GAO-05-1054T, Health Care: Continued Leadership Needed to Define and Implement Information Technology Standards


This is the accessible text file for GAO report number GAO-05-1054T 
entitled 'Health Care: Continued Leadership Needed to Define and 
Implement Information Technology Standards' which was released on 
September 30, 2005. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 

GAO: 

Testimony: 

Before the Committee on Government Reform, House of Representatives: 

For Release on Delivery: 

10:00 a.m. EDT: 

September 29, 2005: 

Health Care: 

Continued Leadership Needed to Define and Implement Information 
Technology Standards: 

Statement of David A. Powner: 

Director, Information Technology Management Issues: 

GAO-05-1054T: 

GAO Highlights: 

Highlights of GAO-05-1054T, testimony before the Committee on 
Government Reform, House of Representatives: 

Why GAO Did This Study: 

Health care delivery in the United States has long-standing problems 
with medical errors and inefficiencies that increase costs. Hence, 
health information technology (IT) has great potential to improve the 
quality of care, bolster preparedness of our public health 
infrastructure, and save money on administrative costs. The threats of 
natural disasters and terrorist attacks further underscore the need for 
interoperable information systems, and the critical importance of 
defining and implementing standards that would enable such 
interoperability. 

GAO has reported on the quality of care benefits derived by using IT, 
federal agencies’ existing and planned information systems to support 
national preparedness for public health emergencies, and the status of 
health IT standards settings initiatives. 

The House Committee on Government Reform asked GAO to summarize (1) its 
previously issued reports and recommendations on health IT standards 
and (2) recent actions taken by HHS to facilitate the development of 
health IT standards. 

What GAO Found: 

As GAO reported in 2003, health care data, communications, and security 
standards are necessary to support interoperability between IT systems; 
however, the identification and implementation of such standards at 
that time was incomplete across the health care industry. Further, 
while several standard setting initiatives were underway, GAO raised 
concerns about coordinating and implementing these initiatives. To 
address these coordination and implementation challenges, it 
recommended that the Secretary of Health and Human Services (HHS), 
among other things, reach further consensus across the health care 
industry on the definition and use of standards, establish milestones 
for defining and implementing these standards, and create a mechanism 
to monitor their implementation throughout the health care industry. 
Last summer, GAO testified before your technology subcommittee, 
highlighting progress made in announcing additional standards and plans 
to incorporate standard setting initiatives into the Federal Health 
Architecture. GAO reported that progress in assuming leadership had 
occurred with the President’s establishment of the National Coordinator 
for Health IT to guide the nationwide implementation of interoperable 
health information systems, but noted that as health IT initiatives 
were pursued, it would be essential to have continued leadership, clear 
direction, measurable goals, and mechanisms to monitor progress. 

In following up on these recommendations, GAO determined that HHS has 
taken several actions that should help to further define standards for 
the health care industry. First, the coordinator has assumed 
responsibility for the Federal Health Architecture that is expected to 
establish standards for interoperability and communication throughout 
the federal health community. Second, several HHS agencies continue 
their efforts to define standards as part of the department's Framework 
for Strategic Action. For example, the Agency for Healthcare Research 
and Quality is working with the private sector to identify standards 
for clinical messaging, drugs, and biological products. Third, HHS 
expects to award a contract to develop and evaluate a process to unify 
and harmonize industry-wide information standards. Fourth, in July of 
this year, HHS announced plans for a public-private committee to help 
transition the nation to electronic health records and to provide input 
and recommendations on standards. All of these are positive steps, 
however, much work remains to reach further consensus across the health 
care sector on the definition and use of standards. Until this occurs, 
federal agencies and others throughout the health care industry will 
not be able to ensure that their systems are capable of exchanging data 
when needed, and consequently will not be able to reap the cost, 
clinical care, and public health benefits associated with 
interoperability. 

www.gao.gov/cgi-bin/getrpt?GAO-05-1054T. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact David Powner at (202) 512-
9286 or pownerd@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Committee: 

I am pleased to be here today to discuss the importance of defining and 
implementing standards to speed the adoption of interoperable 
information technology (IT) in the health care industry. It has been 
widely recognized that the use of IT for delivering care, supporting 
the public health infrastructure, and performing administrative 
functions has great potential to improve care, bolster preparedness, 
and save money. Health and Human Service's Secretary Leavitt recently 
stated that Hurricane Katrina has underscored the need for 
interoperable electronic health records as thousands of people have 
been separated from their health care providers, and medical records 
have been lost. Standards are critical to enabling this 
interoperability. 

