The HIT Policy Committee has approved and sent to David Blumenthal, M.D., two letters of recommendations related to the proposed rule setting up electronic health records certification programs.

The committee, an advisory body to Blumenthal and his Office of the National Coordinator for Health Information Technology, approved recommendations from its certification/adoption and privacy/security workgroups. Some of the certification/adoption workgroup recommendations include:

* Provide three specific elements for EHR certification firms' surveillance processes, under which the firms will periodically evaluate certified products to ensure they continue to conform to adopted standards. The elements are compliance with testing criteria, compliance with certification criteria, and effectiveness of systems and implementations.  "Complete" (comprehensive) EHRs and EHR modules should have labeling with instructions on how purchasers can report complaints about the certification process.

* Give ONC authority to proactively "de-certify" Complete EHRs or EHR modules if a pattern of unsatisfactory surveillance emerges or if patient safety concerns emerge.

* Allow "differential" testing and certification in Stages 2 and 3 of meaningful use criteria if an EHR has passed a specific test in a prior stage, there has been no change in criteria for that specific test in a subsequent stage and there has been no change in the software version.

* Enable permanent certification organizations to specialize, such as certifying only Complete EHRs for ambulatory settings or only Complete EHRs for the inpatient environment.

* Require certified EHR modules to be sold with a label indicating the module has not been tested for interoperability with other modules.

* While certifiers should be permitted to test at their own facility, remotely and at the site of a health care organization, remote testing should be designated as the primary method for testing.

* Require labeling indicating what meaningful use stage specific technology has been tested and certified.

* ONC and certifiers should maintain Web sites showing the vendor names and the version of their EHR products that have been certified, as well as the meaningful use stage for which the products were certified, along with surveillance information.

The privacy/security workgroup recommendations that the full HIT Policy Committee approved include:

* The proposed rule would require EHR modules be tested and certified to all privacy and security certification criteria unless one of three exemptions applies, such as technical infeasibility to test and meet certain criteria or the module is designed to perform a specific privacy or security capability. Consequently, the workgroup and full committee endorse a default rule that each EHR module must meet all privacy and security certification criteria when the module is being used as intended.

* Each EHR module submitted for certification should provide specific information on privacy/security features and limitations.

For both reports of recommendations, click here.

 --Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access