INTRODUCTION
Good morning. I am John Callahan, Assistant Secretary of the Department of Health and
Human Services for Management and Budget (ASMB) and Chief Information Officer (CIO). I
am pleased to appear before this Subcommittee to provide you with a report on the
accomplishments and the challenges faced by the U.S. Department of Health and Human Services
(HHS) in assuring that our systems are Millennium compliant.
The Secretary, the Deputy Secretary, and I have declared the Year 2000 date issue to be
our highest information technology priority. We have taken and will continue to take actions to
ensure that HHS information systems are Year 2000 compliant.
We have involved all parts of our organization, including staff with expertise in
information systems, budget, human resources, and acquisition management in solving the Year
2000 problem. No matter what else we do and what other initiatives we undertake, we must
ensure that our ability to accomplish the Department's mission is not impaired.
For this reason, we have established December 31, 1998 as our internal deadline for Year
2000 compliance of mission critical systems. This was done in order to provide a full year of
operations in which to detect and remedy any adverse interactions among HHS systems and
those of our many service partners, including other Federal agencies, states and local
governments, tribes, and contractors.
MISSION CRITICAL SYSTEMS REASSESSMENT
In order to better focus HHS remediation efforts on the most highly critical systems, we
asked the Operating Division (OPDIV) Chief Information Officers (CIOs) to provide a brief
synopsis of each mission critical system, and where warranted, to reclassify those systems that
were not truly mission-critical, either because they were only of local importance with no critical
interfaces, or because they were originally misclassified . We believe the reclassification will
improve our ability to ensure that the HHS OPDIVs concentrate primarily on the systems that
help us to serve the most people, most especially those that pay Medicare claims and issue grant
payments.
The system reclassifications are reflected in our May Quarterly Report to OMB. In the
February Quarterly Report, HHS listed the original inventory of 491 mission critical systems.
Of these, 187, or 38%, were Year 2000 compliant. Had we continued with this base, our
compliance would have been 42 % for the quarter ending March 31.
As a result of system reclassification, we are now reporting 289 mission critical systems,
a reduction of 202 systems. Of these systems, 98, or 34%, were compliant as of the quarter
ending March 31. I am pleased to report that HHS has made an additional 10 mission critical
systems compliant since the reporting period ending March 31. ACF has added seven compliant
systems, HCFA has added two compliant systems, and CDC has added one compliant system.
This brings our total compliance to 108 of 289 systems, or 37%. We will continue to monitor the
HHS OPDIVs' progress closely, using our monthly reporting system to ensure that our OPDIVs
are continuing to improve the rate of system compliance and to ensure that system remediation
efforts remain on schedule.
Based on the May 15 quarterly report, above average performance in the compliance of
mission critical systems is reported by SAMHSA, which is 80% compliant; FDA is 51.5%
compliant, CDC is 58.5% compliant HRSA is 60% compliant, and NIH is 50 % compliant.
HHS' YEAR 2000 EFFORT
To meet our Year 2000 responsibilities, we have taken a series of strong administrative
actions. We have encouraged aggressive reallocation of funds, where necessary, to meet Year
2000 deadlines; we have established direct reporting lines between staff working on year 2000
activities and the Operating Division (OPDIV) Chief Information Officers. Each OPDIV CIO is
responsible for regular reporting on Year 2000 efforts directly to the OPDIV head and to me,
until Year 2000 date compliance is achieved.
In addition, our OPDIVs have compiled complete inventories of their system interfaces,
and have contacted their interface partners. I provided a listing of state interfaces to the National
Association of State Information Resources Executives (NASIRE). As decided at the April 22
meeting with NASIRE, we will provide an update of our state interfaces inventory to the General
Services Administration for posting to their Year 2000 web site. We will provide monthly
updates thereafter.
Because testing, including independent verification and validation (IV&V), is critical to
our Year 2000 effort, we are requiring our OPDIVs to subject their systems to stringent testing
and IV&V. We also know there is a possibility that, try as we might, some systems may not be
fully compliant in time. Therefore, we are requiring the OPDIVs to develop contingency plans
which we will receive on June 15, 1998. These plans will provide us with the operational
policies needed to permit business continuity in the event of system failure. .
The Deputy Secretary has asked all OPDIVs to prepare contingency plans based on the
GAO guide entitled, "Year 2000 Computing Crisis: Business Continuity and Contingency
Planning." We will analyze the OPDIV contingency plans carefully, and the fiscal, personnel,
and operational dimensions of the plans will be fully developed with a timetable for parallel
implementation of these plans if necessary.
In addition, we require all of the OPDIVs to perform Independent Verification and
Validation (IV&V) for all mission critical systems to help ensure that the systems will function
properly in the Year 2000. Our OPDIV, have made arrangements for IV&V, whether through
the use of contractors or independent (out of the system managers' chain of command) in-house
IV&V. FDA, NIH and the PSC are using a combination of contractor support and in-house
resources. HCFA is using an outside contractor to do IV&V. In addition, OPDIVs are actively
testing their systems. Four of six Medicare standard systems maintainers have begun to conduct
future date testing.
We are taking action to retain, reemploy, and attract qualified information technology
professionals, using both employment and contracting authorities. On March 31, we received
Department-wide personnel authorities from the Office of Personnel Management (OPM) to
waive the pay and retirement reduction for reemployed military and civilian retirees who return
to work on Year 2000 remediation. To date, HCFA, has used the waiver authority to reemploy
nine annuitants. HCFA also is reaching out to provider groups to help them understand the
importance of this issue, since provider information systems must also be Year 2000 compliant
in order to interface correctly with HCFA's.
