Health Care

Continued Leadership Needed to Define and Implement Information Technology Standards Gao ID: GAO-05-1054T September 29, 2005

Health care delivery in the United States has long-standing problems with medical errors and inefficiencies that increase costs. Hence, health information technology (IT) has great potential to improve the quality of care, bolster preparedness of our public health infrastructure, and save money on administrative costs. The threats of natural disasters and terrorist attacks further underscore the need for interoperable information systems, and the critical importance of defining and implementing standards that would enable such interoperability. GAO has reported on the quality of care benefits derived by using IT, federal agencies' existing and planned information systems to support national preparedness for public health emergencies, and the status of health IT standards settings initiatives. The House Committee on Government Reform asked GAO to summarize (1) its previously issued reports and recommendations on health IT standards and (2) recent actions taken by HHS to facilitate the development of health IT standards.

As GAO reported in 2003, health care data, communications, and security standards are necessary to support interoperability between IT systems; however, the identification and implementation of such standards at that time was incomplete across the health care industry. Further, while several standard setting initiatives were underway, GAO raised concerns about coordinating and implementing these initiatives. To address these coordination and implementation challenges, it recommended that the Secretary of Health and Human Services (HHS), among other things, reach further consensus across the health care industry on the definition and use of standards, establish milestones for defining and implementing these standards, and create a mechanism to monitor their implementation throughout the health care industry. Last summer, GAO testified before the House Committee on Government Reform's technology subcommittee, highlighting progress made in announcing additional standards and plans to incorporate standard setting initiatives into the Federal Health Architecture. GAO reported that progress in assuming leadership had occurred with the President's establishment of the National Coordinator for Health IT to guide the nationwide implementation of interoperable health information systems, but noted that as health IT initiatives were pursued, it would be essential to have continued leadership, clear direction, measurable goals, and mechanisms to monitor progress. In following up on these recommendations, GAO determined that HHS has taken several actions that should help to further define standards for the health care industry. First, the coordinator has assumed responsibility for the Federal Health Architecture that is expected to establish standards for interoperability and communication throughout the federal health community. Second, several HHS agencies continue their efforts to define standards as part of the department's Framework for Strategic Action. For example, the Agency for Healthcare Research and Quality is working with the private sector to identify standards for clinical messaging, drugs, and biological products. Third, HHS expects to award a contract to develop and evaluate a process to unify and harmonize industry-wide information standards. Fourth, in July of this year, HHS announced plans for a public-private committee to help transition the nation to electronic health records and to provide input and recommendations on standards. All of these are positive steps, however, much work remains to reach further consensus across the health care sector on the definition and use of standards. Until this occurs, federal agencies and others throughout the health care industry will not be able to ensure that their systems are capable of exchanging data when needed, and consequently will not be able to reap the cost, clinical care, and public health benefits associated with interoperability.

GAO-05-1054T, Health Care: Continued Leadership Needed to Define and Implement Information Technology Standards This is the accessible text file for GAO report number GAO-05-1054T entitled 'Health Care: Continued Leadership Needed to Define and Implement Information Technology Standards' which was released on September 30, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Committee on Government Reform, House of Representatives: For Release on Delivery: 10:00 a.m. EDT: September 29, 2005: Health Care: Continued Leadership Needed to Define and Implement Information Technology Standards: Statement of David A. Powner: Director, Information Technology Management Issues: GAO-05-1054T: GAO Highlights: Highlights of GAO-05-1054T, testimony before the Committee on Government Reform, House of Representatives: Why GAO Did This Study: Health care delivery in the United States has long-standing problems with medical errors and inefficiencies that increase costs. Hence, health information technology (IT) has great potential to improve the quality of care, bolster preparedness of our public health infrastructure, and save money on administrative costs. The threats of natural disasters and terrorist attacks further underscore the need for interoperable information systems, and the critical importance of defining and implementing standards that would enable such interoperability. GAO has reported on the quality of care benefits derived by using IT, federal agencies‘ existing and planned information systems to support national preparedness for public health emergencies, and the status of health IT standards settings initiatives. The House