At your request, today I will summarize (1) our previously issued 
reports and recommendations on health IT standards and (2) recent 
actions taken by the Department of Health and Human Services (HHS) to 
develop health IT standards. In preparing this testimony, we summarized 
our prior reports and updated progress toward implementing 
recommendations in accordance with generally accepted auditing 
standards. 

Results in Brief: 

We reported in 2003 that the identification and implementation of 
health care data, communications, and security standards--which are 
necessary to support interoperability of IT systems--remained 
incomplete across the health care industry. Further, while several 
standards-setting initiatives were underway, we raised concerns about 
the coordination of these initiatives. To address the challenges of 
coordinating and implementing a set of standards, we recommended that 
the Secretary of HHS, among other things, reach further consensus on 
the definition and use of standards, establish milestones for their 
definition and implementation, and create a mechanism to monitor their 
implementation throughout the health care industry. Following up on our 
recommendations, last summer we testified before your technology 
subcommittee, highlighting progress made in announcing additional 
standards and plans to incorporate standard setting initiatives into 
the federal health architecture. We also reported that progress in 
assuming leadership had occurred with the President's establishment of 
the National Coordinator for Health IT, but noted that it was essential 
to have continued leadership, clear direction, measurable goals, and 
mechanisms to monitor progress. 

In following up on our recommendations, we determined that HHS has 
taken several actions that should help to further define standards for 
the health care industry. First, the Office of the National Coordinator 
for Health Information Technology has assumed responsibility for 
developing a federal health architecture that is expected to, among 
other things, establish standards for interoperability and 
communication throughout the federal health community. Second, several 
HHS agencies continue to further define standards as part of the 
Framework for Strategic Action. For example, the Agency for Healthcare 
Research and Quality is working with the private sector to identify 
standards for clinical messaging, drugs, and biological products. 
Third, HHS expects to award a contract to develop and evaluate a 
process to unify and harmonize industry-wide information standards. 
Fourth, in July of this year, a public-private committee was formed to 
help transition the nation to electronic health records and to provide 
input and recommendations on the standards and other issues. 

Although the Coordinator has provided needed leadership and direction, 
much work remains to reach further consensus on the definition and use 
of standards. Until this successfully occurs and health IT standards 
are more fully implemented, federal agencies and others throughout the 
health care industry cannot ensure that their systems will be capable 
of exchanging data with other systems when needed, and consequently 
will not be able to reap the cost, clinical care, and public health 
benefits associated with interoperability. 

Background: 

According to the Institute of Medicine, health care delivery in the 
United States has long-standing problems with medical errors and 
inefficiencies that increase health care costs. The U.S. health care 
delivery system is an information-intensive industry that is complex 
and highly fragmented, with estimated spending of $1.7 trillion in 
2003. Hence, the uses of IT--in delivering clinical care, performing 
administrative functions, and supporting the public health 
infrastructure--have the potential to yield both cost savings and 
improvements in the care itself. Information technologies such as 
electronic health records (EHR)[Footnote 1] have been shown to save 
money and reduce medical errors. 

