Health Care Information Technology: What are the Opportunities for and Barriers to Interoperable Health Information Technology Systems?

Introduction

Representative Wu and Representative Reichert, I am William Jeffrey, Director of the National Institute of Standards and Technology (NIST), part of the Technology Administration of the Department of Commerce. I am pleased to be offered the opportunity to add to this discussion regarding health information technology.

I will focus my testimony on NIST’s role in meeting the challenges we are facing as we incorporate advances in information technology to the healthcare enterprise, critical to improving values in the nation’s healthcare spending, now over 16% of the GDP.¹

Our nation enjoys the best medical care and the brightest medical personnel in the world. Nonetheless, the enterprise is fraught with poor coordination, inefficiencies in administration, and avoidable medical errors. Studies suggest that between 44,000 and 98,000 Americans die each year from inpatient medical errors²; more than 770,000 people are injured or die each year in hospitals from adverse drug events, which may cost up to $5.6 million each year per hospital depending on hospital size³; and a significant annual expenditure on treatments that may not improve health, may be redundant, or may be inappropriate.

Today, we have new technological opportunities to address these problems. The President’s Health Information Technology Plan, with the ultimate mandate of making our country’s premier healthcare system safer, more affordable, and more accessible through the utilization of information technology (IT), is designed to overcome all of these trends, which are closely related to failure to adequately develop and adopt information technology for the healthcare system. In particular, the President has called for ensuring that most Americans have electronic health records within the next ten years and for the development of an internet-based Nationwide Health Information Network to connect patients, practitioners, and payers. These initiatives will reduce redundancies and save administrative time, and could greatly improve patient safety and quality of care.

When the President’s vision is realized:

• consumers will have their choice of providers and will be able to move seamlessly between practitioners without loss of information;
• clinicians will have information needed when and where it is needed, that is, at the point of care;
• payers will benefit through the economic efficiencies of fewer errors and less redundant testing; and
• public health officials will benefit from more efficient and effective reporting, surveillance, and quality monitoring.

To meet these goals, the Office of the National Coordinator for Health Information Technology (ONC) was created in the Department of Health and Human Services in response to Executive Order 13335, April 27, 2004. I am pleased that NIST has the opportunity to assist ONC realize this vision. NIST is contributing through NIST laboratory activities in measurement and consensus based standards and by direct collaboration with ONC.

Standards and measurements go directly to the heart of NIST’s core mission. In fiscal year 2005, NIST health related projects encompassed many areas of the healthcare sector, including screening and prevention, diagnostics, treatments, dentistry, quality assurance, bioimaging, systems biology, and clinical informatics. Also, NIST has a long and effective history in working with health-related organizations to improve our nation’s healthcare system. Building on those collaborations, NIST and HHS signed an interagency agreement in September 2005 to support ONC in realizing the President’s health IT goals. Since the signing of the interagency agreement, NIST has been providing technical expertise to the ONC in areas such as standards harmonization, developing procedures for certifying conformance, developing performance and conformance metrics, developing the architecture management system for the nationwide health information network.

NIST Laboratory Activities in Health IT

NIST works with industry, government, and academia to establish consensus-based standards, develop associated test metrics to ensure that devices perform according to the defined standards, and establish comprehensive certification capabilities for the IT industry. NIST has for many years focused on developing metrics for the information technology industry. We develop tests and diagnostic tools for building robust and interoperable systems. Applying such tools early in the life cycle process helps industry determine whether its products conform to the standard, and ultimately, will interoperate with other products. In addition, the development and use of these metrology tools fosters thorough review of the standards, which will, in turn, aid in resolving errors and ambiguities.

a=Standards Harmonization

In accordance with the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) and Administration policies, NIST supports the development of voluntary industry standards both nationally and internationally as the preferred source of standards to be used by the Federal government. NIST collaborates with national and international standards committees, users, industry groups, consortia, and research and trade organizations, to get needed standards developed.

