HHS's Efforts to Promote Health Information Technology and Legal Barriers to Its Adoption
Gao ID: GAO-04-991R August 13, 2004
Studies published by the Institute of Medicine and others have indicated that fragmented, disorganized, and inaccessible clinical information adversely affects the quality of health care and compromises patient safety. Health information technology (IT)--technology used to collect, store, retrieve, and transfer clinical, administrative, and financial health information electronically--is seen as a promising solution to this problem. Technologies such as electronic health records (EHR) and bar coding of certain human drug and biological product labels have been shown to save money and reduce medical errors. However, only a small number of U.S. health care providers have fully adopted health IT. Significant financial, technical, cultural, and legal barriers to the adoption of health IT exist. The Department of Health and Human Services (HHS), as a regulator, purchaser, health care provider, and sponsor of research, education, and training, has been working to promote the use of IT in public and private health care settings. There is no comprehensive catalogue of HHS' health IT efforts, however, and little is known about the nature and extent of the legal barriers and HHS's efforts to address them. The Chairman, Senate Committee on Health, Education, Labor, and Pensions, asked us to review HHS' activities to promote health IT. We examined the following questions: (1) What are the major HHS initiatives for promoting the adoption of health IT by public and private health care providers? (2) What are the legal barriers to the adoption of health IT by health care providers, and what is HHS doing to surmount them?
HHS reported that it has 19 major health IT initiatives that cover a broad range of activities and participants. In fiscal year 2004, HHS provided about $228 million for these initiatives. Some of them are designed to provide overall leadership and coordination for health IT across HHS, other federal agencies, and other public- and private-sector organizations. The majority of initiatives and most of the funding, however, are for health IT programmatic activities and grant programs administered by HHS operating divisions such as the Agency for Healthcare Research and Quality (AHRQ) and the Centers for Medicare and Medicaid Services (CMS). These initiatives range from support for the development of standard clinical terminologies to funding of demonstrations of health information systems. On July 21, 2004, the National Health Information Technology Coordinator delivered a framework for strategic action to the Secretary of HHS for promoting the adoption of health IT. Various laws present barriers to adoption of health IT, and at the time of our review HHS' efforts to address these barriers had been limited in scope. Experts we interviewed indicated that beyond legal issues related to the privacy and security of health information, there are various laws--some specifically health-related and some not--that present barriers to the adoption of health IT. These laws involve fraud and abuse, antitrust, federal income tax, intellectual property, malpractice, and state licensing. In the area of fraud and abuse, for example, both the Physician Self-Referral (Stark) Law and the Anti-kickback Law present barriers by impeding the establishment of arrangements between providers--such as the provision of IT resources--that would otherwise promote the adoption of health IT. Because the laws frequently do not address health IT arrangements directly, health care providers are uncertain about what would constitute violations of the laws or create a risk of litigation. To the extent there are uncertainties and ambiguity in predicting legal consequences, health care providers are reluctant to take action and make significant investments in health IT. HHS has attempted to address some of the legal barriers posed by the fraud and abuse laws, but experts told us these efforts have not been sufficient to overcome the reluctance of the providers. Further, little attempt has been made by other federal agencies to address other laws that may present barriers.
GAO-04-991R, HHS's Efforts to Promote Health Information Technology and Legal Barriers to Its Adoption
This is the accessible text file for GAO report number GAO-04-991R
entitled 'HHS's Efforts to Promote Health Information Technology and
Legal Barriers to Its Adoption' which was released on August 13, 2004.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
August 13, 2004:
The Honorable Judd Gregg:
Chairman:
Committee on Health, Education, Labor, and Pensions:
United States Senate:
Subject: HHS's Efforts to Promote Health Information Technology and
Legal Barriers to Its Adoption:
Dear Mr. Chairman:
Studies published by the Institute of Medicine and others have
indicated that fragmented, disorganized, and inaccessible clinical
information adversely affects the quality of health care and
compromises patient safety.[Footnote 1] Health information technology
(IT)--technology used to collect, store, retrieve, and transfer
clinical, administrative, and financial health information
electronically--is seen as a promising solution to this problem.
