Health Information Technology

Introduction

Chairman Ensign and Members of the Committee, I am Hratch Semerjian, acting Director of the National Institute of Standards and Technology (NIST), part of the Technology Administration of the Department of Commerce. I am pleased to be offered the opportunity to add to this discussion regarding health information technology.

I will focus my testimony on the role that timely and reliable measurement and consensus based standards can play in increasing the accuracy, privacy, security, and reliability of health information to meet the President's mandate to make our country's premier healthcare system safer, more affordable, and more accessible through the utilization of information technology (IT). A cultural transformation of our nation's $1.9 trillion¹ national healthcare system can reverse troubling statistics such as 44,000 – 98,000 Americans dying each year from inpatient medical errors²; Americans are being injured or are dying each year from adverse drug events³; and a significant annual expenditure on treatments that may not improve health, may be redundant, or may be inappropriate.

As a result of the President's initiative, the nation will have a healthcare revolution that will connect IT systems for payment, prescriptions, and patient care. In order for this model to succeed, it will require interoperable IT standards and clinical diagnostic tools that are technically sound, robustly specified, and traceable to national standards and reference materials.

These standards and measurements go directly to the heart of NIST's core metrology mission. Several years ago, NIST recognized the growing importance of critical measurements and standards needed to advance the healthcare industry, and improve the quality and cost-effectiveness of health care delivery systems. Accordingly, NIST established a cross-disciplinary effort to address these needs. While a good portion of NIST healthcare portfolio makes a priority of providing the healthcare community with standards and diagnostic tools, our involvement is actually much broader. NIST has a long and effective history in working with health-related organizations to improve our nation's healthcare system.

In fiscal year 2005, NIST health related projects encompassed many areas of the healthcare sector, including screening and prevention, diagnostics, treatments, dentistry, quality assurance, bioimaging, systems biology, and clinical informatics. Recognizing the importance of this area and NIST's crucial responsibilities, President Bush has requested an additional $7.2 million for this area for fiscal year 2006. In all aspects of this Strategic Focus Area in healthcare related activities, NIST recognizes the importance of directly addressing the needs of the doctors, clinics, and patients.

NIST's experience in managing the Baldrige National Quality Program, which promotes performance excellence among U.S. manufacturers, service companies, educational institutions, and health care providers, is another way in which NIST stays connected with health-related organizations. A large number of healthcare providers now are using or beginning to learn more about the Baldrige Quality Program as a framework for performance excellence within their organizations. The ways in which organizations manage and protect critical, electronic healthcare information and use IT systems to improve their performance is a major aspect of the Baldrige Health Care Criteria. Dealing with this sector and its senior leaders closely has provided NIST special insight into how these organizations operate and their special needs.

NIST is committed to supporting the Department of Health and Human Services (HHS) in the implementation of the President's Health IT initiative. Commerce Secretary Gutierrez and NIST stand ready to be helpful in ensuring the success of the President's initiative. Secretary Leavitt is aware of NIST's capabilities and we look forward to his guidance as to how we can best utilize our resources to assist the initiative.

As you know the President has set a goal of widespread adoption of electronic health records within 10 years so that health information will follow patients throughout their care in a seamless and secure manner. To achieve this goal, NIST and the Department of Health and Human Services have developed strategic partnership that leverages each Department's core expertise and resources to facilitate science and technology innovation to improve human health and the U.S. economy. This agreement to work together on the key actions that will enable us to achieve the President's goal, which the HHS witnesses will discuss in more detail, builds upon already-existing and successful collaborations between NIST and HHS in cancer research and treatment, standards for medical devices, and a host of other areas.