As a matter of policy, NIST encourages and supports participation of researchers in standards developing activities related to the mission of the Institute. More than a quarter of NIST’s technical staff – 381 employees - participate in standards developing activities of 97 organizations. These include U.S. private sector standardization bodies, industry consortia, and international organizations. NIST staff members hold 1328 committee memberships and chair 161 standards committees.

NIST is helping ONC in establishing the Health Information Technology Standards Panel. Supported by an ONC contract with the American National Standards Institute (ANSI), the Panel is working to harmonize standards in the health IT arena, the NIST staff also participates in the following key IT standards-related efforts:

• American National Standards Institute (ANSI) Healthcare Information Technology Standards Panel (HITSP)
• ASTM International—Operating Room of the Future
• American Telemedicine Association (ATA)
• Federal Health Architecture/Consolidated Health Informatics (FHA/CHI)
• Medical Device Communications, Wireless Networks of the Institute of Electrical and Electronics Engineers (IEEE)
• Healthcare Information and Management Systems Society/ Integrating the Healthcare Enterprise (HIMSS/IHE)
• Health Level 7 (HL7)

Performance and Conformance Metrics for Health Information Technology

NIST works with industry to establish credible, cost-effective metrics to demonstrate software interoperability and conformance to particular standards. These metrics often form the basis or criteria upon which certifications are based. Typical NIST metrics include models, simulations, reference implementations, test suites, and testbeds.

Specific activities in support of health information technology include:

Electronic Health Records (EHR): Having access to complete patient health information is critical to improving clinical care and reducing medical errors and costs of care. The EHR is a longitudinal collection of patient-centric, healthcare information, available across providers, care settings, and time. It is a central component of an integrated health information system. NIST is collaborating with organizations in both the public and private sectors in achieving the benefits of EHRs and overcoming the barriers to their acquisition and use. In particular, NIST leads the effort in HL7 to define conformance and develop conformance criteria for EHR systems. NIST authored the conformance chapter of the draft standard for trial use and developed guidance (a How to Guide) for writing conformance criteria, thus teaching the community how to do this for themselves. The EHR conformance criteria and those being developed by the Certification Commission for Health Information Technology (CCHIT) form the basis for HER certification efforts.

HIMSS/IHE: A key problem today in the realization of Electronic Health Records for the patient’s continuity of care is the inability to share patient records across disparate enterprises. To address this problem, NIST is collaborating with industry to develop standardized approaches to sharing electronic clinical documents across healthcare organizations and providers. NIST staff have built reference implementations and developed validation tools to demonstrate the feasibility and correctness of implementations, and worked with implementers to create integrated solutions based on these approaches. In particular, NIST is collaborating with the ‘Integrating the Healthcare Enterprise’ (IHE) project sponsored by the Radiological Society of North America, Healthcare Information and Management Systems Society (HIMSS) and the

American College of Cardiology: The goal is to develop an approach called Cross- Enterprise Document Sharing (XDS). This standards-based approach provides a mechanism to access a patient’s multi-faceted clinical information, regardless of where it is physically located, while maintaining local control and ownership of that information and without compromising the privacy and security of the patient’s health information.

HL7 Messaging Standards: Health Level 7 is a standards development organization that provides standards for the exchange, management, and integration of data that support clinical patient care and the management, delivery, and evaluation of healthcare services. NIST is collaborating with HL7 to improve current and future deployment of HL7 and to achieve healthcare information systems interoperability and sharing of electronic health information. To achieve this goal, NIST leads the effort to ensure that HL7 conformance can be defined and measured at appropriate levels, by: 1) defining conformance for standards and ensuring that requirements are precise and testable; and 2) building tools that will promote consistent definitions and use of messages. Additionally, NIST is developing a conformance-testing tool that automatically generates test messages for HL7 Version 2 message specifications.