Technologies such as electronic health records (EHR)[Footnote 2] and
bar coding of certain human drug and biological product labels have
been shown to save money and reduce medical errors. However, only a
small number of U.S. health care providers have fully adopted health
IT. Significant financial, technical, cultural, and legal barriers to
the adoption of health IT exist. These include a lack of access to
capital, a lack of data standards, and resistance from health care
providers.
The Department of Health and Human Services (HHS), as a regulator,
purchaser, health care provider, and sponsor of research, education,
and training, has been working to promote the use of IT in public and
private health care settings.[Footnote 3] There is no comprehensive
catalogue of HHS's health IT efforts, however, and little is known
about the nature and extent of the legal barriers and HHS's efforts to
address them.
You asked us to review HHS's activities to promote health IT. We
examined the following questions: (1) What are the major HHS
initiatives for promoting the adoption of health IT by public and
private health care providers? (2) What are the legal barriers to the
adoption of health IT by health care providers, and what is HHS doing
to surmount them? Enclosure I contains the briefing on the results of
our study that we discussed with your staff on July 13, 2004.
To describe HHS's health IT initiatives, we asked HHS to identify its
major activities in this area, reviewed agency documents, interviewed
relevant HHS officials, and incorporated information from our earlier
work on health IT. We primarily focused on health IT used in clinical
health care delivery (e.g., EHR) and did not examine disease
surveillance systems and telemedicine. Some HHS IT initiatives we
describe have recently been implemented or are still in the planning
stages, and so results to date are limited. In addition, the status of
the initiatives is subject to change pending completion of an
organizational review by the newly established HHS Office of the
National Coordinator for Health Information Technology (ONCHIT). To
identify legal barriers, we reviewed the literature and interviewed HHS
and other federal officials, health care providers, health care
attorneys, and other health IT experts. We did not address barriers
that may be associated with privacy and security issues. We performed
our work from May 2004 through August 2004 in accordance with generally
accepted government auditing standards.
Summary:
HHS reported that it has 19 major health IT initiatives that cover a
broad range of activities and participants. In fiscal year 2004, HHS
provided about $228 million for these initiatives. Some of them--the
Council on the Application of Health Information Technology (CAHIT),
the National Health Information Infrastructure (NHII), the Consolidated
Health Informatics (CHI) Initiative, and the Federal Health
Architecture (FHA)--are designed to provide overall leadership and
coordination for health IT across HHS, other federal agencies, and
other public-and private-sector organizations. The majority of
initiatives and most of the funding, however, are for health IT
programmatic activities and grant programs administered by HHS
operating divisions such as the Agency for Healthcare Research and
Quality (AHRQ) and the Centers for Medicare and Medicaid Services
(CMS). These initiatives range from support for the development of
standard clinical terminologies to funding of demonstrations of health
information systems. On July 21, 2004, the National Health Information
Technology Coordinator delivered a framework for strategic action to
the Secretary of HHS for promoting the adoption of health IT.
Various laws present barriers to adoption of health IT, and at the time
of our review HHS's efforts to address these barriers had been limited
in scope. Experts we interviewed indicated that beyond legal issues
related to the privacy and security of health information, there are
various laws--some specifically health-related and some not--that
present barriers to the adoption of health IT. These laws involve fraud
and abuse, antitrust, federal income tax, intellectual property,
malpractice, and state licensing. In the area of fraud and abuse, for
example, both the Physician Self-Referral (Stark) Law and the Anti-
kickback Law present barriers by impeding the establishment of
arrangements between providers--such as the provision of IT resources-
-that would otherwise promote the adoption of health IT. Because the
laws frequently do not address health IT arrangements directly, health
care providers are uncertain about what would constitute violations of
the laws or create a risk of litigation. To the extent there are
uncertainties and ambiguity in predicting legal consequences, health
care providers are reluctant to take action and make significant
investments in health IT. HHS has attempted to address some of the
legal barriers posed by the fraud and abuse laws, but experts told us
these efforts have not been sufficient to overcome the reluctance of
the providers. Further, little attempt has been made by other federal
agencies to address other laws that may present barriers.