Key Standards for Health Care: 

IT standards, including data standards, enable the interoperability and 
portability[Footnote 2] of systems within and across organizations. 
Many different standards are required to develop interoperable health 
information systems. This reflects the complex nature of health care 
delivery in the United States.[Footnote 3]

Vocabulary standards, which provide common definitions and codes for 
medical terms and determine how information will be documented for 
diagnoses and procedures, are an important type of data standard. These 
standards are intended to lead to consistent descriptions of a 
patient's medical condition by all practitioners. The use of common 
terminology helps in the clinical care delivery process, enables 
consistent data analysis from organization to organization, and 
facilitates transmission of information. Without such standards, the 
terms used to describe the same diagnoses and procedures sometimes 
vary. For example, the condition known as hepatitis may also be 
described as a liver inflammation. The use of different terms to 
indicate the same condition or treatment complicates retrieval and 
reduces the reliability and consistency of data. 

In addition to vocabulary standards, messaging standards are important 
because they provide for the uniform and predictable electronic 
exchange of data by establishing the order and sequence of data during 
transmission. These standards dictate the segments in a specific 
medical transmission. For example, they might require the first segment 
to include the patient's name, hospital number, and birth date. A 
series of subsequent segments might transmit the results of a complete 
blood count, dictating one result (e.g., iron content) per segment. 
Messaging standards can be adopted to enable intelligible communication 
between organizations via the Internet or some other communications 
pathway. Without them, the interoperability of federal agencies' 
systems may be limited and may limit the exchange of data that are 
available for information sharing. In addition to vocabulary and 
messaging standards, there is also the need for a high degree of 
security and confidentiality to protect medical information from 
unauthorized disclosure. 

Need for Standards Has Been Recognized: 

The need for heath care standards has been recognized for a number of 
years. The development, approval, and adoption of standards for health 
IT is an ongoing, long-term process and includes federally mandated 
standards requirements and a voluntary consensus process within a 
market-based health care industry. The use of some standards, such as 
those defined by the Health Insurance Portability and Accountability 
Act of 1996 (HIPAA)[Footnote 4] and the Medicare Prescription Drug and 
Modernization Act of 2003[Footnote 5], is mandated by the federal 
government, while others are defined by standards development 
organizations such as the American Association of Medical 
Instrumentation and the National Council for Prescription Drug 
Programs. HHS identifies and researches standards defined by the 
organizations that develop them, and determines which of the approved 
ones are appropriate for use in federal agencies' health IT systems. 

In August 1996, Congress recognized the need for standards to improve 
the Medicare and Medicaid programs in particular and the efficiency and 
effectiveness of the health care system in general. It passed HIPAA, 
which calls for the industry to control the distribution and exchange 
of health care data and begin to adopt electronic data exchange 
standards to uniformly and securely exchange patient information. 
According to the National Committee on Vital and Health Statistics 
(NCVHS), significant progress has occurred on several HIPAA standards, 
however, the full economic benefits of administrative simplification 
will be realized only when all of them are in place. 

In 2000 and 2001, the NCVHS reported on the need for standards, 
highlighting the need for uniform standards for patient medical record 
information, and outlining a strategy that included their development 
and use. The Institute of Medicine and others had also reported on the 
lack of national standards for the coding and classification of 
clinical and other health care data, and for the secure transmission 
and sharing of such data. 

In 2001, the Office of Management and Budget created the Consolidated 
Health Informatics (CHI) initiative as one of its e-government projects 
to facilitate the adoption of data standards for, among others, health 
care systems within the federal government. The CHI initiative was an 
interagency work group led by HHS and composed of representatives from 
the Departments of Defense and Veterans Affairs, as well as other 
agencies. Recognizing the need to incorporate standards across federal 
health care systems, the group announced in March 2003 the adoption of 
5, and in May 2004 the adoption of another 15. Once federal agencies 
adopted the recommended standards, they were expected to incorporate 
them into their architectures and build systems accordingly. This 
expectation applied to all new systems acquisition and development 
projects. 

In April 2004, the President issued an executive order that called for 
the establishment of a National Coordinator for Health IT and the 
issuance of a strategic plan to guide the nationwide implementation of 
interoperable health information systems. The National Coordinator for 
Health IT was appointed in May 2004; in July 2004, HHS released a 
framework for strategic action--the first step toward a national 
strategy. The framework defines goals and strategies that are to be 
implemented in three phases. Phase I focuses on the development of 
market institutions[Footnote 6] to lower the risk of health IT 
procurement, phase II involves investment in clinical management tools 
and capabilities, and phase III supports the transition of the market 
to robust quality and performance accountability. The framework 
includes a commitment to standards and reiterates that a key component 
of progress towards interoperable health information systems is the 
development of technically sound interoperability standards. 