To assist HHS in the first phase of NHIN development, NIST will:

• Assist in evaluating responses to the Request For Proposals (RFP) recently issued by HHS;
• Provide technical expertise for Nationwide Health Information Network (NHIN) architecture;
• Assist in Standards Harmonization;
• Develop Performance and Conformance Metrics for NHIN;
• Assist in the development of procedures for certifying conformance;
• Provide guidance for Security

Specifically, HHS is soliciting proposals for a series of government contracts that will help advance health IT adoption. To support this effort in the near term, NIST has been asked to participate in the review and evaluation of responses to the Request For Proposals and will work in a technical advisory capacity to the contractors selected, as requested by the HHS National Coordinator for Health IT. To support the long-term vision of a NHIN where clinicians, laboratories, pharmacies, and patients have secure access to key medical information, NIST will continue its research with standards and emerging technologies, and provide testbeds for technology evaluation and standards harmonization for the NHIN.

NIST is uniquely situated to contribute significantly to the advancement of this plan. NIST draws upon the expertise that exists in many of its programs. NIST's scientific measurement laboratories respond to the measurement, standards and technology needs of US industry, Government, and academia. NIST's industrial programs seek to further US technology development, as well as help ensure the growth of US small manufacturers, and have developed rigorous review and evaluation procedures for responses to open solicitations.

As the lead federal agency for measurements and standards, NIST has a long and successful history of collaborating with industry sectors to respond to their needs and is poised to be successful in a strong collaboration with both industry and government partners in the development of widespread interoperability of healthcare applications. It bears repeating that in all aspects our healthcare related activities, NIST recognizes the importance of directly addressing the needs of the doctors, clinics, and patients

In the remainder of my testimony, I will provide details on NIST's track record in evaluating technical proposals and in IT standards harmonization, certification, accreditation, and measurement science to support the rigorous testing that is required for the development of the NHIN. The real value of a health IT system will only be achieved if such systems are interoperable and electronic connectivity is achieved, so that clinicians have key information, related to past patient experiences, laboratory results, and prescriptions, when and where it is needed—at the point of care. The development of such a health IT system will depend upon interoperability standards and clinical diagnostic tools that are technically sound, robustly specified, and traceable to national standards and reference materials. It is critical that all systems be secure and reliable.

Sometimes, it is literally a matter of life and death.

Based on many decades of expertise in information technology, clinical measurements and decision support, NIST will contribute to both the short-term and long-term goals of establishing a National Health Information Network.

NIST Experience in Evaluating Responses to RFPs

NIST has valuable experience reviewing requests for proposals in several of its programs, including the Advanced Technology Program's Information Infrastructure for Healthcare. NIST evaluates each submission against specific criteria, locating appropriate reviewers for technology areas represented, formulating Source Evaluation Boards as decision-making bodies, maintaining confidentiality of proprietary information, securely moving large number of documents and maintaining complete and accurate records, providing each submission full consideration and fair treatment, and providing unsuccessful candidates in-depth debriefings. A recent National Academy of Sciences report applauds NIST for its effectiveness and efficiency in this effort. Those capabilities will assist HHS in making very important health information technology awards.

Secondly, NIST researchers have specific technical and business expertise that would add value to the review and evaluation of the submissions to the current RFP's. This expertise spans broad areas of healthcare informatics and includes, but is not limited to: architectures, networks, interoperability, security and privacy, electronic health records, automation of clinical notes, expert alert systems, decision support systems, telemedicine, virtual reality training modules and simulation of minimally invasive surgery.

NIST Technical Expertise for NHIN Architecture

NIST works with industry, government, and academia to establish consensus-based standards, develop associated test metrics to ensure that implementations or devices perform according to the defined standard, and establish comprehensive certification capabilities for the IT industry. NIST has for many years been focused on developing metrics for the information technology industry. We develop tests and diagnostic tools for building robust, interoperable, commercial solutions. Applying such tools early in the life cycle process helps industry determine whether its products conform to the standard, and ultimately, will interoperate with other products. In addition, the development and use of these metrology tools fosters thorough review of the standard, which will, in turn, aid in resolving errors and ambiguities. The integration of information technology into the health industry has the potential to reduce medical costs by as much as 20 percent, a significant savings in an annual healthcare bill that was 14.9% of the GDP $1.6 trillion—in 2002⁴, estimated to be 1.9 trillion in 2005⁵ and projected to rise to 3.6 trillion by 2014⁶.