Agency Comments:
HHS reviewed a draft of this report and provided comments. HHS asked us
to highlight other actions it has taken to advance health IT in areas
such as privacy and security standards, disease surveillance systems,
and telemedicine. However, as we noted in the report, our work was
focused on health IT used in clinical health care delivery (EHR, for
example) and not on other health IT issues. HHS emphasized that the
federal anti-kickback and self-referral statutes provide important
protections against fraud and abuse, and that exceptions or safe
harbors from these statutes must be carefully crafted to exclude
abusive arrangements. We recognize the significant role these laws play
in deterring fraud and abuse, but the experts we consulted consistently
told us that these laws present barriers to the adoption of health IT.
In particular, we found that there was uncertainty about what would
constitute a violation of the law and this uncertainty itself created a
barrier for promoting beneficial health IT arrangements. HHS's written
comments and our more detailed responses to them are in enclosure II.
HHS also provided technical comments, which we incorporated as
appropriate.
We are sending copies of this report to the Secretary of Health and
Human Services and other interested officials. We will also provide
copies to others on request. In addition, the report will be available
at no charge on the GAO Web site at http://www.gao.gov. If you or your
staff have any questions or need additional information, please contact
me at (202) 512-7119. Another contact and key contributors are listed
in enclosure III.
Sincerely yours,
Signed by:
Janet Heinrich:
Director, Health Care--Public Health Issues:
Enclosures - 3:
Enclosure I:
[See PDF for images]
[End of slide presentation]
[End of section]
Enclosure II: Comments from the U.S. Department of Health and Human
Services:
DEPARTMENT OF HEALTH & HUMAN SERVICES:
Office of inspector General:
AUG 9 2004:
Ms. Janet Heinrich:
Director, Health Care - Public Health Issues:
United States Government Accountability Office:
Washington, D.C. 20548:
Dear Ms. Heinrich:
Enclosed are the Department's comments on your draft correspondence
entitled, "HHS's Efforts to Promote Health Information Technology and
Legal Barriers to Its Adoption" (GAO-04-991 R). The comments represent
the tentative position of the Department and are subject to
reevaluation when the final version of this report is received.
The Department provided several technical comments directly to your
staff.
The Department appreciates the opportunity to comment on this draft
report before its publication.
Sincerely,
Signed by:
Dara Corrigan:
Acting Principal Deputy Inspector General:
Enclosure:
The Office of Inspector General (OIG) is transmitting the Department's
response to this draft report in our capacity as the Department's
designated focal point and coordinator for Government Accountability
Office reports. OIG has not conducted an independent assessment of
these comments and therefore expresses no opinion on them.
Department of Health and Human Services Comments on Government
Accountability Office's Correspondence entitled "HHS 's Efforts to
Promote Health Information Technology And Legal Barriers to Its
Adoption "(GAO-04-991R):
Department of Health and Human Services (HHS) Secretary Tommy G.
Thompson enthusiastically supports the promotion of health information
technology (HIT) and has been actively supporting it. In May and late
July, he held summits on HIT, noting that "America needs to move much
faster to adopt information technology in our health care system." He
is moving HHS forward with the appointment of Dr. David Brailer, the
release of the Framework for Strategic Action, and the launching of the
slide show "Decade of HIT." GAO's proposed correspondence provides a
baseline to kick-off the decade.
1. A general weakness of the slide presentation is that it focuses
narrowly on the electronic health records (EHR) and does not
acknowledge systems issues of interoperability among providers, the
personal health record, or linkages to public health. There is also no
sense of the challenge for public policy in developing appropriate
incentives for the adoption of the EHR in the private sector.
2. This report does not address the efforts HHS has made to advance HIT
by adopting privacy and security standards for health information, as
well as standards for electronic transactions. It should be noted that
HHS has adopted, under Health Insurance Portability and Accountability
Act, final rules regarding the privacy and security of health
information and standards for electronic transactions. The Department
has begun enforcing the Privacy Rule and Transactions Rule, and will
begin enforcing the Security Rule in April 2005. While there are some
issues that may need to be worked out with respect to compliance with
the Privacy and Security Rules in adopting HIT, these protections help
address one of the President's goals set forth in his Executive Order
and could help overcome significant barriers to adoption of HIT.