Committee on Government Reform asked GAO to summarize (1) its previously issued reports and recommendations on health IT standards and (2) recent actions taken by HHS to facilitate the development of health IT standards. What GAO Found: As GAO reported in 2003, health care data, communications, and security standards are necessary to support interoperability between IT systems; however, the identification and implementation of such standards at that time was incomplete across the health care industry. Further, while several standard setting initiatives were underway, GAO raised concerns about coordinating and implementing these initiatives. To address these coordination and implementation challenges, it recommended that the Secretary of Health and Human Services (HHS), among other things, reach further consensus across the health care industry on the definition and use of standards, establish milestones for defining and implementing these standards, and create a mechanism to monitor their implementation throughout the health care industry. Last summer, GAO testified before your technology subcommittee, highlighting progress made in announcing additional standards and plans to incorporate standard setting initiatives into the Federal Health Architecture. GAO reported that progress in assuming leadership had occurred with the President‘s establishment of the National Coordinator for Health IT to guide the nationwide implementation of interoperable health information systems, but noted that as health IT initiatives were pursued, it would be essential to have continued leadership, clear direction, measurable goals, and mechanisms to monitor progress. In following up on these recommendations, GAO determined that HHS has taken several actions that should help to further define standards for the health care industry. First, the coordinator has assumed responsibility for the Federal Health Architecture that is expected to establish standards for interoperability and communication throughout the federal health community. Second, several HHS agencies continue their efforts to define standards as part of the department's Framework for Strategic Action. For example, the Agency for Healthcare Research and Quality is working with the private sector to identify standards for clinical messaging, drugs, and biological products. Third, HHS expects to award a contract to develop and evaluate a process to unify and harmonize industry-wide information standards. Fourth, in July of this year, HHS announced plans for a public-private committee to help transition the nation to electronic health records and to provide input and recommendations on standards. All of these are positive steps, however, much work remains to reach further consensus across the health care sector on the definition and use of standards. Until this occurs, federal agencies and others throughout the health care industry will not be able to ensure that their systems are capable of exchanging data when needed, and consequently will not be able to reap the cost, clinical care, and public health benefits associated with interoperability. www.gao.gov/cgi-bin/getrpt?GAO-05-1054T. To view the full product, including the scope and methodology, click on the link above. For more information, contact David Powner at (202) 512- 9286 or pownerd@gao.gov. [End of section] Mr. Chairman and Members of the Committee: I am pleased to be here today to discuss the importance of defining and implementing standards to speed the adoption of interoperable information technology (IT) in the health care industry. It has been widely recognized that the use of IT for delivering care, supporting the public health infrastructure, and performing administrative functions has great potential to improve care, bolster preparedness, and save money. Health and Human Service's Secretary Leavitt recently stated that Hurricane Katrina has underscored the need for interoperable electronic health records as thousands of people have been separated from their health care providers, and medical records have been lost. Standards are critical to enabling this interoperability. At your request, today I will summarize (1) our previously issued reports and recommendations on health IT standards and (2) recent actions taken by the Department of Health and Human Services (HHS) to develop health IT standards. In preparing this testimony, we summarized our prior reports and updated progress toward implementing recommendations in accordance with generally accepted auditing standards. Results in Brief: We reported in 2003 that the identification and implementation of health care data, communications, and security standards--which are necessary to support interoperability of IT systems--remained incomplete across the health care industry. Further, while several standards-setting initiatives were underway, we raised concerns about the coordination of these initiatives. To address the challenges of coordinating and implementing a set of standards, we recommended that the Secretary of HHS, among other things, reach further consensus on the definition and use of standards, establish milestones for their definition and implementation, and create a mechanism to monitor their implementation throughout the health care industry. Following up on our recommendations, last summer we testified before your technology subcommittee, highlighting progress made in announcing additional standards and plans to incorporate standard setting initiatives into the federal health architecture. We also reported that progress in assuming leadership had occurred with the President's establishment of the National Coordinator for Health IT, but noted that it was essential to have continued leadership, clear