a) Standards Harmonization

As the U.S. National Measurement Institute, NIST is frequently looked to for research and measurements that provide the technical underpinning for standards, ranging from materials test methods to standards for building performance, and for a range of technologies, from information and communications technologies to nano- and bio- technologies. As a matter of policy, NIST encourages and supports participation of researchers in standards developing activities related to the mission of the Institute. More than a quarter of NIST's technical staff—363 employees—participate in standards developing activities of 90 organizations. These include U.S. private sector standardization bodies, industry consortia, and international organizations. The NIST staff hold 1183 committee memberships, and chair 142 standards committees.

In the information technology area, 40 NIST researchers have taken leadership roles and served with distinction in 80 national and international standards committees promoting the interests of many essential U.S. industries. Participation varies across a number of core information technology disciplines, including advancing and securing Internet and wireless networks, data exchange, data imaging, security and privacy, biometrics, and usability and accessibility of IT systems. In the area of telemedicine, NIST has worked in conjunction with the American Telemedicine Association to define standards and guidelines that enable the development and advancement of telemedicine. ATA and NIST have conducted a series of workshops to identify standards needed to provide ocular care through telecommunications technology.

In the health IT arena, the NIST staff participates in the following key IT standards- related efforts:

• ANSI Healthcare Informatics Standards Board (HISB)
• ASTM International—Operating Room of the Future
• Markle Foundation's Connecting for Health
• American Telemedicine Association (ATA)
• Federal Health Architecture/Consolidated Health Informatics (FHA/CHI)
• Medical Device Communications, Wireless Networks (IEEE)
• Healthcare Information and Management Systems Society/ Integrating the Healthcare Enterprise (HIMSS/IHE)
• Health Level 7 (HL7)

In accordance with the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) and Administration policies, NIST supports the development of voluntary industry standards both nationally and internationally as the preferred source of standards to be used by the Federal government. NIST collaborates with national and international standards committees, users, industry groups, consortia, and research and trade organizations, to get needed standards developed.

NIST will work with HHS to develop a strategy to promote such voluntary consensus standards, or Federal Information Processing Standards for use in the federal sector.

As part of this process towards standardization of federal health information, NIST will begin to formalize the first set of data standards agreed upon in the Federal Health Architecture/Consolidated Health Informatics Initiative, through the development of appropriate Federal Information Processing Standards and guidance to federal agencies through NIST Special Publications. This will help the federal government to achieve a greater level of interoperability of federal health data.

b) Performance and Conformance Metrics for the NHIN

NIST works with industry to establish credible, cost-effective metrics to demonstrate software interoperability and conformance to particular standards. These metrics often form the basis or criteria upon which certifications are based. Typical NIST metrics include models, simulations, reference implementations, test suites, and testbeds.

Specific activities in support of health information technology include:

HIMSS/IHE: A key problem today in the realization of Electronic Health Records for the patient's continuity of care is the inability to share patient records across disparate enterprises. To address this problem, NIST is collaborating with industry to develop standardized approaches to sharing electronic clinical documents across healthcare organizations and providers. NIST staff have built reference implementations and developed validation tools to demonstrate the feasibility and correctness of implementations, and worked with implementers to create integrated solutions based on these approaches. In particular, NIST is collaborating with the 'Integrating the Healthcare Enterprise' (IHE) project sponsored by the Radiological Society of North America, Healthcare Information and Management Systems Society (HIMSS) and the American College of Cardiology. The goal is to develop an approach called: Cross-Enterprise Document Sharing (XDS). This standards-based approach provides a mechanism to access a patient's multi-faceted clinical information, regardless of where it is physically located, while maintaining local control and ownership of that information and without compromising the privacy and security of the patient's clinical history.