3. The report fails to address the risk of fraud or abuse that might
arise when hospitals or other entities give valuable items or services
to potential referral sources. The Federal anti-kickback statute and
the Federal physician self-referral law provide important protections
against fraud and abuse. In enacting these statutes, Congress sought to
curb improper financial incentives that distort medical decision-
making, potentially harming the Federal health care programs and their
beneficiaries. Improper financial incentives can lead, directly or
indirectly, to overutilization of items and services, increased costs
to programs and beneficiaries, compromised medical judgment, and unfair
competition.
In this regard, the first bullet on page 48 of Enclosure 1 appears to
suggest, inappropriately, that "all arrangements that parties may wish
to establish to promote the adoption of HIT" should be subject to a
physician self-referral exception or anti-kickback statute safe harbor.
In addition, on page 46 of the enclosure, GAO asserts that physician
reluctance to pay for HIT is the only reason hospitals might wish to
furnish physicians with HIT hardware, software, or other resources.
There is legitimate concern, however, that hospitals or other providers
or suppliers may provide free or deeply
discounted HIT to physicians (particularly physicians whom they do not
employ) in an effort to influence referral decisions, which may result
in fraud or abuse. For example, an arrangement that links the provision
of free HIT to the generation of a volume of referrals for the entity
providing the HIT could result in physicians over-ordering services or
inappropriately steering beneficiaries to particular providers (and
potentially restricting beneficiary choice) in order to "earn" the free
HIT. Similarly, larger entities with deeper pockets and greater ability
to fund HIT may compete for referrals of Federal health care program
business by offering free HIT, potentially disadvantaging smaller or
publicly-funded entities, such as some community hospitals.
Accordingly, we believe the report should recognize that creating
physician self-referral law exceptions and anti-kickback statute safe
harbors requires careful consideration of the potential for fraud and
abuse. Any exceptions or safe harbors would need to be crafted
carefully to exclude abusive arrangements.
4. We disagree with the assertion that "[b]ecause [fraud and abuse laws
and other laws] frequently do not address HIT arrangements directly,
health care providers are uncertain about what would constitute
violations of those laws or create a risk of litigation" (page 3 of the
report and page 45 of Enclosure 1). We disagree that Federal health
care program fraud and abuse laws are unclear or that parties do not
understand what the laws prohibit. The fact that these and other laws
do not specifically address HIT arrangements does not mean that their
applicability to such arrangements is unclear or unpredictable.
5. We disagree with the suggestion in the third bullet on page 48 of
Enclosure 1 that an Office of Inspector General (OIG) advisory opinion
is of limited practical value. A favorable advisory opinion ensures
that the recipient will not be subject to OIG sanctions. We believe the
bullet would be more accurate if it stated that "such case-by-case
guidance is not an appropriate mechanism for addressing broader
industry concerns." We believe this statement more clearly reflects the
intent of the bullet point.
6. Also on page 46 of Enclosure 1, it should be noted that the Centers
for Medicare and Medicaid Services (CMS) has accepted public comments
and is currently engaged in rulemaking with respect to the community-
wide HIT exception, including the definition of the term "community-
wide."
7. The report concludes in several places that the Federal physician
self-referral law and anti-kickback statute inhibit arrangements
between physicians and hospitals or other entities that would promote
adoption of HIT. We think it worth noting that barriers exist unrelated
to these statutes, including cost and physician resistance to the use
of HIT.
8. We do not believe that there is unanimous agreement that hospitals
should pay for HIT used by physicians who are not employed by hospitals
and who will use the IT resources in the context of their own office
practices.
9. We note that the report appears to suggest that HHS has failed to
address antitrust, tax, intellectual property, malpractice liability,
and state licensing laws. HHS has no legal jurisdiction over those
laws.
10. The report neglects to mention the role of the National Committee
on Vital Health Statistics (NCVHS) as specified in the Medicare
Prescription Drug, Improvement and Modernization Act, and progress to
date. NCVHS is mentioned later in several places, but there is no
context for this information.
