EHR Certification Paths Differ
Bambi Rose, RHIT
President and CEO of BLR Solutions, LLC and former Testing and Certification Program Director for the CCHIT
On yesterday’s MU Live! webcast former CCHIT Testing Director Bambi Rose discussed alternative EHR certification paths and fielded questions from our audience. Here’s a recap of the Q&A.
Question: If a provider uses self-developed or uncertified vendor technology at their facility can they get it certified themselves to meet the requirement of “certified technology” to qualify for the Meaningful Use incentives?
Answer: Yes, the Temporary Certification Program Final Rule is not specific as to who may bring EHR technology for testing and certification by an Authorized Testing and Certification Body (ONC-ATCB). Any individual healthcare provider or organization may bring implemented EHR technology to an ATCB to be tested in place as either a Complete EHR (meets all of the criteria) or an EHR Module (meets some of the criteria). Most ATCB testing is performed virtually using a web-demonstration to keep expenses down.
a. The provider site should review their uncertified technology against the requirements for each criterion they are planning to test against since partial compliance will disqualify technology from testing. To understand the full testing requirements for each criteria it is helpful to review the ONC approved Test Procedures published by the National Institute of Standards and Technology (NIST). Look for the “Approved Test Procedures Version 1.1”.
b. All technology, even EHR modular technology being tested against one criterion, must also test against the Security and Privacy criteria. ONC established this base requirement that all certified EHR technology must also be compliant with the Security and Privacy criteria. If a provider site is using the security functions of a vendor certified system, the provider site must still demonstrate the security criteria requirements successfully during their EHR technology inspection.
c. ONC developed the modular EHR certification approach to accommodate specialty and small vendor products that fill a specific need. This Modular EHR certification approach results in separate testing for each criterion. In other words, there is no integration testing required between modules of an EHR technology at the present time.
Question: If an HIS vendor certified their product as a “Complete EHR”, are providers obligated to own the complete package (everything) even though they don’t use all of it and have substituted another vendors certified “Modular EHR” to meet some of the criteria?
Answer: ONC has clarified that using technologies that duplicate or overlap capabilities (using two products to meet the same criteria in an organization) is acceptable as long as both are certified. However, until recently, ONC had not answered the question as it relates to “substituting” another certified technology for part of a Complete EHR or Modular EHR certified product. Their response clarifies that providers must “possess” all the pieces of a certified technology in order to claim certification of any of the pieces. Essentially, what ONC and CMS have stated is this: “We consider “possession” of certified EHR technology to be either the physical possession of medium on which a certified Complete EHR or combination of certified EHR Modules resides, or a legally enforceable right by an Eligible Hospital or Eligible Provider to access and use, at its discretion, the capabilities of the certified technology”. This response has caused a return to negotiations between providers and vendors to make sure they meet the intent of this clarification in their legal contracts. Many vendors have declared that they would have taken a more Modular approach to certifying their products (vs. Complete EHR certification) if they had been made aware of this clarification earlier on in the certification process.
Question: If a provider has several interfaces between the various technologies installed in their organization, is it necessary to certify each of these interfaces?
Answer: It depends on whether the interface is used to meet a specific requirement outlined in the Test Procedures for the criteria. For example, if an interface is used to connect and transport data between two separate EHR modules, but is not required to demonstrate functionality specific to either module under the certification criteria, the interface would not need to be tested. If, however, the interface was used to meet the requirements of a criterion, for example, by creating the proper structure and format of a required file or by transmission of a file in a standard format according to the criteria, then the interface would be tested as a part of the EHR technology.
Question: If a provider has some small feeder systems that send data to their main EHR or to the Data Warehouse, do these source data systems need to be certified?
Answer: If the source system is providing only data and is not performing a function to meet a requirement in the Test Procedure or criterion it would not need to be evaluated during the testing process. (For example, systems that feed a Data Warehouse would likely not need to be tested). Of course, if the EHR technology being tested is dependent on the source data system to carry out a part of the successful demonstration of the Test Procedure, the source data system may be tested “incidentally” and would need to be disclosed to the ATCB as “additional software used to help the EHR technology meet the criterion”. EHR Technology should be able to demonstrate that it can continue to be compliant with the certification criteria it is testing against even if the data source system changes.
Question: Most hospital systems include a number of EHR Modules with specific version numbers associated with them (i.e. Lab version 1.1, pharmacy version 5.4). What happens if the vendor comes out with a new version of the EHR Modules and we upgrade to the new version?
Answer: Vendors who certify products under the ONC Temporary Certification Program MUST report new versions to their ATCB with clear documentation regarding what has changed in the software. The ATCB must perform due diligence to evaluate whether compliance with the certification criteria has been affected. The ATCB may either retest the product or they may grant “inherited” certification to the new version of the product if they are convinced compliance was not affected by the change. Once certification is granted to the new version, it is reported to the ONC and placed on the Certified Health IT Products List (CHPL) where providers may select it to submit their documentation for Meaningful Use incentives.
Are you a vendor, consultant or IT service provider? Place a listing in our Health IT Marketplace.