direction, measurable goals, and mechanisms to monitor progress. In following up on our recommendations, we determined that HHS has taken several actions that should help to further define standards for the health care industry. First, the Office of the National Coordinator for Health Information Technology has assumed responsibility for developing a federal health architecture that is expected to, among other things, establish standards for interoperability and communication throughout the federal health community. Second, several HHS agencies continue to further define standards as part of the Framework for Strategic Action. For example, the Agency for Healthcare Research and Quality is working with the private sector to identify standards for clinical messaging, drugs, and biological products. Third, HHS expects to award a contract to develop and evaluate a process to unify and harmonize industry-wide information standards. Fourth, in July of this year, a public-private committee was formed to help transition the nation to electronic health records and to provide input and recommendations on the standards and other issues. Although the Coordinator has provided needed leadership and direction, much work remains to reach further consensus on the definition and use of standards. Until this successfully occurs and health IT standards are more fully implemented, federal agencies and others throughout the health care industry cannot ensure that their systems will be capable of exchanging data with other systems when needed, and consequently will not be able to reap the cost, clinical care, and public health benefits associated with interoperability. Background: According to the Institute of Medicine, health care delivery in the United States has long-standing problems with medical errors and inefficiencies that increase health care costs. The U.S. health care delivery system is an information-intensive industry that is complex and highly fragmented, with estimated spending of $1.7 trillion in 2003. Hence, the uses of IT--in delivering clinical care, performing administrative functions, and supporting the public health infrastructure--have the potential to yield both cost savings and improvements in the care itself. Information technologies such as electronic health records (EHR)[Footnote 1] have been shown to save money and reduce medical errors. Key Standards for Health Care: IT standards, including data standards, enable the interoperability and portability[Footnote 2] of systems within and across organizations. Many different standards are required to develop interoperable health information systems. This reflects the complex nature of health care delivery in the United States.[Footnote 3] Vocabulary standards, which provide common definitions and codes for medical terms and determine how information will be documented for diagnoses and procedures, are an important type of data standard. These standards are intended to lead to consistent descriptions of a patient's medical condition by all practitioners. The use of common terminology helps in the clinical care delivery process, enables consistent data analysis from organization to organization, and facilitates transmission of information. Without such standards, the terms used to describe the same diagnoses and procedures sometimes vary. For example, the condition known as hepatitis may also be described as a liver inflammation. The use of different terms to indicate the same condition or treatment complicates retrieval and reduces the reliability and consistency of data. In addition to vocabulary standards, messaging standards are important because they provide for the uniform and predictable electronic exchange of data by establishing the order and sequence of data during transmission. These standards dictate the segments in a specific medical transmission. For example, they might require the first segment to include the patient's name, hospital number, and birth date. A series of subsequent segments might transmit the results of a complete blood count, dictating one result (e.g., iron content) per segment. Messaging standards can be adopted to enable intelligible communication between organizations via the Internet or some other communications pathway. Without them, the interoperability of federal agencies' systems may be limited and may limit the exchange of data that are available for information sharing. In addition to vocabulary and messaging standards, there is also the need for a high degree of security and confidentiality to protect medical information from unauthorized disclosure. Need for Standards Has Been Recognized: The need for heath care standards has been recognized for a number of years. The development, approval, and adoption of standards for health IT is an ongoing, long-term process and includes federally mandated standards requirements and a voluntary consensus process within a market-based health care industry. The use of some standards, such as those defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)[Footnote 4] and the Medicare Prescription Drug and Modernization Act of 2003[Footnote 5], is mandated by the federal government, while others are defined by standards development organizations such as the American Association of Medical Instrumentation and the National Council for Prescription Drug Programs. HHS identifies and researches standards defined by the organizations that develop them, and determines which of the approved ones are appropriate for use in federal agencies' health IT systems. In August 1996, Congress recognized the need for standards to improve the Medicare and Medicaid programs in particular and the efficiency and effectiveness of the health care system in