11. GAO provided guidance that telehealth/telemedicine initiatives
should be excluded in the inventory of programs. Health Resources and
Services Administrations program incorporates many of the goals and
activities described in the GAO slides. Therefore, it may now be
relevant to include information about the Telehealth Network Grant
Program.
GAO's Responses to HHS's Comments:
HHS provided 11 specific comments about various issues in the draft
report, and our response to these comments is as follows:
Background and Scope of Work:
HHS commented that our briefing slides had a narrow focus and did not
acknowledge other actions it has taken in areas such as
interoperability, privacy and security standards for health
information, and telehealth/telemedicine (comments 1, 2, and 11). We
were specifically asked by our requestor to focus our work on health IT
used in clinical health care delivery (e.g., EHR) and not on other
health IT issues. In addition, we were asked to look at specific legal
barriers to the adoption of health IT that did not include privacy and
security concerns. HHS also said that besides the self-referral and
anti-kickback laws, there are other barriers to the adoption of health
IT, including cost and physician resistance (comment 7). We described
those barriers on page 12. HHS provided additional information about
the role of the National Committee on Vital and Health Statistics as
specified in the Medicare Prescription Drug, Improvement, and
Modernization Act of 2003 (comment 10). We added this information to
the background section of our briefing slides.
Legal Barriers:
HHS stated that we failed to address the risk of fraud and abuse when
hospitals or other entities give valuable items or services to
potential referral sources (comment 3). We recognize the role the
federal fraud and abuse laws play in deterring such health care
violations but experts consistently told us that these laws present a
barrier to the adoption of health IT. We revised our report in response
to HHS's comment that is difficult to craft appropriate safe harbors
that would prevent fraud and abuse.
HHS disagreed that fraud and abuse and other relevant laws are unclear
and that health care providers are uncertain about what may constitute
violations of those laws or create risks of litigation (comment 4).
However, health care providers, attorneys, and other experts
consistently told us that they were uncertain about the application of
the laws to health care IT and what may constitute statutory violations
or create risks of litigation. This uncertainty constitutes a barrier
for promoting beneficial health IT arrangements.
HHS disagreed with our conclusion that an Office of Inspector General
advisory opinion is of limited practical value and suggested
alternative wording (comment 5). We revised the wording as suggested.
In its technical comments, HHS also noted that the Secretary can issue
an advisory opinion on whether a health IT arrangement would violate
the self-referral law, and we added this information to our report. We
also revised our report to reflect that CMS has accepted public comment
on the March 26, 2004 interim rule and is currently engaged in
rulemaking with respect to the definition of "community-wide" (comment
6).
HHS said that there is not unanimous agreement that hospitals should
pay for health IT used by physicians who are not employed by hospitals
and who will use the IT resources in their office practices (comment
8). We did not suggest that hospitals should pay for health IT for
physicians. Experts told us that if hospitals want to develop such
arrangements, the fraud and abuse laws may be barriers.
Finally, HHS clarified that HHS has no legal jurisdiction over
antitrust, tax, intellectual property, malpractice liability and state
licensing laws and therefore cannot address these barriers (comment 9).
We revised our report to make this distinction clear.
[End of section]
Enclosure III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Martin T. Gahart, (202) 512-3596:
Acknowledgments:
In addition to the person named above, Gigi Barsoum, Anne Dievler, M.
Saad Khan, Roseanne Price, M. Yvonne Sanchez, and Craig Winslow made
key contributions to this report.
(290385):
FOOTNOTES
[1] See, for example, Institute of Medicine. Crossing the Quality
Chasm: A New Health System for the 21st Century: (Washington, D.C.:
National Academy Press, 2001).
[2] An EHR generally includes a longitudinal collection of electronic
health information about the health of an individual or the care
provided; immediate electronic access to patient-and population-level
information by authorized users; decision support to enhance the
quality, safety, and efficiency of patient care; and support of
efficient processes for health care delivery.
[3] Outside of HHS, the Department of Veterans Affairs (VA) and the
Department of Defense (DOD) are considered by experts to be leaders in
the use of health IT, particularly in the adoption of EHR systems for
their constituents.