New Rule Strengthens Certification Oversight and Accountability for EHRs

Share this story:

By Chuck Frederick, Senior Consultant

The Office of the National Coordinator for Health Information Technology (ONC) has issued a rule that strengthens its oversight of certified electronic health records (EHRs) and health information technologies (health IT). The new rule allows ONC to hold vendors accountable for non-conformity with certification requirements.

The rule was a surprise to many because it does not point to a smoking gun of widespread noncompliance by EHRs. However, we do hear that physicians are dissatisfied with their EHRs for many reasons, including challenges associated with EHR implementation and data exchange. We also hear interoperability is an issue. KLAS’ newly released 2016 interoperability report found many interoperability challenges across EHRs.  For example, only 28 percent of respondents could reasonably access information from exchange partners on a EHR. Only 8 percent of providers reported the ability to integrate the data they received into their workflow. Our observation of this report is that the issue may be one of a data availability or data quality, rather than a technology deficiency.

ONC is aware of those challenges. However, ONC’s motivation for this new rule apparently is good management and carrying out its statutory EHR certification and oversight responsibilities under two laws: the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Public Health Service Act. The final rule establishes a regulatory framework for direct review of certified health IT in keeping with ONC’s statutory obligations.

What the rule covers. The rule applies to noncompliance that poses risks to public health and safety and where there are circumstances present that provide challenges for ONC authorized certification bodies (ACBs). If non-conformities are found, ONC will require a corrective action plan, which will be made publicly available. In the worst case scenario, ONC will be able to suspend or terminate a certification issued to a Complete EHR or Health IT Module. Developers will be able to appeal such suspensions or certification terminations. ONC’s “direct review” process will focus solely on certified health IT and not on uncertified capabilities or other tools.

Additionally, the rule outlines the finalization of a “certification ban” on the future certification of a developer’s technology “when the certification of one or more of the health IT developer’s current Complete EHRs or Health IT Modules” experiences the following:

  • Termination by ONC
  • Withdrawal by an ONC-ACB because the health IT developer requested it to be withdrawn when the health IT developer’s health IT was the subject of a potential non-conformity or non-conformity as determined by ONC
  • Withdrawal by an ONC-ACB because of a non-conformity with any of the certification criteria
  • Withdrawal by an ONC-ACB because the health IT developer requested it to be withdrawn when the health IT developer’s health IT was the subject of surveillance for a certification criterion

The rule also updates ONC’s health IT certification program by outlining the agency’s ability to authorize and oversee accredited testing laboratories and by making identifiable surveillance results available.

What it means.  We think the new rule has a number of implications for EHR vendors.

  • There are hundreds of EHR vendors currently in the marketplace. In reality, few are likely to come under ONC’s direct review because their products pose a health and safety threat or create “challenges” for ONC authorized certification bodies.
  • That said, the rule is a strong warning to vendors who are non-compliant or who skirt compliance because there has not been an enforcement mechanism to date. The government is apparently very serious about its expanded role and responsibilities. It wouldn’t surprise us that direct review will be imposed on a vendor in the foreseeable future. Providers are very happy about this new rule and could point ONC to egregious examples of noncompliance.
  • Undergoing a direct review or termination from ONC could spell a public relations disaster. This in turn could impact sales and the company’s reputation. The provider community will be paying close attention to non-compliant vendors and their corrective action plans, not to mention terminations. Word will get around fast.
  • This could be another factor to drive consolidation of the EHR vendor market. Certified EHRs and health IT are becoming more and more essential as time goes on. They are required and integral to activities for physician reimbursement under the new final rule that implements the Medicare Access and CHIP Reauthorization Act (MACRA). It is a given that the government will require increased use of certified EHRs and health IT for Medicare and Medicaid as time goes on, which will spur other payers to follow suit. It is inevitable that increased functionalities and interoperability will be key to certification. Smaller vendors may struggle to meet the requirements in light of the unavoidable ratcheting up of federal regulatory requirements and those by private payers.
  • On the other hand, having and maintaining ONC certification could create competitive advantage. Providers have a right and an expectation to purchase products that perform as required. Vendors can leverage their certification to physicians who now, more than ever, will be on the lookout for products that meet ONC’s requirements.

Point-of-Care Partners are experts in EHRs and health IT. Contact us. I’d be happy to give you a deeper dive into the issues surrounding this new rule and potential solutions.

Chuck Frederick

Chuck Frederick

      Leave a Comment