Medical Device Information: In a typical intensive care unit (ICU), a patient may be connected to one or more vital-sign monitors and receive medicine or other fluids through multiple infusion pumps. Devices such as ventilators, defibrillators, or hemodialysis machines may also support more acutely ill patients. Each of these medical devices has the ability to capture data. NIST is collaborating with the Institute of Electrical and Electronics Engineers (IEEE) Medical Device Communications work group and the IHE Patient Care Device project, sponsored by IHE and the American College of Clinical Engineering to develop conformance tests and associated tools that facilitate the development and adoption of standards for communicating medical device data throughout the healthcare enterprise as well as integrating it into the electronic health record.

Operating Room of the Future: It is estimated that 10-20% of hospital errors occur in the perioperative environment (before, during, and after surgery). Technology can play a major role in increasing the overall patient safety in such situations through the development of the operating room of the future (ORF). The ORF will consist of a network of interoperable plug and play medical devices, where the utilization of advanced technologies, such as robot-assisted surgery, sensor fusion, virtual reality, workflow integration, and surgical informatics, will result in a higher quality of healthcare by considerably increasing patient safety. NIST is working with the Center for the Integration of Medicine and Information Technology (CIMIT) in the development of an architectural framework for medical device integration, development of clinical requirements for device plug-and-play standards, identification of current interfaces, and development, testing, and simulation of interfaces.

Clinical Informatics: Building on past experience in information modeling and research to support interchange standards for the manufacturing industry, NIST has prepared a comprehensive report of all clinical information-oriented standards, their development organizations, their scope, and the vocabularies/ontologies they employ.⁴ NIST will use the report as the basis for developing a plan for applying NIST’s experience to assist in clinical information-oriented standards development and closer harmonization.

WPAN’s for Health Information: NIST is assisting industry in the development of a universal and interoperable wireless interface for medical equipment, expediting the development of standards for wireless technologies, and promoting their use in the healthcare environment. In close collaboration with the IEEE and the U.S. Food and Drug Administration, NIST developed theoretical and simulation models for two candidate Wireless Personal Area Network (WPAN) technologies including the Bluetooth and the IEEE 802.15.4 specifications. NIST evaluated their performance for several realistic healthcare scenarios and contributed our results to the appropriate IEEE working group. NIST contributions will constitute the basis of standard requirements on the use of wireless communications for medical devices.

Certification

NIST has an established history of developing procedures for certifying conformance to consensus-based standards. Conformity assessment activities form a vital link between standards that define necessary characteristics or requirements for software products and the performance of the products themselves. Conformity assessment procedures provide a means of ensuring that the products, services, or systems produced or operated have the required characteristics, and that these characteristics are consistent from product to product, service to service, or system to system. Conformity assessment includes: sampling and testing; inspection; certification; management system assessment and registration; accreditation of the competence of those activities; and recognition of an accreditation program's capability. NIST has been in the certification business since its inception in 1901 and is well positioned to provide technical guidance in the development of a technical certification regimen, including specific certification metrics, software to perform comprehensive certification tests, and certification procedures.

Security

For many years, NIST has made great contributions to help secure our nation’s sensitive information and information systems. Our work has paralleled the evolution of IT systems, initially focused principally on mainframe computers, now encompassing today’s wide gamut of information technology devices. Our important responsibilities were re-affirmed by Congress with passage of the Federal Information Security Management Act (FISMA) of 2002 and the Cyber Security Research and Development Act of 2002.

Beyond our role to serve the Agencies under FISMA, our Federal Information Processing Standards (FIPS) and guidelines are often used voluntarily by U.S. industry, global industry, and foreign governments as sources of information and direction for securing information systems. Our research also contributes to securing the nation’s critical infrastructure systems. Moreover,NIST has an active role in both national and international standards organizations in promoting the interests of security and U.S. industry. Current areas that are applicable to a Nationwide Health Information Network (NHIN) include:

• Cryptographic Standards and Applications
• Security Testing
• Security Research/ Emerging Technologies

Recent activities specifically related to health IT include:

Guidance for Understanding the HIPAA Security Rule: The Security Rule issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) directs certain health care entities, known as “covered entities,” to comply with standards for keeping certain health information that is in secure electronic form. NIST has published a document, An Introductory Resource Guide for Implementing the HIPAA Security Rule that summarizes and clarifies the HIPAA Security Rule requirements for agencies that are covered entities. It also directs readers to other NIST publications that can be useful in implementing the Security Rule.

