This is an archive page. The links are no longer being updated.

Testimony on The Year 2000 Computer Problems by John Callahan
Assistant Secretary for Management and Budget
And Chief Information Officer
U.S. Department of Health and Human Services

Before the House Committee on Government Reform and Oversight, Subcommittee on Government Management, Information and Technology
June 10, 1998

INTRODUCTION

Good morning. I am John Callahan, Assistant Secretary of the Department of Health and Human Services for Management and Budget (ASMB) and Chief Information Officer (CIO). I am pleased to appear before this Subcommittee to provide you with a report on the accomplishments and the challenges faced by the U.S. Department of Health and Human Services (HHS) in assuring that our systems are Millennium compliant.

The Secretary, the Deputy Secretary, and I have declared the Year 2000 date issue to be our highest information technology priority. We have taken and will continue to take actions to ensure that HHS information systems are Year 2000 compliant.

We have involved all parts of our organization, including staff with expertise in information systems, budget, human resources, and acquisition management in solving the Year 2000 problem. No matter what else we do and what other initiatives we undertake, we must ensure that our ability to accomplish the Department's mission is not impaired.

For this reason, we have established December 31, 1998 as our internal deadline for Year 2000 compliance of mission critical systems. This was done in order to provide a full year of operations in which to detect and remedy any adverse interactions among HHS systems and those of our many service partners, including other Federal agencies, states and local governments, tribes, and contractors.

MISSION CRITICAL SYSTEMS REASSESSMENT

In order to better focus HHS remediation efforts on the most highly critical systems, we asked the Operating Division (OPDIV) Chief Information Officers (CIOs) to provide a brief synopsis of each mission critical system, and where warranted, to reclassify those systems that were not truly mission-critical, either because they were only of local importance with no critical interfaces, or because they were originally misclassified . We believe the reclassification will improve our ability to ensure that the HHS OPDIVs concentrate primarily on the systems that help us to serve the most people, most especially those that pay Medicare claims and issue grant payments.

The system reclassifications are reflected in our May Quarterly Report to OMB. In the February Quarterly Report, HHS listed the original inventory of 491 mission critical systems. Of these, 187, or 38%, were Year 2000 compliant. Had we continued with this base, our compliance would have been 42 % for the quarter ending March 31.

As a result of system reclassification, we are now reporting 289 mission critical systems, a reduction of 202 systems. Of these systems, 98, or 34%, were compliant as of the quarter ending March 31. I am pleased to report that HHS has made an additional 10 mission critical systems compliant since the reporting period ending March 31. ACF has added seven compliant systems, HCFA has added two compliant systems, and CDC has added one compliant system. This brings our total compliance to 108 of 289 systems, or 37%. We will continue to monitor the HHS OPDIVs' progress closely, using our monthly reporting system to ensure that our OPDIVs are continuing to improve the rate of system compliance and to ensure that system remediation efforts remain on schedule.

Based on the May 15 quarterly report, above average performance in the compliance of mission critical systems is reported by SAMHSA, which is 80% compliant; FDA is 51.5% compliant, CDC is 58.5% compliant HRSA is 60% compliant, and NIH is 50 % compliant.

HHS' YEAR 2000 EFFORT

To meet our Year 2000 responsibilities, we have taken a series of strong administrative actions. We have encouraged aggressive reallocation of funds, where necessary, to meet Year 2000 deadlines; we have established direct reporting lines between staff working on year 2000 activities and the Operating Division (OPDIV) Chief Information Officers. Each OPDIV CIO is responsible for regular reporting on Year 2000 efforts directly to the OPDIV head and to me, until Year 2000 date compliance is achieved.

In addition, our OPDIVs have compiled complete inventories of their system interfaces, and have contacted their interface partners. I provided a listing of state interfaces to the National Association of State Information Resources Executives (NASIRE). As decided at the April 22 meeting with NASIRE, we will provide an update of our state interfaces inventory to the General Services Administration for posting to their Year 2000 web site. We will provide monthly updates thereafter.

Because testing, including independent verification and validation (IV&V), is critical to our Year 2000 effort, we are requiring our OPDIVs to subject their systems to stringent testing and IV&V. We also know there is a possibility that, try as we might, some systems may not be fully compliant in time. Therefore, we are requiring the OPDIVs to develop contingency plans which we will receive on June 15, 1998. These plans will provide us with the operational policies needed to permit business continuity in the event of system failure. .

The Deputy Secretary has asked all OPDIVs to prepare contingency plans based on the GAO guide entitled, "Year 2000 Computing Crisis: Business Continuity and Contingency Planning." We will analyze the OPDIV contingency plans carefully, and the fiscal, personnel, and operational dimensions of the plans will be fully developed with a timetable for parallel implementation of these plans if necessary.

In addition, we require all of the OPDIVs to perform Independent Verification and Validation (IV&V) for all mission critical systems to help ensure that the systems will function properly in the Year 2000. Our OPDIV, have made arrangements for IV&V, whether through the use of contractors or independent (out of the system managers' chain of command) in-house IV&V. FDA, NIH and the PSC are using a combination of contractor support and in-house resources. HCFA is using an outside contractor to do IV&V. In addition, OPDIVs are actively testing their systems. Four of six Medicare standard systems maintainers have begun to conduct future date testing.

We are taking action to retain, reemploy, and attract qualified information technology professionals, using both employment and contracting authorities. On March 31, we received Department-wide personnel authorities from the Office of Personnel Management (OPM) to waive the pay and retirement reduction for reemployed military and civilian retirees who return to work on Year 2000 remediation. To date, HCFA, has used the waiver authority to reemploy nine annuitants. HCFA also is reaching out to provider groups to help them understand the importance of this issue, since provider information systems must also be Year 2000 compliant in order to interface correctly with HCFA's.