general. It passed HIPAA, which calls for the industry to control the distribution and exchange of health care data and begin to adopt electronic data exchange standards to uniformly and securely exchange patient information. According to the National Committee on Vital and Health Statistics (NCVHS), significant progress has occurred on several HIPAA standards, however, the full economic benefits of administrative simplification will be realized only when all of them are in place. In 2000 and 2001, the NCVHS reported on the need for standards, highlighting the need for uniform standards for patient medical record information, and outlining a strategy that included their development and use. The Institute of Medicine and others had also reported on the lack of national standards for the coding and classification of clinical and other health care data, and for the secure transmission and sharing of such data. In 2001, the Office of Management and Budget created the Consolidated Health Informatics (CHI) initiative as one of its e-government projects to facilitate the adoption of data standards for, among others, health care systems within the federal government. The CHI initiative was an interagency work group led by HHS and composed of representatives from the Departments of Defense and Veterans Affairs, as well as other agencies. Recognizing the need to incorporate standards across federal health care systems, the group announced in March 2003 the adoption of 5, and in May 2004 the adoption of another 15. Once federal agencies adopted the recommended standards, they were expected to incorporate them into their architectures and build systems accordingly. This expectation applied to all new systems acquisition and development projects. In April 2004, the President issued an executive order that called for the establishment of a National Coordinator for Health IT and the issuance of a strategic plan to guide the nationwide implementation of interoperable health information systems. The National Coordinator for Health IT was appointed in May 2004; in July 2004, HHS released a framework for strategic action--the first step toward a national strategy. The framework defines goals and strategies that are to be implemented in three phases. Phase I focuses on the development of market institutions[Footnote 6] to lower the risk of health IT procurement, phase II involves investment in clinical management tools and capabilities, and phase III supports the transition of the market to robust quality and performance accountability. The framework includes a commitment to standards and reiterates that a key component of progress towards interoperable health information systems is the development of technically sound interoperability standards. Actions Needed for Implementation of Health Information Technology Standards: In May 2003, we reported that federal agencies recognized the need for health care standards and were making efforts to strengthen and increase their use.[Footnote 7] However, while they had made progress in defining standards, the identification and implementation of data standards necessary to support interoperability were incomplete across the health care sector. First, agencies lacked mechanisms that could coordinate their various efforts so as to accelerate the completion of standards development and ensure consensus among stakeholders. The process of developing health care data standards involves many diverse entities, such as individual and group practices, software developers, domain-specific professional associations, and allied health services. This fragmentation slowed the dissemination and adoption of standards by making it difficult to convene all of the relevant stakeholders and subject matter experts in standards development meetings and to reach consensus within a reasonable period of time. Second, not all of the federal government's standard setting initiatives had milestones associated with efforts to define and implement standards. For example, while the CHI initiative--the primary initiative to establish standards for federal health programs--had announced several standards and implementation requirements for health care information exchange, it had not yet established milestones for future announcements. Finally, there was no mechanism to monitor the implementation of standards throughout the health care industry. NCVHS had reported on a need for a mechanism, such as compliance testing, to ensure that health care standards were uniformly adopted as part of a national strategy, but without an implementation mechanism and leadership at the national level, problems associated with systems' incompatibility and lack of interoperability would persist throughout the different levels of government and the private sector and, consequently, throughout the health care sector. We stated that until these challenges were addressed, agencies risked promulgating piecemeal and disparate systems unable to exchange data with each other when needed, and that this could hinder the prompt and accurate detection of public health threats. We recommended that the Secretary of HHS define activities for ensuring that the various standards-setting organizations coordinate their efforts and reach further consensus on the definition and use of standards; establish milestones for defining and implementing standards; and create a mechanism to monitor the implementation of standards through the health care industry. Following up on our recommendations, we testified in July 2004 on HHS's efforts to identify applicable standards throughout the health care industry and across federal health care programs.