Testimony

Statement by
Carolyn M. Clancy, M.D., 
Director

on
Draft Health Information Technology Legislation 

before
Energy and Commerce Committee
Subcommittee on Health
U.S. House of Representatives

Wednesday, June 04, 2008

Chairman Pallone, Ranking Member Deal, and Members of the Subcommittee, thank you for inviting us here today to present the Administration’s views on draft health information technology legislation. I am Dr. Carolyn Clancy, Director, Agency for Health Care Research and Quality (AHRQ) and I have with me today Ms. Sue McAndrew, Deputy Director for Health Information Privacy, HHS Office of Civil Rights. Additionally, I will be speaking on behalf of the Office of the National Coordinator for Health IT. Dr. Kolodner is currently attending scheduled meeting of the American Health Information Community successor stakeholders. As you know, efforts to ensure availability of interoperable health information technology are one of the Secretary’s highest priorities. We appreciate your dedication to health information technology and share your commitment to this important issue.

Efforts To Date

Office of the National Coordinator for Health IT (ONC)

On April 27, 2004, the President signed Executive Order 13335 supporting the promotion of health information technology (health IT) to improve efficiency, reduce medical errors, improve quality of care, and provide better information for patients and physicians. The President also called for most Americans to have access to secure, interoperable electronic health records (EHRs) by 2014 so that health information will follow patients throughout their care in a seamless and secure manner. As part of this, the President directed HHS to establish the position of the National Coordinator for Health Information Technology.

In further support of this goal, on August 22, 2006, the President issued Executive Order 13410 to ensure that federal agencies that administer or sponsor a federal health care programs (as defined by the Order) promote quality and efficient delivery of health care through the use of interoperable health IT, transparency regarding health care quality and price, and better incentives for program beneficiaries, enrollees, and providers. Executive Order 13410 directs that "[a]s each agency implements, acquires, or upgrades health information technology systems used for the direct exchange of health information between agencies and with non-Federal entities, it shall utilize, where available, health information technology systems and products that meet recognized interoperability standards."

ONC has helped lead in a number of key areas. As part of this, yesterday, ONC released the Federal Health IT Strategic Plan. This 5-year Federal strategic plan is necessary to achieve the nationwide implementation of a health IT infrastructure.

American Health Information Community (AHIC)

The development of common standards, and a process to certify products and services as meeting those standards, is a key priority. Secretary Leavitt chartered the American Health Information Community (AHIC) as a Federal Advisory Committee to make recommendations on how to accelerate the development and adoption of interoperable health IT. The AHIC has provided the venue to make recommendations to the Secretary on priorities and has advanced other meaningful recommendations to realize the adoption of health IT. Health-related priorities recommended by the AHIC enable the identification of health IT standards by the Healthcare IT Standards Panel (HITSP) and certification of health IT products by the Certification Commission for Healthcare IT (CCHIT)

While HHS and the Federal government play pivotal roles in the health care system and in its forward progress, public and private stakeholders must also be aligned to rapidly and effectively achieve this interoperability. Therefore, the AHIC and HHS have had ongoing discussions regarding the best possible successor to the AHIC, including discussions of the successor entity’s role, funding, and governance structure. It is envisioned that the AHIC successor will be an independent and sustainable organization that will bring together the best attributes and resources of public and private entities, a public-private partnership. Such an entity must be a neutral, independent body that is not controlled by, formed by, or required to report to any branch of government.

LMI Government Consulting, assisted by The Engelberg Center for Health Care Reform at the Brookings Institution and working under a cooperative agreement with the HHS is convening stakeholders to create a nationwide focal point for health information interoperability as a public-private partnership. The goal is an orderly transition that will accelerate nationwide initiatives aimed at using information technology to enable improvements in the quality and efficiency of health care in the United States. In fact, the third AHIC Successor meeting is taking place today from 9 a.m. to 12 noon. During this meeting, recommendations from the Planning Groups for the AHIC Successor will be announced.

Standards & Certification

In fall 2005, HHS worked with the American National Standards Institute (ANSI) to form a public-private collaborative, known as the Healthcare Information Technology Standards Panel (HITSP), to harmonize existing health IT standards, and to identify and establish standards to fill any gaps in those existing standards. Experts from approximately 500 health care related organizations participate in HITSP and engage in a consensus-based process to harmonize relevant standards in the health care industry and to ensure that there is detailed guidance on how the standards need to be used. This process enables and advances interoperability of health care applications, and helps ensure that health data supporting the delivery of care will be accurate, exchangeable, private and secure.

We have now identified many of the most important standards that need to be used for interoperable electronic health records (EHRs) and personal health records. To date, the Secretary has recognized 52 harmonized standards, and he will recognize 60 new harmonized standards in January 2009. Under Executive Order 13410, Federal agencies that administer or sponsor a Federal health care program (as defined in the Executive Order) are expected to utilize, where available, the health information technology systems and products that meet recognized interoperability when they implement, acquire, or upgrade health IT systems for the direct exchange of health information between agencies and with non-Federal entities. Those agencies are also expected to require in contracts or agreements with health care providers, health plans, or health insurance issuers that as each provider, plan, or issuer implements, acquires, or upgrades health information technology systems, it utilizes, where available, health information technology systems and products that meet recognized interoperability standards.

In the private sector, the Certification Commission for Healthcare Information Technology (CCHIT) will be certifying products that use recognized standards during its next cycle which begins this July.

