolete and will not be fixed by the manufacturer, even though in many cases the device is still functional and commonly used.
130 manufacturers (8%) have reported that they produce models that currently are not Y2K compliant, which they intend to repair. In most cases, the manufacturer has not stated what the failure of the device will be or exactly what will be done to fix it. The method by which the manufacturers will fix the problem — for example, will it be covered by warranty or will they charge for it, will they send a repair technician or require the product to be returned — varies widely among the manufacturers.
46 manufacturers (3%) reported that they are continuing to analyze their products, and thus VHA is still waiting for compliance information.
Inquiries to 222 manufacturers (14%) were returned to VHA marked "Return to Sender." After four attempts over a 10-month period to determine their correct address, we have assumed that we will never know from them about the compliance of these devices, and we are making appropriate contingency plans for these items.
102 manufacturers (6%) have not responded to us despite our multiple inquiries.
From the initial 1,600 manufacturers, we have identified 111 manufacturers (7%) who have gone out of business, are no longer manufacturing medical devices, or have been identified as manufacturing non-electronic devices. Additionally, 196 manufacturers (12%) have merged, were acquired by other entities, or are divisions or subsidiaries of manufacturers who have (or will) centrally report their Y2K compliance to VHA.

VHA is working closely with the Office of the Assistant Secretary of Defense for Health Affairs to optimize the sharing of information with the DOD healthcare system. VA is also working closely with the National Institutes of Health, Centers for Disease Control, and Food and Drug Administration within the Department of Health and Human Services, who share common Year 2000 problems in the areas of biomedical and clinical equipment and laboratory facilities.

VHA has participated in national meetings and made presentations on our activities to the Association for Advancement of Medical Instrumentation, the American Society of Healthcare Engineers, and the Joint Commission on Accreditation of Healthcare Organizations’ (JCAHO) Seminars on Y2K Compliance Activities.

Two months ago, we joined with the American Hospital Association, the American Medical Association, the American Nurses Association and Joint Commission on Accreditation of Health Organizations in calling on the nation’s healthcare industry to support our efforts in identifying and addressing potential patient safety problems resulting from MBS. Working with these members of the National Patient Safety Partnership (NPSP), we are calling for increased awareness of Y2K compliance within the healthcare industry represented by medical equipment manufacturers, medical equipment sales and retail companies, retail pharmacies and other organizations that use medical devices.

The NPSP has challenged medical device manufacturers, health care providers, and consumers with the following four actions:

Finally, in August 1998, VA, FDA, and DOD met with representatives from the pharmaceuticals industry to discuss issues concerning supply and distribution as it relates to Year 2000. We will continue to address this issue on an interagency basis through the President’s Council on Year 2000 Conversions.

In closing, let me reiterate that while the Millennium Bug Syndrome has implications for nearly every industry and many households nationwide, it is particularly critical for health care, since health care today is so dependent on the use of biomedical equipment and medical devices that rely on embedded, date-dependent information technology. Moreover, we now know that many medical devices are not Year 2000 compliant, and their manufacturers will not make a significant number of them compliant.

We also know that, when the clock rolls forward to the year 2000, 463 days from today, about 3.8 million Americans each day will receive healthcare. Whether at hospitals, clinics and nursing homes, or at home, each of these patients will typically have many different interactions with equipment, devices and information technology systems. When you consider the extraordinary number of such interactions, it becomes clear how large is the potential is for adverse events. Fortunately, there is still time to ensure that no patient suffers harm as a result of the Millennium Bug Syndrome, if concerted and aggressive action is taken in the months ahead.

We thank the Committee for its assistance in helping to resolve this technological problem.