Skip to content Skip to navigation

Industry Stakeholders React to ONC Health IT Certification Program Final Rule

October 19, 2016
by Rajiv Leventhal
| Reprints
AMA, AHA applaud EHR Certification Program’s final regulations

The American Medical Association (AMA) has released a statement applauding the steps taken by the Office of the National Coordinator (ONC) to strengthen the monitoring and testing of certified electronic health records (EHRs), as well as supporting ONC's general framework laid out in its recently released final rule. 

On Oct, 14, the ONC issued a final rule that updates the ONC Health IT Certification Program which sets up a regulatory framework for ONC to directly review certified health IT products and gives the agency more direct oversight of health IT testing labs, as reported by Healthcare Informatics. According to an ONC blog post about the rule, specifically, the final rule focuses on: (1) establishing a regulatory process for the direct review of certified health IT by ONC; (2) updating ONC authorization and oversight of accredited testing labs (ONC-ATLs); (3) and making identifiable surveillance results of ONC-Authorized Certification Bodies (ONC-ACBs) available on ONC’s Certified Health IT Products List (CHPL).

In the past several months, there have been health IT stakeholders who have questioned ONC’s ability to perform the above actions. In a statement about the final rule issued last week, Health IT Now Coalition executive director Robert Horne, said ONC “is clearly overstepping its statutory authority by moving forward with direct review of uncertified functionalities and products, in addition to certified products.”

But, according to AMA’s statement, “The rule expands ONC's ability to identify issues with EHRs in the field. ONC will determine if EHRs comply with certification standards, and if not, ONC will require vendors to follow comprehensive corrective action plans.  The public availability of these results will enhance transparency and the accountability of EHR developers to their customers. This also will provide physicians with valuable information about the continued conformity of certified health IT.”

What’s more, Jodi Daniel, former director of the Office of Policy within ONC, now with Crowell & Moring LLP as a partner in the Washington, D.C.-based firm’s healthcare group, and a respected authority on legal and policy issues related to EHRs, previously said that ONC’s proposed rule lacked specificity in the transparency section as well as in the direct review section. But now, according to a Politico Morning eHealth report, Daniel said that vague language has been removed. “It appears ONC scaled back the final rule as a result of that pushback, Daniel said. “The final rule narrows the scope to serious risks to patient safety or situations where the certification bodies cannot effectively investigate,” she said.

The AMA said that it urged the ONC to adhere to the following principles when writing the final rules:

  • ONC's authority should focus on decreasing risks to patient safety and data security;
  • All of ONC's reviews should be conducted in a transparent manner and identified solutions should be broadly disseminated;
  • Termination of health IT certification should be used as a last resort. ONC generally should utilize corrective action plans to hold health IT developers accountable and monitor vendor compliance; and
  • ONC in conjunction with the Centers for Medicare & Medicaid Services (CMS) must develop a process to protect physicians and patients from the downstream effects caused by a suspension or termination of a health IT product's certification.

As such, the organization said that “ONC responded to a number of these principles.” Meanwhile, the American Hospital Association (AHA) also applaud ONC’s commitment to provide greater transparency on the results of surveillance done by certification bodies and the agency itself. “That information will be useful to providers as they evaluate and select products. We also agree that coordination across agencies to avoid provider penalties when an EHR is decertified is a necessary step,” the AHA statement read.