[Footnote 8] Progress was continuing with the establishment of the National Coordinator for Health IT, who, among other things, assumed federal leadership to expedite the standards development process in order to accelerate the use of EHRs. The Coordinator also assumed responsibility for identifying standards for federal health programs as part of the CHI initiative. While plans for the CHI initiative called for it to be incorporated into HHS's Federal Health Architecture[Footnote 9] by September 2004, many issues--such as coordination of the various standards-setting efforts and implementation of the standards that had been identified--were still works in progress. We reiterated our conclusions that unless these standards were more fully implemented, federal agencies and others throughout the health care industry could not ensure that their systems would be capable of exchanging data with other systems when needed. Further, we concluded that as federal health IT initiatives moved forward, it would be essential to have continued leadership, clear direction, measurable goals, and mechanisms to monitor progress. In June of this year, we issued a report to this committee on the challenges faced by federal agencies in implementing the public health infrastructure.[Footnote 10] We reported that, among others, HHS's Centers for Disease Control and Prevention and the Department of Homeland Security faced challenges developing and adopting consistent standards to encourage interoperability of public health initiatives. Recent Actions Taken by HHS to Develop Health Information Technology Standards: Following up on our recommendations, we reported in May 2005 that HHS was working towards a national strategy for health IT that called for a sustained set of actions to help to further define standards for the health care industry. The Office of the National Coordinator for Health IT is now responsible for the FHA program, which is to provide the structure or "architecture" for collaboration and interoperability among federal health efforts. FHA partners are responsible for improving coordination and collaboration on federal health IT investments and improving efficiency, standardization, reliability, and availability of comprehensive health information solutions. This fall, HHS plans to produce the first release of an information architecture for the federal health enterprise. This release will contain foundational elements to support the development and evolution of the full architecture, which will occur over several years. In addition, the CHI activities are now moving forward under the FHA. HHS, through the CHI initiative, is encouraging the implementation of standards within the federal government to order to catalyze private sector action in this area. Progress towards achieving standards and policies is a key component of progress toward the implementation of a national strategy that provides interoperable health IT systems. The framework also builds upon already existing work in HHS divisions and includes plans to identify and learn from agencies' experiences. HHS divisions have been and continue to be responsible for selecting and adopting standards. Among other activities: * The Agency for Healthcare Research and Quality is working to identify and establish clinical standards and research to help accelerate the adoption of interoperable health IT systems, including industry clinical messaging and terminology standards, national standard nomenclature for drugs and biological products, and standards related to clinical terminology. * The Centers for Medicare and Medicaid are responsible for identifying and adopting standards for e-prescribing and for implementing the administrative simplification provisions of HIPAA, including electronic transactions and code sets, security, and identifiers. * The National Institutes of Health's National Library of Medicine is working on the implementation of standard clinical vocabularies, including support for and development of selected standard clinical vocabularies to enable ongoing maintenance and free use within the United States' health communities, both private and public. In 2003, the National Library of Medicine obtained a perpetual license for the Systematized Nomenclature of Medicine (SNOMED)[Footnote 11] standard and ongoing updates, making SNOMED available to U.S. users. Other efforts at the National Library of Medicine include the uniform distribution and mapping of HIPAA code sets, standard vocabularies, and Health Level 7[Footnote 12] code sets. * The Centers for Disease Control and Prevention, through its Public Health Information Network initiative, is working on the development of shared data models, data standards, and controlled vocabularies for electronic laboratory reporting and public health information exchange that are compatible with federal standards activities such as CHI. * The Food and Drug Administration and the National Institutes of Health, together with the Clinical Data Interchange Standards Consortium (a group of over 40 pharmaceutical companies and clinical research organizations), have developed a standard for representing observations made in clinical trials--the Study Data Tabulation Model. HHS expects to award a contract to develop and evaluate a process to unify and harmonize industry-wide information standards. In June 2005, HHS issued four requests for proposals (RFPs)[Footnote 13]. The department also expects to award contracts based on these proposals by October 2005. The proposals focus on four areas, including the development of a process to unify and harmonize industry-wide health information standards development, maintenance and refinements over time. The standards-focused RFP states that the current landscape of standards does not ensure interoperability