HEALTH CARE FINANCING ADMINISTRATION CHALLENGES
Our greatest Year 2000 challenge is for HCFA's Medicare program. This program
employs nearly seventy external contractors, including several shared systems maintainers, who
operate and maintain a base of software programs that process 900 million fee-for-service claims
payments annually for nearly 39 million Medicare beneficiaries. 75 percent of the external
Medicare contractors have completed assessments of their systems. Even so, under the current
law (Title XVIII of the Social Security Act) HCFA has limited authority for addressing the Year
2000 threat to Medicare systems. This situation illustrates why Medicare contracting reform has
been and continues to be a Department and Administration priority. There are a number of facets
to HCFA's current contracting authority that hinder HCFA's ability to require Year 2000
compliance.
Medicare claims processing contract terms are unique and differ in several important
respects from typical Federal contracts awarded under Federal Acquisition Regulation. Medicare
statutes require HCFA to contract for services with insurance companies only -- not computer or
transaction processing firms -- and only on a cost reimbursement basis.
Intermediary and carrier contracts provide for automatic renewal on an annual basis.
Furthermore, HCFA may terminate a contract only for cause and not for convenience, while
contractors may leave the Medicare program with 180 days notice. It generally takes HCFA six
to nine months to transfer a contractor's workload to another contractor organization.
Most importantly, because HCFA is required to reimburse its Medicare contractors for all
allowable costs, the agency's ability to exert financial leverage over its contractors to direct funds
toward such activities as Year 2000 compliance is limited.
HCFA has been proactive in addressing Year 2000 risks with its Medicare contractors.
HCFA has proposed amendments to Medicare contracts requiring millennium compliance, and
has released guidance that would provide more restrictive definitions of compliance and testing
requirements. Nonetheless, we remain committed to achieve a faster pace of progress by
Medicare contractors in meeting our Year 2000 goal.
As I stated earlier, problems surrounding Year 2000 compliance are an illustration of why
the Administration has proposed contracting reform legislation. On February 27, 1998, and
again on May 18, 1998, HHS submitted Medicare contractor reform legislation to Congress.
This legislation would amend the Medicare statute regarding HCFA-contractor relations. This
proposal would provide the Secretary with greater flexibility for managing the Medicare
program, and allow increased discretion in contracting for claims processing and payment
functions. Under this authority, the Secretary could award contracts from a larger pool of
qualified contractors. We believe that this change would promote competition and potentially
allow the Medicare program to obtain better value for its dollar. The new authority would also
be especially helpful in allowing the Secretary to implement contingency planning that permits
business continuity in the event of system failure. This proposal has received the endorsement of
John Koskinen, Special Assistant to the President for Year 2000, in testimony before the Senate
Governmental Affairs Committee.
The proposal would allow the Secretary to contract for Medicare functions on a best
value basis as permitted by the Federal Acquisition Regulations (FAR). It would change
Medicare law to permit the Secretary to follow the FAR in administrative contracting. We would
then be able to determine on a case-by-case basis the most appropriate contractual arrangements,
with fixed price and incentive provisions, for example.
Prompt consideration and passage of this legislation now will provide HCFA with greater
leverage to proactively manage Medicare contractors.
We recognize that HCFA will continue to face a time-consuming and difficult that
contractor reform alone cannot alleviate. As noted earlier, this will require additional resources
to be used for contractor Year 2000 remediation, or testing and independent verification and
validation. In early May, the President signed a 1998 supplemental appropriations bill directing
$20 million of HCFA contractor funds to be redirected toward HCFA's Year 2000 remediation
efforts.
While these funds will certainly help, HCFA still must find ways to address the shortfall.
We estimate that HCFA will require additional Year 2000 funding in FY 1998 and FY 1999. In
FY 1998, HCFA estimates it needs an additional $41 million. In FY 1999, HCFA may require an
additional $61 million for HCFA contractor remediation efforts. On May 29, we sent a letter to
Congress notifying you of our intent to use the Secretary's one-percent authority to shift funds
from other HHS activities to make the additional $41 million available for HCFA's Year 2000
efforts. While cutting funding for other activities is never easy, and all may not be happy with
our choices for offsets, we would appreciate Congress' support for our effort to give HCFA the
resources necessary to address this problem.
BIOMEDICAL EQUIPMENT OUTREACH EFFORTS
Our Year 2000 related activities are not limited solely to HHS programs alone. On
January 21, 1998, Deputy Secretary Kevin Thurm signed a letter, sent to over 16,000 biomedical
equipment manufacturers, strongly urging them to identify noncompliant products, and the
actions they are taking to ensure compliance. The manufacturers are now responding to this
survey developed by my office and the Food and Drug Administration (FDA). The FDA now
operates and maintains a public Internet web site listing all biomedical equipment information
received from the manufacturers relating to Year 2000 compliance. The web site is operational
and FDA is currently posting the manufacturer responses on the Internet. This site can be
accessed at www.fda.gov/cdrh/yr2000. The FDA is currently aggressively following up
with manufacturers to improve the current low rate of response.
We are planning additional outreach activities, beyond the biomedical equipment issues,
to inform the health and human services community in general about Year 2000 issues.
HHS also chairs two Year 2000 Conversion Council sector outreach groups. We are
formulating outreach plans for the health care sector and the human services sector. We also
serve as members on several other sector groups, including benefits payments, education,
emergency management, food supply, science and technology, and health care and social
assistance.
CONCLUSION
HHS faces substantial challenges in our Year 2000 efforts. However, let me assure
you, on behalf of Secretary Shalala and Deputy Secretary Kevin Thurm, that we will continue to
vigorously pursue Year 2000 remediation as our most important information technology
initiative.
We recognize our obligation to the American people to assure that HHS' programs
function properly now and in the next millennium.
I thank the Committee for its interest and oversight on this issue, and would be happy to
answer any questions you may have.