The U.S. Department of Health and Human Services' (HHS) Office of the National Coordinator for Health Information Technology (ONC) issued a final rule today that updates the ONC Health IT Certification Program which sets up a regulatory framework for ONC to directly review certified health IT products and gives the agency more direct oversight of health IT testing labs.
The new rules on oversight and accountability are designed to address issues of public health and patient safety and increase accountability and transparency into the surveillance of certified electronic health record (EHR) products, according to ONC officials.
According to an ONC press release, the “ONC Health IT Certification Program: Enhanced Oversight and Accountability” final rule will enable the ONC Health IT Certification Program to better support physicians and hospitals–the vast majority of whom use certified electronic health records (EHRs)– and the rapid pace of innovation in the health IT market.
As with the proposed rule, which HHS and ONC released March 1st during HIMSS16, the final rule will focus on three key areas—direct review, enhanced oversight and greater transparency and accountability.
According to an ONC fact sheet, the final rule updates the ONC Health IT Certification Program to provide enhanced oversight and health IT developer accountability. “Specifically, the final rule stands up a focused ONC direct review regulatory framework, aligns the testing lab oversight with the existing processes for ONC-Authorized Certification Bodies (ONC-ACBs), and makes a more comprehensive set of ONC-ACB surveillance results publicly available,” ONC officials stated.
The final rule will focus on three key areas:
Direct Review: Provides a regulatory framework for ONC to directly review certified health IT products and take necessary action in circumstances involving: (1) potential risks to public health and safety; or (2) circumstances that present practical challenges for ONC-Authorized Certification Bodies (ONC-ACBs)—such as when issues arise involving multiple certified functionalities or products that have been certified by multiple ONC-ACBs. The final rule also focuses on corrective action plans to address issues and includes an appeals process under the Program for health IT developers that have products under direct review.
Consistent Authorization and Oversight: Establishes a process for ONC to authorize and oversee accredited testing laboratories (ONC-ATLs) to align with ONC’s existing oversight of ONC-ACBs, and facilitates ONC’s ability to quickly, directly, and precisely address testing and performance issues.
Increased Transparency and Accountability: Makes identifiable surveillance results of certified health IT publicly available to advance ONC’s overall commitment to transparency and provide customers and users with valuable information about the performance of certified health IT, including illuminating good performance and continued conformance with program requirements.
The final rule will require ONC-ACBs to make identifiable surveillance results publicly available on the web-based Certified Health IT Product Lis (CHPL) on a quarterly basis. According to ONC, this information will also benefit health IT developers that perform well. “To date, ONC only lists corrective action plans for non-conformities on the CHPL. Through this final rule, ONC will provide more complete information that illuminates good performance and continued conformity with program requirements for certified health IT,” ONC stated.
As previously reported by Healthcare Informatics, in May, comments from health IT stakeholders on the rule became public, with concerns stemming regarding ONC’s ability to perform the above actions.
In a statement about the final rule issued today, Health IT Now Coalition executive director Robert Horne, said ONC “is clearly overstepping its statutory authority by moving forward with direct review of uncertified functionalities and products, in addition to certified products.”
“Our chief concern is the potential for negative consequences from the ONC final rule. Simply put, the Office of the National Coordinator for Health IT was not created by Congress to be a regulator like the Food and Drug Administration (FDA),” Horne said in his statement. “By focusing on safety issues, ONC is encroaching on the regulatory functions of other federal agencies like the FDA. The FDA, Congress, and other stakeholders have been working for many years to strike an appropriate balance between supporting innovation and regulatory clarity for health IT products. Much progress has been made, with more work needing to be done. This ONC action has the potential to negatively impact those efforts, create confusion in the marketplace, slow innovation, and adversely affect patient safety by impeding access to health IT products.
Health IT Now also stated that it is urging the White House to reconsider this approach. “We also urge Congress to use its authorities to prevent this rule from being implemented, including the withholding of appropriations,” Horne said.
The College of Healthcare Information Management Executives (CHIME) released a statement about the final rule: “CHIME appreciates that steps that the agency is taking to increase transparency of health IT performance. Hospitals and clinicians must have confidence that the products they purchase work as intended and do not pose a significant risk to patient safety or public health.
In a small briefing with health IT trade press last month, Vindell Washington, M.D., national coordinator for health IT, defended the ONC’s role in overseeing and reviewing EHR and other health IT products. As reported by Healthcare Informatics Managing Editor Rajiv Leventhal, Washington said the concept behind the regulation is to “make sure that the products providers are using to care for folks meet certain standards, and as that matures, and you’re in the second or third cycle, the structure behind it needs to mature as well.” Washington added that ONC “needs a little ability to do direct oversight of actual certification,” noting that the agency has “left optimal oversight into the testing that goes along with the certification, and “we want transparency on the surveillance side.” He said, “It’s fairly driven by a maturation of the program and a maturation of the environment.”
What’s more responding to criticism that the rule is an overstep of ONC’s authority, Washington said, “It falls within the realm of ONC’s role as initially defined. We have relationships with certifying and testing bodies, but at the time that was the right structure for that current level of maturity. Making that choice at that point of time didn’t narrow the possible implementation strategies that could be used in the future.” He added, “That was a delegation that was done for that particular time in the market, and I would say rightly so.”
Leventhal also reported that Washington further noted when pressed again about Congressional backlash to the rule, particularly with a new Administration forthcoming, “If we were in a different environment, we might think differently. At this point in time, though, I can’t imagine a space where ONC’s role would be anything less than vital to the Administration’s priorities around these things.” He added, “There is a long opportunity in front of us to push these interoperability measures and standards for it, to push for information sharing. The certification rule is a way to ensure that providers, whether it’s their first second or third EHR that they’re purchasing, have full faith and confidence in their capabilities to care for patients.”
In a blog post about the final rule, Elise Sweeney Anthony, director, office of policy at ONC, wrote, “We know that the ONC direct review regulatory process provisions have received a fair amount of interest. For example, in response to stakeholder comments, the final rule focuses on risks to public health or safety, as well as circumstances that present practical challenges for ONC-ACBs.”
In the blog post, Anthony outlined key points of the ONC direct review provisions. She wrote that in order for ONC to properly evaluate certified health IT, the agency may have to look at whether certified health IT fails to perform as it should when it interacts with uncertified capabilities within the product or with other technology. “In these situations, ONC’s actions under the direct review process would focus on the certified health IT and not on the uncertified capabilities or other technology,” she wrote.
And, where direct review reveals a problem with certified health IT (a non-conformity), ONC will provide direction to and work with developers on comprehensive corrective action plans. If these corrective action plans are not implemented or do not resolve the issue, similar to the ONC-ACB approach in addressing non-conformities, ONC may seek to suspend and/or terminate a certification if necessary, Anthony wrote. Additionally, the direct review process includes opportunities for developers to respond to ONC concerns, and to appeal suspension and termination determinations made by ONC.
As part of corrective action plans that may result from direct review, developers must notify all potentially affected customers of the non-conformity and the plan for a resolution. In addition, developers must notify customers when the certification of their health IT is suspended or terminated, which ONC will also post on the ONC Certified Health IT Products List. Further, ONC will coordinate with other Department of Health and Human Services programs, such as the Medicare and Medicaid Electronic Health Record Incentive Programs, to help identify and make available appropriate remedies to users of terminated certified health IT.