The Office of the National Coordinator for Health IT (ONC) announced on Thursday updates to the Health IT Certification Program with the aim of making it easier for health IT vendors to get their products certified.
As previously reported by Healthcare Informatics, the changes signal that ONC it will relax its oversight of how well electronic health records (EHRs) meet government standards. In making these changes, ONC, which is a part of the U.S. Department of Health and Human Services (HHS), aims to improve the program’s efficiency and reduce burden on health IT developers and users. The goal, the agency said, is to enable health IT developers to devote more of their resources and focus on the remaining interoperability-oriented criteria, aligning with the tenets of the 21st Century Cures Act, ONC officials said.
Providers are required to use a certified EHR in order to be compliant with meaningful use regulations.
The agency said it will allow health IT companies to “self-declare” that their products meet 30 of the 55 criteria needed in order to get their products certified. The second change will ease requirements for random surveillance of health IT by ONC-Authorized Certification Bodies (ACBs).
An ONC webpage outlining 2015 Certification testing and test methods features an updated chart indicating exactly which criteria no longer require a test tool.
“This means that health IT developers will self-declare their product’s conformance to these criteria without having to spend valuable time testing with an ONC-Authorized Testing Laboratories. This testing typically included either a visual demonstration of the product’s functionality or submission of documentation confirming the required functionality,” Elise Sweeney Anthony, director of ONC’s Office of Policy, and Steven Posnack, director of ONC’s Office of Standards and Technology, wrote in an ONC Health IT Buzz blog post.
The ONC officials note that self-declaration is not a new approach and is used among other industry testing programs. The test procedures for health IT products now designated as “self-declaration” are for functionality-based certification criteria.
Many health IT vendors voiced support for the program changes and hope that it signals a broader reform of the Health IT Certification program. Sasha TerMaat, chair of the EHR Association and director at Epic Systems, said in a statement, “We have encouraged ONC to look for ways to make the certification process less expensive and more efficient. We therefore appreciate the direction and intent of the proposed changes, and look forward to reviewing the details of this new approach.”
Stephanie Zaremba, athenahealth's director of government and regulatory affairs, says, “At a high level, we were happy to see ONC doing some things to reduce the burden that the certification process places on developers, but more so on the providers.” Zaremba says a highly-prescribed certification process results in health IT functionality “that is clunkier" for provider end-users. And, she added, “For every extra hour we put into testing of certification, that’s an hour that we’re not putting into something that our customer has specifically asked for. We’re happy to see them taking steps in the right direction on this. We’re also looking forward to seeing these changes as just one piece of a strategy in a broader reform of the certification program.”
Zaremba said ONC has an opportunity to support “good business and good technology processes that align even more closely with the constantly evolving government payment programs.” Also, she added, “More can be done in the certification program to really encourage innovation in service of providers and patients.”
Many health IT industry stakeholders said they still reviewing the changes, but many voiced concerns about ONC scaling back its oversight of EHR certification and the potential impact to patient safety. At the same time, some health IT stakeholders worried that the relaxing of oversight of certification requirements would pass the responsibility onto providers to uncover deficiencies.
Robert Tennant, director of health information technology policy at the Medical Group Management Association, notes that MGMA “strongly supports a robust oversight process from ONC” and that the ONC decision to relax its oversight comes on the heels of the eClinicalWorks settlement of a False Claims Act lawsuit. Back in May, the U.S. Department of Justice announced a settlement that holds eClinicalWorks, and the company’s founders and executives, liable for payment of $155 million to resolve a False Claims Act lawsuit. The complaint alleges eClinicalWorks falsely attested to its certifying body that it met certification requirements under the Meaningful Use program, and in turn caused its healthcare provider customers to make false claims for incentive payments under the Meaningful Use program.
“The question is not just eClinicalWorks, but the question for a lot of medical groups is, if that major vendor had issues, are they the only ones?” Tennant asked. “We’re not convinced that having lax oversight is the best thing, not just for the program, but also for two aspects for medical groups. One is, of course, the considerable financial investment that practices make in these technologies; it takes years to identify, to negotiate, to implement these technologies.” Second, he says, “there are implications for patient safety. If the software does not do what they claim it will do, it could have an impact on the care delivery process, and that to us is simply unacceptable."
Tennant continues, “As ONC is trying to make it a little bit easier on the administrative side for software vendors, we would encourage them, at the same time, to continue to be aggressive to ensure that these vendors are accurately reporting their certification data and that the software does what the vendor claims it will do, both on the operational side but also focused on the safety of the patient.”
Tennant adds, “I have no issue with self-attestation, certainly that’s a component for physicians and other clinicians participating in things like Meaningful Use and MIPS (the Merit-
Tennant specifically points to ONC’s Certified Health IT Product List website, which has a feature that lists all the health IT products for which a non-conformity has been recorded and the products’ vendors must complete a corrective action plan. A certified product is non-conforming if, at any time, an ONC-ACB or ONC determines that the product does not comply with a requirement of certification and developers of those certified products must take approved corrective actions to address such non-conformities. The list includes 108 vendors that are currently under a corrective action plan. Further, the ONC site also lists decertified products, of which there are 61.
“When I see that, it tells me that the vendor community needs to be aware that the government is prepared to take action. And, obviously, decertification is a last resort, because it’s harmful not only to the vendor, but harmful to the physicians who have purchased the product. This is why a lot of the enforcement action has been in the form of a corrective action plan from ONC. But the sheer number of these corrective action plans tells me that there may be a pretty broad swath of vendors that are not meeting the requirements of the certification,” Tennant says.
Zaremba says she believes athenahealth’s objectives, the health IT industry’s objectives and regulators’ objectives are aligned in terms of wanting to further the cause of having technology help further patient care. “It’s just a question of continuing the conversation on how we get there,” she says. And, she notes, “I would say that the goal should be having the right oversight. So, doubling down and doing more and more of the wrong kind of oversight, certification, that’s not going to help patients. But we are looking forward to partnering even more with ONC and we want their processes to promote patient safety and to promote good services to clinicians.”