Actions Needed for Implementation of Health Information Technology 
Standards: 

In May 2003, we reported that federal agencies recognized the need for 
health care standards and were making efforts to strengthen and 
increase their use.[Footnote 7] However, while they had made progress 
in defining standards, the identification and implementation of data 
standards necessary to support interoperability were incomplete across 
the health care sector. 

First, agencies lacked mechanisms that could coordinate their various 
efforts so as to accelerate the completion of standards development and 
ensure consensus among stakeholders. The process of developing health 
care data standards involves many diverse entities, such as individual 
and group practices, software developers, domain-specific professional 
associations, and allied health services. This fragmentation slowed the 
dissemination and adoption of standards by making it difficult to 
convene all of the relevant stakeholders and subject matter experts in 
standards development meetings and to reach consensus within a 
reasonable period of time. 

Second, not all of the federal government's standard setting 
initiatives had milestones associated with efforts to define and 
implement standards. For example, while the CHI initiative--the primary 
initiative to establish standards for federal health programs--had 
announced several standards and implementation requirements for health 
care information exchange, it had not yet established milestones for 
future announcements. 

Finally, there was no mechanism to monitor the implementation of 
standards throughout the health care industry. NCVHS had reported on a 
need for a mechanism, such as compliance testing, to ensure that health 
care standards were uniformly adopted as part of a national strategy, 
but without an implementation mechanism and leadership at the national 
level, problems associated with systems' incompatibility and lack of 
interoperability would persist throughout the different levels of 
government and the private sector and, consequently, throughout the 
health care sector. 

We stated that until these challenges were addressed, agencies risked 
promulgating piecemeal and disparate systems unable to exchange data 
with each other when needed, and that this could hinder the prompt and 
accurate detection of public health threats. We recommended that the 
Secretary of HHS define activities for ensuring that the various 
standards-setting organizations coordinate their efforts and reach 
further consensus on the definition and use of standards; establish 
milestones for defining and implementing standards; and create a 
mechanism to monitor the implementation of standards through the health 
care industry. 

Following up on our recommendations, we testified in July 2004 on HHS's 
efforts to identify applicable standards throughout the health care 
industry and across federal health care programs.[Footnote 8] Progress 
was continuing with the establishment of the National Coordinator for 
Health IT, who, among other things, assumed federal leadership to 
expedite the standards development process in order to accelerate the 
use of EHRs. The Coordinator also assumed responsibility for 
identifying standards for federal health programs as part of the CHI 
initiative. While plans for the CHI initiative called for it to be 
incorporated into HHS's Federal Health Architecture[Footnote 9] by 
September 2004, many issues--such as coordination of the various 
standards-setting efforts and implementation of the standards that had 
been identified--were still works in progress. We reiterated our 
conclusions that unless these standards were more fully implemented, 
federal agencies and others throughout the health care industry could 
not ensure that their systems would be capable of exchanging data with 
other systems when needed. Further, we concluded that as federal health 
IT initiatives moved forward, it would be essential to have continued 
leadership, clear direction, measurable goals, and mechanisms to 
monitor progress. 

In June of this year, we issued a report to this committee on the 
challenges faced by federal agencies in implementing the public health 
infrastructure.[Footnote 10] We reported that, among others, HHS's 
Centers for Disease Control and Prevention and the Department of 
Homeland Security faced challenges developing and adopting consistent 
standards to encourage interoperability of public health initiatives. 

