Setting sail on a new IT agenda

by Jennifer Jones

April 12, 2001 —

RATHER THAN A Bush revolution on IT policy, the new White House will more likely forge ahead on major Bill Clinton initiatives while simultaneously waging a quiet, pro-corporate war on the details of those objectives.

"If you look at what [George W.] Bush did as chief executive of Texas, he is very pro-business. And like a lot of Republicans, he tends to want to set high-level guidelines and maximize the flexibility for business to achieve those guidelines," says Tim Klein, an analyst at Gartner in Stamford, Conn.

But instead of hurrying off in a new direction on technology policy issues, the Bush administration has spent its early days methodically combing through the details of new privacy laws and other measures kicked off during the Clinton years.

At the same time, Bush, together with the majority Republican Congress, did overturn sweeping workplace ergonomics standards earlier this month. Bush may also unravel some of the former president's medical privacy push (see related article, below) and perhaps other IT initiatives considered burdensome to business.

New scrutiny prescribed for Clinton-backed health care privacy rules

Powerful lawmaker and House Majority Leader Dick Armey recently sent a shot across the bow on pending medical records privacy regulations, warning the Bush administration that it may well be "prudent to look before we leap."

Armey pointed out that health care providers would have to submit personal patient data to the federal government under proposed rules crafted around the Health Insurance Portability and Accountability Act (HIPAA).

"A 'Trust me, I'm from the government' approach won't wash," wrote Armey in a March letter.

Raising the specter of government access to private health care data adds another worrisome layer to the complicated and heated issue of mandated guidelines for protecting medical records.

Armey's missive arrives just as Health and Human Services Secretary Tommy Thompson is sorting through HIPAA backlash from health care providers.

"There is already a delay on the rules, and Armey may be looking for further delay in implementation," says Mark Uncapher, a lawyer with Arlington, Va.-based Information Technology Association of America (ITAA).

Under former President Clinton's HIPAA rules, health care providers would be required to operate under principles for minimal disclosure of personal data. Among other requirements, providers would have to issue notices of privacy practices and offer patients the chance to review and amend their own data. The requirements would also touch third parties such as health care consulting firms, which would not be allowed to do business with health care providers that are not in compliance with the rules.

Outcry to HIPAA in the medical community sometimes borders on the extreme, sources say.

"I think they are just running scared," says Tim Klein, an analyst at Stamford, Conn.-based Gartner. "Many health care providers are now running so close to the edge financially that any kind of expenditure is a big deal for them."

For example, it is whispered that the rules will force hospitals to have only private rooms, because patients in opposite beds may overhear private doctor-patient conversations. That would be a breach of the new law, if certain HIPAA passages are taken to the extreme, Klein says.

Gartner recently came out officially in favor of the Bush administration's moving forward on proposed HIPAA privacy rules.

Some have taken recent moves by the Republican-led Congress and Bush administration to scrap workplace ergonomics rules as a sign that the administration indeed might table HIPAA rules.

But most health care privacy watchers say the regulations are so far along and support for medical records privacy is so high that HIPAA rules are unlikely to melt away quickly.

IT issues abroad to take center stage

Whereas George W. Bush inherited a maturing domestic IT agenda from the Clinton White House, the administration may soon face a more pressing set of international IT issues.

"Recently in Europe, there has been a frightening tendency to regulate the Internet and deal strongly with policy issues. The European Community may well try to proselytize that," observes Harris Miller, president of the Information Technology Association of America (ITAA), in Arlington, Va.

For instance, Miller said, the European Union approach to safeguarding the private data of individuals is something domestic companies are beginning to struggle with.

"In many ways, the thinking is quite different from the United States, especially on privacy. The EU approach is far more restrictive in terms of what companies can do with personal information," says Kerry Kearney, an attorney at the law firm Reed Smith in Pittsburgh.

European privacy issues and regulations were a topic recently aired in Congress.

"Since the EU is a major trading partner, we must become aware of how their Data Protection Directive impacts our trade and the global growth of e-commerce," said Rep. Cliff Stearns, R-Fla., during a congressional hearing earlier this month.

The EU Directive is essentially a framework crafted by the government that has instructed businesses on the limits for using and sharing personal data that companies collect. The Directive prohibits the transfer of personal data to countries without similar safeguards.

