The Office of the National Coordinator for Health Information Technology (ONC) has finalized a rule updating the Health IT Certification Program to authorize the federal agency to conduct direct reviews of certified health IT.
“More transparency and accountability in health IT is good for consumers, physicians, and hospitals,” National Coordinator Vindell Washington, MD, MHCM, said in an official statement last week. “Today’s final rule strengthens the program by ensuring that certified health IT helps clinicians and individuals use and exchange electronic health information safely and reliably.”
ONC direct review is one of three major provisions of the final rule for enhanced oversight and accountability relative to the federal agency’s certification program. The two others pertain to ONC oversight of authorized testing labs and its sharing of surveillance results.
According to an official fact sheet about the final rule, ONC direct review will serve two purposes.
The first focuses on ensuring provider confidence in their certified health IT products:
Through this final rule, ONC articulates a regulatory framework for directly reviewing certified health IT to determine if non-conformities with certified health IT exist in the circumstances listed above. ONC’s review will focus on capabilities and aspects of health IT that are certified under the Program, including whether the capabilities of certified health IT perform properly when they interact with other capabilities or products. The review of those other capabilities or products would be limited to the extent necessary to determine whether the certified capabilities are functioning in a manner consistent with Program requirements.
Second, the final rule will enable the federal agency to work with health IT developers to remediate issues associated with certified EHR technology and health IT systems:
ONC will provide direction and approve comprehensive corrective action plans for health IT developers to address nonconformities, including notifying affected customers. As highlighted in the final rule, ONC’s intent is to help health IT developers identify and address non-conformities in the health IT that providers use to support patient care. Corrective action plans will support that intent, and ONC intends to work with health IT developers to remedy any nonconformities in a timely manner and across all customers.
According to ONC, non-conformities to health IT certification criteria could lead to the suspension and/or termination of certifications which health IT developers could then appeal. Terminations would lead to the federal agencies working with the Department of Health & Human Services and its departments to help affected by its determinations.
As for the motivation behind direct review, ONC lists potential threats to patient safety and obstacles in the way of ONC-Authorized Certification Bodies reviewing certain health IT products.
In the final rule, ONC officials noted its objective to align its direct review of certified health IT with that of other federal agencies, which could lead the federal agency to declining conducting a review of certified products “for any reason, including if it believes that other agencies may be better situated to respond to a suspected non-conformity.” As an example offered in the rule, ONC states that health data security and privacy risks related to certified health IT would not warrant a direct review.
In keeping with the accountability aspect of the final rule, ONC will release results of its surveillance of certified health IT efforts to the public.
“The public availability of identifiable surveillance results will provide customers and users with valuable information about the continued conformity of certified health IT,” the final rule states. “While we expect that the prospect of publicly available identifiable surveillance results will motivate some health IT developers to improve their maintenance efforts, we believe that most published results will reassure customers and users of certified health IT.”
The third major provision of the final rule focuses on the organization responsible for testing health IT products and does not have direct implications for healthcare providers.