HL7: Health Level 7 is a standards development organization that provides standards for the exchange, management and integration of data that support clinical patient care and the management, delivery and evaluation of healthcare services. NIST is collaborating with HL 7 in defining standard functionality and conformance criteria for EHR systems. These criteria form the basis for EHR certification efforts and will help ensure that HL7 messaging and EHR systems' conformance can be defined and measured at an appropriate level. NIST is also developing a conformance-testing tool that automatically generates test messages for HL7 Version 2 message specifications.

IEEE Medical Device Information: In a typical intensive care unit (ICU), a patient may be connected to one or more vital-sign monitors and receive medicine or other fluids through multiple infusion pumps. More acutely-ill patients may also be supported by devices such as ventilators, defibrillators or hemodialysis machines. Each of these medical devices has the ability to capture volumes of data, available multiple times per second. NIST is collaborating with the IEEE Medical Device Communications working group in developing conformance tests and associated tools to provide the medical device industry with the necessary tools to ensure that critical devices properly implement the medical device standards.

Operating Room of the Future: It is estimated that 10–20% of hospital errors occur in the perioperative environment (before, during, and after surgery). Technology can play a major role in increasing the overall patient safety in such situations through the development of the operating room of the future (ORF). The ORF will consist of a network of interoperable plug and play medical devices, where the utilization of advanced technologies, such as robot-assisted surgery, sensor fusion, virtual reality, workflow integration, and surgical informatics, will result in a higher quality of healthcare by considerably increasing patient safety. NIST is working with the Center for the Integration of Medicine and Information Technology (CIMIT) in the development of an architectural framework for medical device integration, development of clinical requirements for device plug-and-play standards, identification of current interfaces, and development, testing and simulation of interfaces.

Clinical Informatics: Building on past experience in information modeling and research to support interchange standards for the manufacturing industry, NIST is preparing a comprehensive report of all clinical information-oriented standards, their development organizations, their scope and the vocabularies/ontologies they employ. NIST will use the report as the basis for developing a plan for applying NIST's experience to assist in clinical information-oriented standards development and closer harmonization.

Improved Internet Protocols: The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. NIST is actively participating in IETF efforts in the areas of: IP security, key management, Internet Protocol version 6, integrated services and resource reservation, IP switching, advanced routing and mobile ad hoc networks. NIST leads the IETF effort to develop and deploy a secure Internet naming and routing infrastructure. NIST metrics are used within this premier organization to expedite the development and deployment of standardized Internet infrastructure protection technologies. A secure infrastructure is an absolute first step in developing a National Health Information Network that can assure the confidentiality of electronic patient records.

WPAN's for Health Information: NIST is assisting industry in the development of a universal and interoperable wireless interface for medical equipment, expediting the development of standards for wireless technologies, and promoting their use in the healthcare environment. In close collaboration with the Institute of Electrical and Electronics Engineers (IEEE) and the U.S. Food and Drug Administration, NIST developed theoretical and simulation models for two candidate Wireless Personal Area Network (WPAN) technologies including the Bluetooth and the IEEE 802.15.4 specifications. NIST evaluated their performance for several realistic healthcare scenarios and contributed our results to the appropriate IEEE working group. NIST contributions will constitute the basis of standard requirements on the use of wireless communications for medical devices.

c) Certification

NIST has an established history of developing procedures for certifying conformance to consensus-based standards. Conformity assessment activities form a vital link between standards, which define necessary characteristics or requirements for software products, and the performance of the products themselves. Conformity assessment procedures provide a means of ensuring that the products, services, or systems produced or operated have the required characteristics, and that these characteristics are consistent from product to product, service to service, or system to system. Conformity assessment includes: sampling and testing; inspection; certification; management system assessment and registration; accreditation of the competence of those activities and recognition of an accreditation program's capability. NIST has been in the certification business since its inception in 1901 and is well positioned to provide technical guidance in the development of a technical certification regimen, including specific certification metrics, software to perform comprehensive certification tests, and certification procedures.

d) Security

For many years, NIST has made great contributions to help secure our nation's sensitive information and information systems. Our work has paralleled the evolution of IT systems, initially focused principally on mainframe computers, now encompassing today's wide gamut of information technology devices. Our important responsibilities were re-affirmed by Congress with passage of the Federal Information Security Management Act (FISMA) of 2002 and the Cyber Security Research and Development Act of 2002.

