How ONC Ensures Certified Health IT Conformance Post Lab-Testing

ONC aims to help ensure certified health IT remains compliant with program requirements after certification testing through a conformance review process.

When end-users report suspected issues with certified health IT – sometimes called “non-conformities” – a developer can demonstrate commitment to the end-user experience and patient safety through a corrective action plan (CAP), ONC officials Pablo Ardaya, Laura Urioste, and Christopher Monk noted in a HealthITBuzz blog post.

CAP documents highlight developer efforts to notify affected end users and remedy any technological problems.

End-users have reported 993 certified health IT non-conformities to ONC since 2016, and two certified health IT products currently have open non-conformities. These open non-conformities and some associated information related to compliance activities can be found on the CHPL’s Corrective Action Status page.

“Public reporting of non-conformities provides market transparency to hold developers accountable to their certification-related obligations,” the ONC officials noted.

End-users should take three steps if they are concerned about certified health IT conformance, according to the blog post.

First, end-users should work with their health IT developers to resolve any issues of potential noncompliance with certification requirements.

“Reaching out to the developer is always the best first step,” the officials wrote. “The health IT developer will be able to provide the timeliest corrections and can address end-user concerns or suggestions for improvements beyond the scope of certified capabilities.

“End users have firsthand experience with their certified health IT and are often best positioned to identify issues with it,” they added. “Thus, end-user feedback and complaints are a primary source for ONC when it comes to flagging potential issues with certified health IT.”

If the developer cannot resolve the issue, the customer or end-user should then contact the ONC-Authorized Certification Body (ONC-ACB).

“Once contacted, the ONC-ACB will conduct a thorough review of the complaint(s), work with developers and end-users to understand the nature of the complaint, and determine if it relates to the scope of the capabilities to which the health IT was certified,” they explained.

If the complaint is related to a certified capability, the ONC-ACB will review the certified health IT’s conformance to specific regulatory requirements.

“End users should plan to provide the ONC-ACB with supporting information so they can fully assess the issue(s) and work with the developer to remediate the identified certification issues for all impacted end users,” the officials said.

If neither preceding steps remedy the issue, customers and end-users may provide feedback to ONC via the Health IT Feedback and Inquiry Portal.

End-users looking to report issues with their certified health IT should select the option under the “Complaints” section for “Certified Health IT,” and then fill in the form with the requested information providing as much detail and documentation as possible.

Since 2017, ONC and the ONC-ACBs have reviewed and acted on 383 complaints regarding certified health IT products.

Some certification requirements are beyond an ONC-ACB’s scope and ability to enforce, including those related to compliance with the new Conditions and Maintenance of Certification required by the 21st Century Cures Act.

Where a potential non-conformity is outside an ONC-ACB’s scope or ability, ONC may choose to directly engage in oversight action related to certified health IT and developers of certified health IT to ensure conformity to Certification Program requirements.