Providers and consumers must have confidence that the electronic health information products and systems they use can perform a set of well-defined functions, are secure, can maintain data confidentiality as directed by patients and consumers, and can work with other systems to share information. CCHIT currently certifies both ambulatory and inpatient EHRs, and has also begun developing a certification processes for health information networks and specific components of PHRs. Through its public-private process, CCHIT develops specific certification criteria for health IT systems and then rigorously evaluates them to determine that they truly meet criteria for functionality, security and interoperability. After just two years, over 150 EHR products have been certified. These certified products now include over one third of the enterprise EHRs and, adjusting for market share, over 75% of the ambulatory EHRs being sold in the US today.

Nationwide Health Information Network

To support the goal of an interoperable network, there are presently sixteen separate trial implementations of the Nationwide Health Information Network (NHIN) Cooperative. The NHIN Cooperative involves public and private health information exchange organizations across the country that can move health-related data among entities within a state, a region or a non-geographic participant group. The NHIN is a “network of networks.” Our goal is to eliminate all of the obstacles to advancing the NHIN into a production-ready state by the end of this calendar year. To do so, the NHIN will need to demonstrate technical readiness with on-site, interoperable and secure health information exchange based on common specifications. Four core services will be included: 1) delivery of data, including a summary patient record, across the involved health information exchanges; 2) the ability to look up and retrieve data across the exchanges from EHRs and PHRs; 3) the ability for consumers to express preferences about whether and how, they will allow the electronic exchange of their data; and 4) supporting the delivery of data for our nation’s health uses, such as public health and emergency response.

Collaboration with NIST

In order to achieve interoperability and allow health care organizations to securely connect to each other, there must be rigorous testing of detailed data and technical standards. This testing requires testing tools and expertise that ensure that each participating organization and software system is exactly meeting these standards. Toward this goal, the ONC has been working with the National Institute of Standards and Technology (NIST) to advance testing architecture nationally. This work involves developing conformance testing capabilities and the use of testing to ensure that standards are adequate, that the standards are properly implemented in systems and, as a result, that the systems can interoperate. NIST has helped with the HITSP harmonization process and with CCHIT’s initiation of conformance testing capabilities. NIST is also helping with the rigorous testing activities necessary to support the NHIN and have a secure, interoperable network of networks operating on top of the public Internet.

Privacy

HHS recognizes that there are important issues relating to the protection of information in an electronic health information exchange environment. Maintaining the privacy and security of information shared through the electronic exchange of health information is paramount. We believe that the use of health IT in accordance with appropriate polices can protect private information more successfully than can be done with paper records , can make it easier for individuals and their doctors to access and share health information, and can improve care coordination. Just as it was a core value underpinning the enactment of HIPAA in 1996, so too today, privacy is critical to the success of our new nationwide, interoperable health IT vision.

The Standards for Privacy of Individually Identifiable Health Information – better known as the HIPAA Privacy Rule have been in operation for the past five years, and have proven their workability and adaptability for the broad range of health plans and health care providers charged with keeping health information secure and confidential. HHS’ Office for Civil Rights (OCR) has a solid record of enforcement of these standards, having brought about significant and systemic improvements in compliance by over 6,100 covered entities as a result of its investigations and the voluntary compliance efforts of the entities.

The Privacy Rule is carefully balanced to ensure strong privacy protections without impeding the flow of information necessary to provide access to quality health care. To that end, the Rule permits covered entities to share protected health information for core purposes – to treat the individual, to obtain payment for the health care service provided, and for health care operations – without obtaining the individual’s prior authorization. The Privacy Rule also permits other uses and disclosures of protected health information without an individual’s authorization, including those disclosures necessary for a limited number of public interest disclosures, such as for public health purposes. Additionally, of course, the individual may authorize in writing any other use or disclosure of protected health information, and must do so before a covered entity may use or disclose such information to market the goods or services of another to the individual. These protections apply to protected health information whether in paper or electronic form, and thus have proven effective in protecting information in electronic health record systems in existence today.

The HIPAA Privacy and Security Rules will also serve as an effective baseline of protections as we begin to transform health care through the use of healthIT and the electronic exchange of information through secure interoperable, interconnected networks. A privacy and security framework for the exchange of electronic health information built on the foundation of HIPAA, permits us to explore the enormous potential of health IT to bring new opportunities for consumer participation in and choices about their own healthcare, while effectively identifying and addressing new risks to privacy and new opportunities to secure health information. Together with public input through several advisory bodies, the Department is actively examining these issues. For example, healthIT can make it easier and faster to effectuate the individual’s rights under HIPAA to access and get a copy of their medical record, to have that record amended if it is incomplete or incorrect, and to know about certain disclosures of their information. We are equally concerned with the potential risks to privacy as a result of the easier flow of information through health IT. As the roles of vendors and service providers in the NHIN evolves, we will need to ensure that a privacy and security framework that guides their responsibilities and obligations to consumers, without unduly restraining the development or adoption of health IT.

Linking Quality and Health IT

The intersection between research and the application of how new knowledge is applied to improve care is the Agency for Healthcare Research and Quality’s (AHRQ) unique contribution to the health IT enterprise. Accordingly, the AHRQ Health IT program explicitly researches how health IT tools can improve the quality of health care, while ONC focuses on advancing the adoption and interoperability of health IT.

Since 2004, AHRQ has invested $260 million to support and stimulate investment in health IT. This translates to almost 200 projects in 48 States, many of which projects have been focused towards rural and underserved populations.

AHRQ-funded projects cover a broad range of health IT tools and systems, including electronic health records, personal health records (a term that specifically denotes health information collected by and under the control of the patient), health information exchange, electronic prescribing, privacy and security, clinical decision support, quality measurement, patient-centered care, provider workflow, and Medicaid technical assistance.