ONC clarifies EHR certification program, seeks more public comments
All three rulemakings have been published and comment periods have ended for the meaningful use NPRM and the interim final rule on standards and implementation specification and certification criteria, said Posnack.
The purpose of the Certification Program NPRM is to establish the process for the National Coordinator to “authorize” organizations to perform health IT testing and certification as well as to specify how complete EHRs and EHR modules would be tested or certified, he said.
Posnack stressed that the program is voluntary but noted the potential consequences for vendors. “No one is mandated to get certified. Of course, if you want to be able to sell your products to potential eligible hospitals or eligible professionals [who] need to use certified EHR technology, it’s a pretty good idea,” he said.
The Certification Program NPRM, published on March 10 and currently in an open comment period, proposes two programs. “We’ve included our proposals in a single NPRM but we anticipate finalizing our proposals in two separate final rules,” Posnack stated.
ONC plans to issue a final rule for the temporary certification program synchronously with the final rules for meaningful use stage 1 and standards and certification criteria, he said. The permanent certification program is anticipated to be finalized in the fall.
“We expect the temporary certification program to be operational and certify complete EHR and EHR modules for meaningful use stage 1. The permanent certification program would be implemented sometime before meaningful use stage 2 starts to make sure products are certified to meaningful use stage 2 in some advance time period,” Posnack said.
“When we go to finalize the final rule for the permanent certification program, we will take into account all comments received from day one to day 60," he said. "Therefore, depending on the approach that we need to take in our temporary certification program, we may defer certain temporary programmatic aspects to the permanent certification program but those will be policy decisions that we need to take heed of and consider based on the public comments we’ve received."
Posnack specifically asked for public comment about when privacy and security requirements should be applied to EHR modules in the temporary certification program.
Currently, in the NPRM, EHR modules must be tested and certified to all privacy and security certification criteria EHR unless EHR modules are presented as a pre-coordinated, integrated “bundle,” an EHR module is presented that it would be technically infeasible for the EHR module to be tested and certified in accordance with some or all certification criteria or an EMR module is demonstrated that is designed to perform a specific privacy and security capability.
Public comment on the proposed rule for establishing certification programs for health IT is encouraged to consider formal input from a variety of stakeholders, according to Jody Daniel, director of policy and planning at the ONC. Daniel noted that the temporary certification program’s 30-day comment period ends April 9 and the permanent certification program’s 60-day comment period ends May 10.
The Certification Program NPRM and Posnack's presentation slides can be found on the Department of Health and Human Services' health IT portal here.