Recent Actions Taken by HHS to Develop Health Information Technology 
Standards: 

Following up on our recommendations, we reported in May 2005 that HHS 
was working towards a national strategy for health IT that called for a 
sustained set of actions to help to further define standards for the 
health care industry. The Office of the National Coordinator for Health 
IT is now responsible for the FHA program, which is to provide the 
structure or "architecture" for collaboration and interoperability 
among federal health efforts. FHA partners are responsible for 
improving coordination and collaboration on federal health IT 
investments and improving efficiency, standardization, reliability, and 
availability of comprehensive health information solutions. This fall, 
HHS plans to produce the first release of an information architecture 
for the federal health enterprise. This release will contain 
foundational elements to support the development and evolution of the 
full architecture, which will occur over several years. In addition, 
the CHI activities are now moving forward under the FHA. HHS, through 
the CHI initiative, is encouraging the implementation of standards 
within the federal government to order to catalyze private sector 
action in this area. Progress towards achieving standards and policies 
is a key component of progress toward the implementation of a national 
strategy that provides interoperable health IT systems. 

The framework also builds upon already existing work in HHS divisions 
and includes plans to identify and learn from agencies' experiences. 
HHS divisions have been and continue to be responsible for selecting 
and adopting standards. Among other activities: 

* The Agency for Healthcare Research and Quality is working to identify 
and establish clinical standards and research to help accelerate the 
adoption of interoperable health IT systems, including industry 
clinical messaging and terminology standards, national standard 
nomenclature for drugs and biological products, and standards related 
to clinical terminology. 

* The Centers for Medicare and Medicaid are responsible for identifying 
and adopting standards for e-prescribing and for implementing the 
administrative simplification provisions of HIPAA, including electronic 
transactions and code sets, security, and identifiers. 

* The National Institutes of Health's National Library of Medicine is 
working on the implementation of standard clinical vocabularies, 
including support for and development of selected standard clinical 
vocabularies to enable ongoing maintenance and free use within the 
United States' health communities, both private and public. In 2003, 
the National Library of Medicine obtained a perpetual license for the 
Systematized Nomenclature of Medicine (SNOMED)[Footnote 11] standard 
and ongoing updates, making SNOMED available to U.S. users. Other 
efforts at the National Library of Medicine include the uniform 
distribution and mapping of HIPAA code sets, standard vocabularies, and 
Health Level 7[Footnote 12] code sets. 

* The Centers for Disease Control and Prevention, through its Public 
Health Information Network initiative, is working on the development of 
shared data models, data standards, and controlled vocabularies for 
electronic laboratory reporting and public health information exchange 
that are compatible with federal standards activities such as CHI. 

* The Food and Drug Administration and the National Institutes of 
Health, together with the Clinical Data Interchange Standards 
Consortium (a group of over 40 pharmaceutical companies and clinical 
research organizations), have developed a standard for representing 
observations made in clinical trials--the Study Data Tabulation Model. 

HHS expects to award a contract to develop and evaluate a process to 
unify and harmonize industry-wide information standards. In June 2005, 
HHS issued four requests for proposals (RFPs)[Footnote 13]. The 
department also expects to award contracts based on these proposals by 
October 2005. The proposals focus on four areas, including the 
development of a process to unify and harmonize industry-wide health 
information standards development, maintenance and refinements over 
time. The standards-focused RFP states that the current landscape of 
standards does not ensure interoperability due to many factors such as 
conflicting and incomplete standards. The other RFPs include (1) the 
development of a certification process for health IT to assure 
consistency with standards, (2) the development of prototypes for a 
nationwide health information network architecture for widespread 
health information exchange, and (3) an assessment of variations in 
organization-level business policies and state laws that affect privacy 
and security practices. 

In addition, in July of this year, HHS announced plans for a public- 
private committee--known as the American Health Information Community-
-to help transition the nation to electronic health records and to 
provide input and recommendations on standards. Chaired by the 
Secretary of HHS, it will provide input and recommendations on use of 
common standards and how interoperability among EHRs can be achieved 
while assuring that the privacy and security of those records are 
protected. HHS is also working with other private sector groups to 
develop standards and certification requirements for EHR functionality 
in order to reduce the risk of implementation failure. 