Healthcare Accreditation Guidance: NIST in conjunction with URAC and the Workgroup of Electronic Data Interchange (WEDI) sponsors the NIST/URAC/WEDI Health Care Security Workgroup. The group promotes the implementation of a uniform approach to security practices and assessments by developing white papers, crosswalks (of regulations and standards), and educational programs. The group brings together stakeholders from the public and private sectors to facilitate communication and consensus on best practices for information security in healthcare. Ultimately, these best practices will be integrated into accreditation criteria used by hospitals and other healthcare facilities. The group draws heavily upon information technology security standards and guidelines developed by NIST.

NIST Collaboration with the ONC

NIST is committed to supporting the ONC in the implementation of the President’s Health IT initiative. Even prior to the interagency agreement NIST and many other federal departments and agencies provided assistance to the ONC in serving on the review task force for responses to a Request for Information (RFI) on implementation of a nationwide health information network and in assisting with subsequent Request For Proposals (RFPs) issued by the ONC.

Following are current areas of collaboration:

a) The American Health Information Community (The Community)

HHS Secretary Leavitt has convened the American Health Information Community (the Community) to help advance efforts to reach President Bush’s call for electronic health records and a nationwide health information network. The Community is a federal advisory committee and will provide input and recommendations to HHS on how to make health records digital and interoperable, and to assure that the privacy and security of those records are protected, in a smooth, market-led way.

The Community agreed to form workgroups in the following areas: biosurveillance, consumer empowerment, chronic care, and electronic health records. These workgroups will make recommendations to the Community that will produce concrete results that are tangible and offer specific value to the health care consumer that can be realized within a one-year period. NIST has formal representation on three of these groups.

b.) Standards Harmonization

HHS has awarded a contract to the American National Standards Institute (ANSI), a non-profit organization that administers and coordinates the U.S. voluntary standardization activities, to convene the Healthcare Information Technology Standards Panel (HITSP). The HITSP will bring together US standards development organizations (SDOs) and other stakeholders to develop, prototype, and evaluate a harmonization process for achieving a widely accepted and useful set of health IT standards that will support interoperability among health care software applications, particularly EHRs. This activity is fundamental to the success of widespread interoperability, the seamless and secure exchange of patient information electronically, and will overcome today’s scenario of many standards for health information exchange, but with variations and gaps that hinder interoperability and the widespread adoption of health IT.

NIST, as with many other federal agencies, is a member of the Healthcare Information Technology Standards Panel. NIST is helping ONC in establishing the Health Information Technology Standards Panel. In addition, NIST is working with HHS to develop a strategy to promote voluntary consensus standards across both the private and public sectors. As part of this process towards standardization of health information, NIST will continue to work with the ONC’s Office of Interoperability and Standards to develop appropriate implementation strategies for healthcare IT standards. This will include consideration of the development, when appropriate, of Federal Information Processing Standards and guidance to agencies through NIST Special Publications for adopted standards. This will help the government to achieve a greater level of interoperability of health data.

c.) Assist in the Development of Procedures for Certifying Conformance

HHS has awarded a contract to the Certification Commission for Health Information Technology (CCHIT) to develop criteria and evaluation processes for certifying EHRs and the infrastructure or network components through which they interoperate. CCHIT is a private, non-profit organization established to develop an efficient, credible, and sustainable mechanism for certifying health care information technology products. This initiative addresses the problem that there are more then 200 EHR products on the market, but no criteria exist for objectively evaluating product capabilities. Similarly, criteria are not available by which communication architectures can be standardized in a way to permit two different EHRs to communicate.