Former President Clinton's Federal Trade Commission and the European Commission last year forged a so-called "Safe Harbor" arrangement, whereby companies could volunteer to agree to the EU safeguards in an effort to keep data flowing across borders.

"But very few companies have agreed to proceed under Safe Harbor," Kearney says. "It is extremely onerous, and a number of our clients have said flat out they can't do it."

Technology issues looming large on the horizon

Bush chooses to first tackle taxes and education, but several technology issues are ripening.

* Internet tax

The ban on new taxes ends in October. Meanwhile, local government groups and businesses cannot agree on how to apply sales tax to purchases across state lines.

Bush campaign pledge: Extend moratorium on new taxes by five years

* R&D tax credit

Federal tax breaks are designed to encourage commercial research programs; lawmakers must routinely renew credit; and industry groups have lobbied for program to become permanent.

Bush action: Recent tax package includes provision to make tax credit permanent; in January, Clinton regulations halted by Bush would have put additional requirements on credit process.

* Encryption

Efforts have been under way for some time to relax export policies that govern overseas shipping of encrypted products.

Bush pledge: "Comprehensive" export control program to balance military program protections with commercial sector interests to export more encrypted products

* Privacy

The technology industry is warming to the idea of new federal laws that would negate state efforts to regulate privacy; several bills pending on Capitol Hill are designed to build a framework to safeguard exchange of personal data on the Internet; two separate sets of regulations now apply to handling of sensitive financial data as well as information about children; and regulations pending on measures to protect medical records privacy.

Bush pledge: Espoused pro-privacy sentiments during campaign but places more emphasis on economic tech issues; reviewing detailed regulations for protecting medical data

* Work force

Upwards of 844,000 IT vacancies have industry groups pressing for higher federal limits on specialized foreign workers permitted into the United States under the H-1B visa program and for more math and science in schools. Groups also want a tax credit for commercial IT training programs, an idea put forth in 1998.

Bush pledge: Support for "dramatic increase" in limits on H-1B visas for highly skilled workers; general support for more math and science and use of technology in the classroom

Sources: ITAA, Bush Campaign

During his long campaign for president, Bush stressed general Internet economic issues such as his support for an "entrepreneur" or private-sector approach to fostering the technology economy and support for extending the Internet tax moratorium. However, a wealth of similarities existed in the technology platforms of last year's presidential campaign rivals.

Yet many industry watchers expect the Bush administration to make its own mark on the high-tech landscape and on such issues as online privacy, telecommunications regulation, Internet taxation, and marketplace antitrust measures.

At least in the dawn of the administration, however, most are looking for those changes to materialize slowly in the form of tweaks rather than major overhauls of the IT policies launched under Clinton.

"We're not going to see a whole lot of pronounced differences, but we will see a lot of nuances," says Harris Miller, president of Arlington, Va.-based Information Technology Association of America (ITAA).

Ultimately, those differences -- be they large or small -- will have a lot to do with key personnel appointments. Case in point, Bush's recent choice of free-markets fan Michael Powell to head the Federal Communications Commission (see related article, "The new administration's IT leadership").

Powell left clues that he may lead a more hands-off FCC in his detailed response to the agency's decision to saddle the freshly minted AOL Time Warner merger with a laundry list of requirements. "Our merger conditions more often look like rules," he opined late last year.

Also coloring Bush's IT legacy will be Congress, which is now so well-versed in tech issues that it will likely coax tech policy positions out of an administration that is just getting up to speed.

With so many unknowns, it is far too early to declare the Bush and Clinton administrations identical on tech policy, says Rep. W.J. "Billy" Tauzin, R-La., chair of the House Committee on Energy and Commerce. Tauzin will likely play a key role in simmering IT issues such as the evolution of the broadband market and online privacy.

"I think it is wrong to conclude from the commonalities in approach that there aren't real differences between the aadministrations," Tauzin says (see related interview, "Deregulation stalwart takes over House Energy and Commerce Committee").

Tauzin holds that some of the Bush administration's more obvious shifts from the Clinton era will be evidenced in tactics the White House uses in its oversight of corporate mergers and other market activity.

"There will be a departure from the heavy-handed regulatory approach of the Democrats," Tauzin says confidently.

