Testimony of Jeanne Schulte Scott, CIS Technologies, Inc.

Oral Testimony

Jeanne Schulte Scott
Director of Government and Legal Affairs CIS Technologies, Inc.
A National Data Corporation Company
6100 South Yale Avenue
Tulsa, Oklahoma 74136
(800) 852-0707

National Committee on Vital and Health Statistics

Subcommittee on Privacy and Confidentiality

Monday, February 3, 1997

My thanks to the subcommittee and its staff for this opportunity to be here today.

My name is Jeanne Scott, Director of Government and Legal Affairs for CIS Technologies, Inc., an Oklahoma-based health care systems developer and health care transactions clearinghouse. CIS is a subsidiary of National Data Corporation -- one of the largest processors of health care information electronically. Today CIS and NDC together process over 850 million transactions annually and we expect to be handling over 4 BILLION such transactions a year by the year 2000. The numbers are increasing almost exponentially.

CIS and NDC belong to the Association for Electronic Health Care Transactions -- AFEHCT. AFEHCT is the trade organization for the many vendors, suppliers, software developers and electronic transmission networks that are taking the concept of ELECTRONIC DATA INTERCHANGE (EDI) -- or as it is now frequently called "ELECTRONIC COMMERCE" -- in health care from the drawing board to the operating room. Our membership includes some of the largest and most recognizable corporate names in the country (IBM, EDS, Unisys, many of the R-BOCS) as well as smaller, emerging companies such as my own -- all working on bringing health care EDT to reality. We are making the private sector investment today to build the electronic capabilities that will be needed tomorrow. Our member companies will this year process over 2 BILLION transactions . . . electronically . . . paperlessly . . . less expensively -- claims, inquiries, authorizations, insurance approvals and remittances. As we move toward the processing and transmission of clinical and other medical data, "telemedicine" and outcomes and quality research -- we expect that number of transactions to double, triple and quadruple each year over the next few years. Future estimates for our industry are that we will be handling and processing literally 10's of billions of transactions by the turn of the century.

Estimates of the administrative overhead -- the paper and bureaucratic burden -- associated with health care delivery vary from 14-35 percent -- but even assuming that only half of the lowest estimate might be saved -- that would be nearly $75 BILLION DOLLARS in 1997 health care spending, Even more might be saved through the identification of ineffective, duplicative and unnecessary services, a process made far more feasible, effective and available as a tool for health care management through the use of EDI. It is not an understatement to say that administrative simplification -and the use of electronic technology in health care communication and management -- can be and should be (if we don't place unnecessary burdens on such use) a major factor in resolving the seemingly intractable challenge of providing needed health care services to ALL of our nation's people -- both today's elderly and young, today's poor and uninsured, as well as tomorrow's growing population of soon-to-be seniors.

CIS, NDC and the member companies of AFEHCT are here to support the development of national, consistent and workable medical record privacy standards that will help us as we move forward to design the tools -- the products and services that will make the future delivery of health services administratively -- and perhaps most importantly -- economically feasible.

Many of the proposals that have been put forth -- including last year's Bennett-Leahy legislation and the bills already introduced this session by Congressmen Condit and McDermott, among others expected and yet to come -- and the call for implementation of privacy and security standards in Public Law 104-191, the Health Care Portability and Accountability Act (Kassebaum-Kennedy) -- are expected to give our industry clear guidelines in developing these needed EDI products and services. CIS and NDC support workable systems that will OPTIMIZE individual protections and assure that the advantages offered by the EDI and electronic commerce in health care will not be outweighed by the costs to individual privacy and personal freedom.

But OPTIMIZATION does not mean maximization. We have two very important social goods at play here -- the protection of privacy of individually-identifiable medical information -- and the development of critically needed, cost-saving administartive systems for health care. The two should work together and one should not impede the other.

This must not be allowed to become an adversarial system. We cannot allow such an important issue to get bogged down in a shouting contest among the players and participants. Each must try to recognize and work together in seeking OPTIMIZATION all sides have to be open to the needs of our society and our technological capabilities in addressing these needs effectively and cost-efficiently.

When I had the opportunity to represent the health care electronic data interchange industry in testifying at hearings involving the Bennett-Leahy proposal, S.1360 before the Senate Labor and Human Resources Committee in November 1995, 1 acknowledged the very real concern that we all must have that our most private and personal information not be carelessly used or unnecessarily exposed to illegal usages. "Hit me up both sides of the head with a big stick," I said, if I or my company violate this law. We should go to jail, if we are so callous as to disregard the basic integrity of an individual's personal identifiable medical data. But in our zeal to protect these most inviolable of interests, we cannot lose sight of the need to not only reduce the administrative complexity of health care administration -- both financial and clinical -- but to begin the process of using data constructively to improve both the quality and the efficacy of health care services and at the same time reducing the growth in health care spending to a more manageable level, We are spending $1 trillion in health care in this nation, and we need to spend it well.

Despite all these good intentions, however, there are still many roadblocks that will have to be overcome. The "horror" stories of the use and misuse of personally-identifiable data are all too real and cannot be disregarded. Nevertheless, the concept that computerized systems are or will become some sort of "big brother" potential villain in all of this, has arisen despite the fact that virtually every one of these "horror" stories of privacy and confidentiality violations -- ranging from the office clerk who stole a copy of Arthur Ashe's medical file to sell to a tabloid newspaper to the mental health records piled in a trash can in Louisiana, virtually without exception arose in a paper environment or would occur just as readily in the paper environment as well as the electronic.

Computers and electronic processing of data are not the bogeymen in this matter. The solution is not to place barriers on computerized systems -- but rather the solution is to embrace the technology while at the same time insisting upon optimum levels of security and protection coupled with appropriate disincentives, including, as necessary, criminal penalties for the hackers and abusers.

Senator William Bennett, in introducing S.1360, very aptly described the dilemma. We cannot prevent a determined hacker or abuser -- whether the process is electronic or paper -- but what we can do is:

(a) spell out a clearly expressed national policy on the use and misuse of personally-identifiable medical information;

(b) adopt national, uniform and effective standards, for guiding the health care industry, including requirements for automated processing;

(c) set limits on uses for such information, i.e., prohibiting the direct marketing of such information and its misuse in employment, insurance or other service or benefit qualifications, and

(d) provide assurances that if and when such abuses do occur, they will be dealt with effectively and with appropriate punishments leveled.

Deterrence, awareness and requirements for optimal security within the advancing technology are the answer -- not heedlessly suggesting that technology is the problem and not by holding back the opportunity to use data for the better care of the individual and the more efficient and cost-effective management of our nation's health care system.

For myself, CIS Technologies and National Data Corporation -- and on behalf of AFEHCT and its many member companies -- we stand ready to work with the subcommittee, the National Commission and its staff in addressing the issues of OPTIMIZATION -- drawing lines and working out solutions to these critical needs of our nation and its people.

Thank you for this opportunity to be here today. I will be pleased to try to answer any of your questions.