Beyond our role to serve the Federal Agencies under FISMA, our FIP standards and guidelines are often voluntarily used by U.S. industry, global industry, and foreign governments as sources of information and direction for securing information systems. Our research also contributes to securing the nation's critical infrastructure systems. 

Moreover, NIST has an active role in both national and international standards organizations in promoting the interests of security and U.S. industry. Current areas that are applicable to the NHIN include:

• Security Management and Guidance;
• Cryptographic Standards and Applications;
• Security Testing;
• Security Research/ Emerging Technologies

Recent activities specifically related to health IT include:

Guidance for Understanding the HIPAA Security Rule: The Security Rule issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) directs certain health care entities, known as "covered entities," to comply with standards for keeping certain health information that is in secure electronic form. NIST has published a document, An Introductory Resource Guide for Implementing the HIPAA Security Rule that summarizes and clarifies the HIPPA Security Rule requirements for federal agencies that are covered entities. It also directs readers to other NIST publications that can be useful in implementing the Security Rule.

Healthcare Accreditation Guidance: NIST in conjunction with URAC (not an acronym) and the Workgroup of Electronic Data Interchange (WEDI) sponsors the NIST/URAC/WEDI Health Care Security Workgroup. The group promotes the implementation of a uniform approach to security practices and assessments by developing white papers, crosswalks (of regulations and standards), and educational programs. The group brings together stakeholders from the public and private sectors to facilitate communication and consensus on best practices for information security in healthcare. Ultimately, these best practices will be integrated into accreditation criteria used by hospitals and other healthcare facilities. The group draws heavily upon information technology security standards and guidelines developed by NIST.

Clinical Decision Support: In addition to our contributions to building a NHIN, NIST is developing measurements and technologies that can be used in providing advanced clinical decision support. 

Doctors rely on diagnostic tests to optimize patient care. Many of these tests owe their high accuracy to a variety of NIST standards, measurements, and calibrations. These measurements are essential for patient care and the most efficient use of available health care funds. NIST is contributing to increased efficiency in health care delivery by ensuring that the measurement quality assurance tools - reference measurement methods, certified reference materials and calibrations—are available and well integrated in the NHIN. Some examples of NIST work include:

• In Vitro Diagnostic Medical Device Measurements;
• Standard Reference Materials for Clinical Diagnostic Markers;
• Joint Committee on Traceability in Laboratory Medicine;
• Gene Expression Analysis;
• Point-of-Care Testing; and
• Analytical Information Exchange

Conclusion

As the Committee can see by the few examples I have cited, NIST has a very diverse portfolio of activities supporting our nation's health information technology effort. With its long experience as well as a diverse array of expertise, NIST is able to the Department of Health and Human Services in achieving the President's goal and respond meeting both the short-term and long-term needs of the Nationwide Health Information Network.

Once again thank you for inviting me to testify about NIST's activities and I would be happy to answer any questions you may have.

---

¹ National Healthcare Expenditures Projections: 2004-2014. Office of the Actuary. Centers for Medicare and Medicaid Services.

² Institute of Medicine

³ ADE

⁴ National Center for Health Statistics. Health, United States, 2004. With Chartbook on Trends in the Health of Americans. Hyattsville, Maryland: 2004. Table 116. Page 326. Available at http://www.cdc.gov/nchs/data/hus/hus04trend.pdf#116.

⁵National Healthcare Expenditures Projections: 2004-2014. Office of the Actuary. Centers for Medicare and Medicaid Services.

⁶ ibid.