HEALTH CARE FINANCING ADMINISTRATION CHALLENGES

Our greatest Year 2000 challenge is for HCFA's Medicare program. This program employs nearly seventy external contractors, including several shared systems maintainers, who operate and maintain a base of software programs that process 900 million fee-for-service claims payments annually for nearly 39 million Medicare beneficiaries. 75 percent of the external Medicare contractors have completed assessments of their systems. Even so, under the current law (Title XVIII of the Social Security Act) HCFA has limited authority for addressing the Year 2000 threat to Medicare systems. This situation illustrates why Medicare contracting reform has been and continues to be a Department and Administration priority. There are a number of facets to HCFA's current contracting authority that hinder HCFA's ability to require Year 2000 compliance.

Medicare claims processing contract terms are unique and differ in several important respects from typical Federal contracts awarded under Federal Acquisition Regulation. Medicare statutes require HCFA to contract for services with insurance companies only -- not computer or transaction processing firms -- and only on a cost reimbursement basis.

Intermediary and carrier contracts provide for automatic renewal on an annual basis. Furthermore, HCFA may terminate a contract only for cause and not for convenience, while contractors may leave the Medicare program with 180 days notice. It generally takes HCFA six to nine months to transfer a contractor's workload to another contractor organization.

Most importantly, because HCFA is required to reimburse its Medicare contractors for all allowable costs, the agency's ability to exert financial leverage over its contractors to direct funds toward such activities as Year 2000 compliance is limited.

HCFA has been proactive in addressing Year 2000 risks with its Medicare contractors. HCFA has proposed amendments to Medicare contracts requiring millennium compliance, and has released guidance that would provide more restrictive definitions of compliance and testing requirements. Nonetheless, we remain committed to achieve a faster pace of progress by Medicare contractors in meeting our Year 2000 goal.

As I stated earlier, problems surrounding Year 2000 compliance are an illustration of why the Administration has proposed contracting reform legislation. On February 27, 1998, and again on May 18, 1998, HHS submitted Medicare contractor reform legislation to Congress. This legislation would amend the Medicare statute regarding HCFA-contractor relations. This proposal would provide the Secretary with greater flexibility for managing the Medicare program, and allow increased discretion in contracting for claims processing and payment functions. Under this authority, the Secretary could award contracts from a larger pool of qualified contractors. We believe that this change would promote competition and potentially allow the Medicare program to obtain better value for its dollar. The new authority would also be especially helpful in allowing the Secretary to implement contingency planning that permits business continuity in the event of system failure. This proposal has received the endorsement of John Koskinen, Special Assistant to the President for Year 2000, in testimony before the Senate Governmental Affairs Committee.

The proposal would allow the Secretary to contract for Medicare functions on a best value basis as permitted by the Federal Acquisition Regulations (FAR). It would change Medicare law to permit the Secretary to follow the FAR in administrative contracting. We would then be able to determine on a case-by-case basis the most appropriate contractual arrangements, with fixed price and incentive provisions, for example.

Prompt consideration and passage of this legislation now will provide HCFA with greater leverage to proactively manage Medicare contractors.

We recognize that HCFA will continue to face a time-consuming and difficult that contractor reform alone cannot alleviate. As noted earlier, this will require additional resources to be used for contractor Year 2000 remediation, or testing and independent verification and validation. In early May, the President signed a 1998 supplemental appropriations bill directing $20 million of HCFA contractor funds to be redirected toward HCFA's Year 2000 remediation efforts.

While these funds will certainly help, HCFA still must find ways to address the shortfall. We estimate that HCFA will require additional Year 2000 funding in FY 1998 and FY 1999. In FY 1998, HCFA estimates it needs an additional $41 million. In FY 1999, HCFA may require an additional $61 million for HCFA contractor remediation efforts. On May 29, we sent a letter to Congress notifying you of our intent to use the Secretary's one-percent authority to shift funds from other HHS activities to make the additional $41 million available for HCFA's Year 2000 efforts. While cutting funding for other activities is never easy, and all may not be happy with our choices for offsets, we would appreciate Congress' support for our effort to give HCFA the resources necessary to address this problem.

BIOMEDICAL EQUIPMENT OUTREACH EFFORTS

Our Year 2000 related activities are not limited solely to HHS programs alone. On January 21, 1998, Deputy Secretary Kevin Thurm signed a letter, sent to over 16,000 biomedical equipment manufacturers, strongly urging them to identify noncompliant products, and the actions they are taking to ensure compliance. The manufacturers are now responding to this survey developed by my office and the Food and Drug Administration (FDA). The FDA now operates and maintains a public Internet web site listing all biomedical equipment information received from the manufacturers relating to Year 2000 compliance. The web site is operational and FDA is currently posting the manufacturer responses on the Internet. This site can be accessed at www.fda.gov/cdrh/yr2000. The FDA is currently aggressively following up with manufacturers to improve the current low rate of response.

We are planning additional outreach activities, beyond the biomedical equipment issues, to inform the health and human services community in general about Year 2000 issues.

HHS also chairs two Year 2000 Conversion Council sector outreach groups. We are formulating outreach plans for the health care sector and the human services sector. We also serve as members on several other sector groups, including benefits payments, education, emergency management, food supply, science and technology, and health care and social assistance.

CONCLUSION

HHS faces substantial challenges in our Year 2000 efforts. However, let me assure you, on behalf of Secretary Shalala and Deputy Secretary Kevin Thurm, that we will continue to vigorously pursue Year 2000 remediation as our most important information technology initiative.

We recognize our obligation to the American people to assure that HHS' programs function properly now and in the next millennium.