The importance of a national health information network that integrates 
interoperable databases was just recently highlighted when the Office 
of the National Coordinator for Health IT facilitated the rapid 
development of a Web-base portal to access prescription information for 
Katrina evacuees. This online service is to allow authorized health 
professionals to access medication and dosage information from anywhere 
in the country. A broad group of commercial pharmacies, government 
health insurance programs such as Medicaid, private insurers, and 
others compiled and made accessible the prescription data. Although the 
scope of this effort is much smaller than the national network and 
comprehensive EHRs (which contain much more than prescription 
information) envisioned, it demonstrates the need called for by the 
President. 

In summary, identifying and implementing health IT standards is 
essential to achieving interoperable systems and data in the health 
care industry and is critical in the pursuit of effective EHRs and 
public health systems. Although federal leadership has been established 
and plans and several actions have positioned HHS to further define and 
implement relevant standards, consensus on the definition and use of 
standards still needs to occur. Otherwise, the health care industry 
will continue to be plagued with incompatible systems that are 
incapable of exchanging key data that is critical to delivering care 
and responding to public health emergencies. HHS needs to provide 
continued leadership, sustained focus and attention, and mechanisms to 
monitor progress in order to bring about measurable improvements and 
achieve the President's goals. 

Mr. Chairman, this concludes my statement. I would be happy to answer 
any questions that you or members of the committee may have at this 
time. 

Contacts and Acknowledgements: 

If you should have any questions about this testimony, please contact 
me at (202) 512-9286 or by e-mail at powderd@gao.gov. Other individuals 
who made key contributions to this testimony are M. Yvonne Sanchez, 
Assistant Director, and Amos Tevelow. 

FOOTNOTES

[1] There is a lack of consensus on what constitutes an EHR, and thus 
multiple definitions and names exist for EHRs, depending on the 
functions included. An EHR generally includes (1) a longitudinal 
collection of electronic health information about the health of an 
individual or the care provided, (2) immediate electronic access to 
patient-and population-level information by authorized users, (3) 
decision support to enhance the quality, safety, and efficiency of 
patient care, and (4) support of efficient processes for health care 
delivery. 

[2] Interoperability is the ability of two or more systems or 
components to exchange information and to use the information that has 
been exchanged. Portability is the degree to which a computer program 
can be transferred from one hardware configuration or software 
environment to another. 

[3] GAO, Automated Medical Records: Leadership Needed to Expedite 
Standards Development, GAO/IMTEC-93-17 (Washington, D.C.: April 30, 
1993). 

[4] Public Law 104-191, sec 262 (1996). 

[5] Public Law 108-173 (2003). 

[6] According to HHS, market institutions include certification 
organizations, group purchasing entities, and low-cost implementation 
support organizations that do not currently exist but are necessary to 
support clinicians as they procure and use IT. 

[7] GAO, Bioterrorism: Information Technology Strategy Could Strengthen 
Federal Agencies' Abilities to Respond to Public Health Emergencies, 
GAO-03-139 (Washington, D.C.: May 30, 2003). 

[8] GAO, Health Care: National Strategy Needed to Accelerate the 
Implementation of Information Technology, GAO-04-947T (Washington, 
D.C.: July 14, 2004). 

[9] FHA was initiated in 2003 in HHS's Office of the Chief Information 
Officer. It is intended to provide a structure for bringing HHS's 
divisions and other federal departments together, initially targeting 
standards for enabling interoperability. The FHA program is supported 
by four advisory work groups. 

[10] GAO, Information Technology: Federal Agencies Face Challenges in 
Implementing Initiatives to Improve Public Health Infrastructure, GAO- 
05-308 (Washington, D.C.: June10, 2005). 

[11] SNOMED is a nomenclature classification for indexing medical 
vocabulary, including signs, symptoms, diagnoses, and procedures. It 
was adopted as a CHI standard in May 2004. 

[12] HL7 is a standards development organization that creates message 
format standards for electronic exchange of health information 

[13] In November 2004, HHS issued a request for information seeking 
public input and ideas for developing a national health information 
network and received over 500 responses.