- The Office of the National Coordinator for Health Information Technology (ONC) should encourage health IT developers to continuously improve products rather than employ punitive approaches to health IT certification, according to the Health Information and Management Systems Society (HIMSS).
In a recent letter, HIMSS provided ONC with feedback on its notice of proposed rulemaking for the ONC Health IT Certification Program: Enhanced Oversight and Accountability. The document serves as a guide for health IT certification programs and ONC’s role in issuing and terminating certifications of EHR systems and health IT modules.
“While the NPRM’s stated goals are to enhance program oversight and health IT developer accountability for the performance, reliability, and safety of certified health IT, HIMSS encourages ONC to use this rule to promote a climate of continuous improvement through policy actions rather than punitive approaches that focus on certification suspension and/or termination processes,” explained the letter.
The proposed rule reported that ONC is responsible for reviewing certified health IT, including evaluations of non-conformities with ONC’s strategic goals. Some examples of non-conformities include unprotected patient information, inadequate measures to ensure quality care, and incomplete HIE.
HIMSS stated that ONC should specify when the agency will intervene to correct non-conformities.
“HIMSS asks ONC to better define this high-level need for intervention by the agency so that the health IT community can better understand under what circumstances ONC would use this proposed authority, wrote the industry group. “HIMSS is hopeful that in clearly defining the need for intervention, ONC would create guidelines for when this new authority would be utilized.”
Instead of intervening in all possible risks to public health and safety, HIMSS suggested that testing laboratories report to ONC on projects, risk mitigation processes, and interventions, explained HIMSS. If non-conformities are evident in the report, then ONC can prescribe corrective plans or enforce disciplinary action.
Overall, HIMSS explained that the language regarding non-conformities should concentrate on the most pressing safety issues rather than encompassing all strategic goals of ONC as defined in the HITECH Act. ONC should focus on conformance rather than limitations, explained the letter.
If a non-conformity is identified in a certified EHR system or healthcare technology, ONC should initiate discussions with the developer, HIMSS pointed out.
“We encourage ONC to promote discussion between the developer and the ONC-ACB regarding complaints or surveillance-related potential nonconformities as a first step in determining whether a potential non-conformity notice should be issued,” stated the letter.
Under the proposed rule, ONC notifies developers of violations using a notice of definite non-conformance. HIMSS asserted that a notice of potential non-conformance is more appropriate and it would promote discussions with the developer.
In terms of punitive actions, HIMSS recommended that ONC suspend and terminate EHR and health IT certifications with discretion because decertification could significantly disrupt healthcare provider operations.
“HIMSS recommends that ONC or an ONC-ACB only consider suspension appropriate when an extraordinary, exigent, and unambiguous risk to public health and safety exists and the developer had a complete failure to cooperate,” wrote the authors of the letter.
In addition, HIMSS discouraged ONC from extending the suspension of a certain product to other products that the health IT developer is certifying in the program. Suspensions across products have the potential to interrupt provider workflows and health IT innovation.
HIMSS also explained that developers should make the correction available to its customer base for the suspension to be lifted rather than absolute implementation by all customers.
When it comes to terminating certifications, HIMSS urged ONC to reconsider termination as a first step.
“Complete EHR or Health IT Module certification termination seems draconian as, once certified, it would be unlikely that the entire product would be corrupted by an identified weakness or fault,” stated HIMSS. “The level of dependence on these systems for healthcare delivery—as evidenced by recent ransomware situations—reflects that greater harm could come from taking an EHR or Module offline rather than imposing a limited focus on correcting the problem or eliminating the faulty portion of the product to address the identified failure.”
Additionally, HIMSS encouraged ONC to redefine its appeals process with developers. The developer always has a right to a hearing with an independent hearing officer, according to the letter.
ONC should reassess its provision that the hearing officer must only judge the case based on information in the appeal request, wrote HIMSS.
With the transition to value-based care, more healthcare providers rely on certified health IT to implement care coordination and quality care. As HIMSS pointed out, EHR certification programs may need to focus on supporting providers and developers rather than punishing them for violations.