Hillard Sterling, an antitrust expert at the Chicago firm Gordon & Glickson, agrees, predicting that Bush will take a "softer, more permissive approach" to antitrust in the technology markets.

"It's doubtful that this administration will try to craft Microsoftlike inventive theories that markets are suffering from overly successful companies," says Sterling, alluding to the landmark Department of Justice antitrust case launched against the software giant during the Clinton years. "Instead, this administration will avoid intervention unless it sees direct and immediate evidence of market exclusion."

Whereas such changes in the government's efforts to oversee market competitiveness underscore what is often considered traditional Republican free-market ideals, other IT issues such as online privacy do not split so cleanly down partisan lines, according to many observers.

"On some issues, it is very difficult to tell which way things will go. There are some people who think Republicans always concede to corporate expediency, but that is not always true. Some of the legislators who have fought the most strenuously for privacy in the past have been Republicans," says Jason Catlett, president of Junkbusters in Green Brook, N.J.

Privacy perhaps is the most pressing IT issue facing the new administration. And it is an area where free-enterprise solutions can be elusive, because consumer rights are often pitted squarely against corporate interests.

Those gray areas could well be part of the administration's tendency so far to resist leaping out front on such contentious issues. "The Bush administration has not really been talking about privacy," says Kerry Kearney, a privacy attorney at Reed Smith in Pittsburgh.

But another reality in the Bush administration's reluctance to charge forward on IT -- and perhaps its lack of strong departures so far from Clinton on technology -- lies in the White House's choice to focus for now on a limited set of key issues facing the nation.

"These are not polar issues like education," the ITAA's Miller says.

Instead, Bush officials have been narrowly combing tech initiatives pushed through during the waning days of the Clinton administration, such as workplace ergonomics rules and medical records privacy.

And still a lot of uncertainty remains as to what will come out of such scrutiny. Take for instance the administration's current rethinking of medical records privacy rules.

"It's clear the health care industry is hoping for more lenient treatment [in the regulations]," Kearney says. "But we're still a long way off from the relief people were hoping for. It's not that clear-cut, and not an area where Bush seems to want to talk past his support for a patient's bill of rights."

Kearney counts as many as 38 health care organizations that have banded together, beseeching the White House to withdraw medical records rules put forth by Clinton; rules they consider "unworkable," she relays.

Although Bush may not be ready to move much past his campaign's talking points on technology, several members of Congress seem poised to move on privacy and other IT issues.

In one of the first major congressional hearings of the current Congress, Republicans and Democrats alike sent clear signalls on privacy. "Congress should be poised today not only to examine this issue, but to take action," says Rep. Anna Eschoo, D-Calif.

Capitol Hill interest in privacy spiked late last year when companies such as Disney and Hewlett-Packard finally warmed to the idea of federal privacy statutes related to the online collection and use of personal customer data.

After years of industry opposition to the idea, many corporations decided a single set of privacy laws -- crafted by Congress and the industry -- might well be a far better fate than scattered state laws on privacy.

HP, America Online, and Disney have all gotten behind the Consumer Privacy Enforcement Act introduced by Sen. John McCain, R-Ariz., and Sen. John Kerry, D-Mass.

"The impetus for privacy legislation will almost certainly come from Capitol Hill," predicts Scott Cooper, manager of technology policy at HP in Palo Alto, Calif. "The floodgates have opened and the ice is broken."

Although Congress is the birthplace of new laws, the Clinton administration's Federal Trade Commission last year was active in crafting draft privacy legislation, which was subsequently introduced by willing Democrats. That particular FTC bill has not yet moved forward.

But in general, enacted statutes are handed over to relevant government agencies responsible for making rules that put new laws in place on a practical level. "There is often a lot of latitude in legislation left to agencies," Junkbusters' Catlett says.

For that reason and others, the appointments Bush makes at the FTC and other key spots will be a crucial part of his imprint on the IT landscape.

"Until we know who will be doing what, it's hard to tell what the focus of the administration will be," says Rick Lane, director of congressional affairs at Washington-based U.S. Chamber of Commerce. "[But] there will be differences, and even if they are nuances, those will have huge impacts on the direction of the high-tech community and e-commerce."

InfoWorld