A cross-disciplinary team of NIST researchers serves as a technical advisory committee to support the CCHIT in tasks including functional criteria and test methods, general test procedures, accreditation, security, selection of jurors, and statistical tests of juror bias.

Additional areas for interaction are being defined as the collaboration continues. In addition, the EHR conformance criteria, developed under NIST leadership, form the basis for CCHIT’s certification efforts.

d.) Develop Performance and Conformance Metrics

In a Nationwide Health Information Network, consumers, practitioners, researchers, and payers must have tools, systems, and information that are complete, correct, secure, and interoperable. Compliance to specific standards and regulations is the key to the development and implementation of this network. In addition, there must be a way to determine that the standards and regulations have been fulfilled. This is accomplished through conformance testing, a procedure to provide a means to ensure that products, services, or systems produced or operated have the requisite characteristics, and that these characteristics are consistent from product to product, service to service, or system to system.

NIST is collaborating with the ONC to help enable conformance testing to provide assurances that healthcare information technology products and infrastructure components deliver the functionality necessary for interoperability. NIST will work to help the community understand the current state of conformance testing within health information technology markets as well as what will be needed to test conformance of products for suitability, quality, interoperability, and data portability so that the risk now assumed by health IT purchasers will be mitigated and the adoption of robust, interoperable information technologies will be accelerated throughout the healthcare system of the United States.

e.) Provide Technical Expertise for a Nationwide Health Information Network

Four groups of healthcare and health information technology organizations have been awarded contracts by ONC to develop prototypes for a Nationwide Health Information Network (NHIN) architecture. These four consortia will bring together hospitals, laboratories, and healthcare providers with technology developers that will lead the healthcare industry to develop a uniform architecture for health care information that can follow consumers throughout their lives.

To manage the content of the four prototypes being proposed, a NIST team is working with ONC to create an architecture management system that will serve as a repository for all the final architectural elements, including but not limited to: user requirements, conformance testing requirements, functional specifications, and high level standards used. This system will also help manage the inter-relationships between all elements, which will aid in the development of the Nationwide Health Information Network. This architecture management system can be compared to a blueprint for building a house.

f.) Interagency Health IT Policy Council

Secretary Leavitt has established an Interagency Health Information Technology Policy Council (the Council) with in ONC to coordinate health information technology policy decisions across federal departments and entities that will drive action necessary to realize the President’s goals of widespread health IT adoption. The Council brings together representatives from various entities within HHS and elsewhere in the government for the purpose of advancing both short-term and long-term health IT policy. The initial focus of the Council is to establish a strategic direction for policy and to identify accelerators to support the Community breakthroughs. NIST will participate as a member agency on this Council.

Conclusion

As the Committee can see by the few examples I have cited, NIST has a diverse portfolio of activities supporting our nation’s health information technology effort. With its long experience as well as a broad array of expertise both in its laboratories and in its collaborations with other government agencies and the private sector, NIST is poised to help facilitate the harmonization of the many ongoing efforts, which together contribute to achieving the President’s goal for developing both electronic health records and the establishment of a Nationwide Health Information Network.

Once again thank you for inviting me to testify about NIST’s activities and I will be happy to answer any questions you may have.

¹ Smith, Cynthia, Cathy Cowan, Stephen Heffler, Aaron Caitlin and the National Health Accounts Team, National Health Spending in 2004: Recent Slowdown Led By Prescription Drug Spending. 25 HEALTH AFFAIRS 186 January/February 2006.

² Kohn, L.T., J. Corrigan, and M.S. Donaldson. To Err Is Human: Building a Safer Health System. National Academy Press: Washington, D.C., 2000.

³ Agency for Healthcare Quality and Research, http://www.ahrq.gov/qual/aderia/aderia.htm.

⁴ Bock, C., L. Carnahan, S. Fenves, M. Gruninger, V. Kashyap, B. Lide, J. Nell, R. Raman, R. Sriram. Healthcare Strategic Focus Area: Clinical Informatics. National Institute of Standards and Technology: NISTIR 7263, 2005.