Skip to content Skip to navigation

Health IT Stakeholders Question ONC’s Authority in Proposed EHR Certification Rule

May 3, 2016
by Rajiv Leventhal
| Reprints

Industry stakeholders have given the Office of the National Coordinator for Health IT (ONC) feedback for a proposed rule that would give the agency more power in overseeing and reviewing electronic health records (EHR) and other health IT products.

On March 1, at HIMSS16 in Las Vegas, the U.S. Department of Health and Human Services (HHS) and ONC proposed a new rule that would aim to further enhance the safety, reliability, transparency, and accountability of certified health IT for users. The “ONC Health IT Certification Program: Enhanced Oversight and Accountability” proposed rulemaking  would modify the ONC Health IT Certification Program to reflect the widespread adoption of certified electronic health records (EHRs) and the rapid pace of innovation in the health IT market, according to an HHS press release. The proposed rule would focus on three key areas:

  • Direct Review: Enabling ONC to directly review certified health IT products, including certified EHR systems, and take necessary action to address circumstances such as potential risks to public health and safety. This will complement existing ONC-Authorized Certification Bodies (ONC-ACBs) responsibilities.
  • Enhanced Oversight: Increasing ONC oversight of health IT testing bodies to align with ONC’s existing oversight of ONC-ACBs and provide the means for ONC to quickly, directly, and precisely address testing issues.
  • Greater Transparency and Accountability: Making identifiable surveillance results of certified health IT publicly available to provide customers and users with valuable information about the overall performance of certified health IT, including illuminating good performance and continued compliance.

As the 60-day comment period for the proposed rule closed this week, various health IT stakeholders offered feedback on the regulation. For one, the College of Healthcare Information Management Executives (CHIME) commented that “The authority ONC is citing under the PHSA [Public Health Service Act] contains such an expansive and exhaustive list that we are concerned that addressing it will exceed ONC’s resources.”

CHIME’s comments continued by noting that, “Much of ONC’s proposal appears to center around patient safety, though it’s also clear the authority it seeks extends well beyond these issues. Our members have expressed concerns that patient safety is a complex topic and the proposal may not adequately account for the various ways providers deploy systems. They have also expressed concern that patient safety has become a catchall phrase that can mask other problems with EHRs, such as clinician frustration with workflow. We have similar concerns around medical errors. We caution ONC to proceed carefully here.­”

What’s more, CHIME takes issue with the notion that providers using a decertified product, or one under appeal, are at risk of failing to comply with Centers for Medicare & Medicaid Services (CMS) regulation such as the meaningful use program. This problem, CHIME says, could last months, or even years. CHIME states, “ONC states that remedies for those who end up with decertified products are outside the scope of this regulations. We are troubled that this has not been taken into greater consideration. We are specifically interested in knowing whether products under appeal will jeopardize a provider’s Medicare reimbursement. Will providers be eligible for hardships should their EHRs lose certification not just for Meaningful Use, but all CMS programs that warrant a certified health IT product? How long will they have to secure a compliant product? We urge ONC to clarify how they plan on protecting providers from unnecessary violations of meeting Medicare payment policies if they are using products that are under appeal or have been decertified.”

Further, The Health IT Now Coalition said that it is concerned that ONC’s proposal to directly oversee the non-certified capabilities of health IT is “a significant overstep of regulatory authority.” While the Coalition recognizes ONC’s authority already in place, it says it does not believe that ONC has the ability to review non-certified functions of certified health information technology.

Health IT Now also says that health IT products can be subject to the regulatory authority of a number of various agencies, including the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA). The organization believes that if ONC extends oversight to include the non-certified capabilities of health IT, they will be in direct conflict with the authorities of the FTC to regulate truth in advertising and the FDA’s authorities to regulate products that pose a significant risk to patient safety.

Meanwhile, the Healthcare Information and Management Systems Society (HIMSS) has overall concerns  on  the  duplication of effort  suggested  in ONC’s Direct Review approach  given  the  enormity  of  the  work  that  needs  to  be  accomplished  in  the  health  IT  community. HIMSS writes, “ONC has a major task in ensuring that ONC-ACBs and testing laboratories are sound, adequately funded, and resourced directly or in the context of the applicable community. Such a process should also involve  a  reporting  process  to ONC  to  keep  them informed of  the  work  that  is  being  done,  the  risk  mitigation  that  is  taking  place  and  if  necessary,  the interventions enacted to support  the  community potential concerns as they arise.”

Ultimately, HIMSS recommends that ONC should only “very rarely  need  to  intervene due  to ONC-ACB  limitations, and should  refine  the  applicable  language  dealing  with  such  limitations  and  focus  its  efforts  only  on  the  most  exigent  safety-related  issues.”



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.