due to many factors such as conflicting and incomplete standards. The other RFPs include (1) the development of a certification process for health IT to assure consistency with standards, (2) the development of prototypes for a nationwide health information network architecture for widespread health information exchange, and (3) an assessment of variations in organization-level business policies and state laws that affect privacy and security practices. In addition, in July of this year, HHS announced plans for a public- private committee--known as the American Health Information Community- -to help transition the nation to electronic health records and to provide input and recommendations on standards. Chaired by the Secretary of HHS, it will provide input and recommendations on use of common standards and how interoperability among EHRs can be achieved while assuring that the privacy and security of those records are protected. HHS is also working with other private sector groups to develop standards and certification requirements for EHR functionality in order to reduce the risk of implementation failure. The importance of a national health information network that integrates interoperable databases was just recently highlighted when the Office of the National Coordinator for Health IT facilitated the rapid development of a Web-base portal to access prescription information for Katrina evacuees. This online service is to allow authorized health professionals to access medication and dosage information from anywhere in the country. A broad group of commercial pharmacies, government health insurance programs such as Medicaid, private insurers, and others compiled and made accessible the prescription data. Although the scope of this effort is much smaller than the national network and comprehensive EHRs (which contain much more than prescription information) envisioned, it demonstrates the need called for by the President. In summary, identifying and implementing health IT standards is essential to achieving interoperable systems and data in the health care industry and is critical in the pursuit of effective EHRs and public health systems. Although federal leadership has been established and plans and several actions have positioned HHS to further define and implement relevant standards, consensus on the definition and use of standards still needs to occur. Otherwise, the health care industry will continue to be plagued with incompatible systems that are incapable of exchanging key data that is critical to delivering care and responding to public health emergencies. HHS needs to provide continued leadership, sustained focus and attention, and mechanisms to monitor progress in order to bring about measurable improvements and achieve the President's goals. Mr. Chairman, this concludes my statement. I would be happy to answer any questions that you or members of the committee may have at this time. Contacts and Acknowledgements: If you should have any questions about this testimony, please contact me at (202) 512-9286 or by e-mail at powderd@gao.gov. Other individuals who made key contributions to this testimony are M. Yvonne Sanchez, Assistant Director, and Amos Tevelow. FOOTNOTES [1] There is a lack of consensus on what constitutes an EHR, and thus multiple definitions and names exist for EHRs, depending on the functions included. An EHR generally includes (1) a longitudinal collection of electronic health information about the health of an individual or the care provided, (2) immediate electronic access to patient-and population-level information by authorized users, (3) decision support to enhance the quality, safety, and efficiency of patient care, and (4) support of efficient processes for health care delivery. [2] Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged. Portability is the degree to which a computer program can be transferred from one hardware configuration or software environment to another. [3] GAO, Automated Medical Records: Leadership Needed to Expedite Standards Development, GAO/IMTEC-93-17 (Washington, D.C.: April 30, 1993). [4] Public Law 104-191, sec 262 (1996). [5] Public Law 108-173 (2003). [6] According to HHS, market institutions include certification organizations, group purchasing entities, and low-cost implementation support organizations that do not currently exist but are necessary to support clinicians as they procure and use IT. [7] GAO, Bioterrorism: Information Technology Strategy Could Strengthen Federal Agencies' Abilities to Respond to Public Health Emergencies, GAO-03-139 (Washington, D.C.: May 30, 2003). [8] GAO, Health Care: National Strategy Needed to Accelerate the Implementation of Information Technology, GAO-04-947T (Washington, D.C.: July 14, 2004). [9] FHA was initiated in 2003 in HHS's Office of the Chief Information Officer. It is intended to provide a structure for bringing HHS's divisions and other federal departments together, initially targeting standards for enabling interoperability. The FHA program is supported by four advisory work groups. [10] GAO, Information Technology: Federal Agencies Face Challenges in Implementing Initiatives to Improve Public Health Infrastructure, GAO- 05-308 (Washington, D.C.: June10, 2005). [11] SNOMED is a nomenclature classification for indexing medical vocabulary, including signs, symptoms, diagnoses, and procedures. It was adopted as a CHI standard in May 2004. [12] HL7 is a standards development organization that creates message format standards for electronic exchange of health information [13] In November 2004, HHS issued a request for information seeking public input and ideas for developing a national health information network and received over 500 responses.