ONC to Provide Annual Guidance on Surveillance as Part of EHR Certification Process

EHR Certification and SurveillanceEHR Certification and Surveillance

William A. Hyman
Professor Emeritus, Biomedical Engineering
Texas A&M University, w-hyman@tamu.edu
Read other articles by this author

Last week’s ONC Health IT plan reported on HITECH Answers  reminded us that organizations that provide EHR certification with respect to Meaningful Use (ONC Authorized Certification Bodies (ONC-ACBs)) have an ongoing responsibility to conduct surveillance activities on EHRs that they have certified. The ONC intends to provide annual guidance to ONC-ACBs with respect to priority topics and specific elements of this surveillance that should be addressed in their required annual surveillance plans. Such guidance can include topics that are consistent from year to year, but also might include specific focus areas. Program Policy Guide (PPG) 13-01, which was announced on July 2, 2013, is the first such guidance.

This PPG includes a focus on complaints received by an ONC-ACB from users of an EHR it has certified. ONC-ACBs are to address in their plans how and when such complaints would require an evaluation of the EHR technology as implemented in the field, and describe how they systematically obtain and synthesize feedback from users of the EHR to determine if there are issues that should be addressed with the EHR technology developer (vendor), with users, or both. The PPG identifies four focus areas:

  1. exchange capabilities;
  2. safety-related capabilities;
  3. security capabilities; and
  4. population management capabilities

In addition, as indicated in the PPG, EHR vendors have to have an active complaint handling process, and the ONC-ACB must identify the extent to which the EHR vendor followed its own complaint process, and any observed deficiencies with its process.

There is also reference to complaints received directly by the ONC-ACB, but how it is that complaints would go directly to them rather than the vendor is not clear. What is also not clear is whether or not end users are adequately informed of the complaint handling process associated with their EHR, i.e. how complaints are to be recorded and to whom they should be sent. Furthermore, reporting of complaints is voluntary which may not be the most robust way to ascertain actual field experience. Aside from reporting to the vendor and/or ONC-ACB, an ONC FAQ says that all comments and complaints should be emailed to ONC. There is no prevision for public disclosure of EHR performance issues, nor even a formal requirement that complaints received from users have to be evaluated for the need to communicate the issues to other users. By comparison, it is mandatory for healthcare facilities and for manufacturers to report some adverse events for medical devices (which does not include EHRs) to the manufacturer and/or the FDA. Reports to the FDA are available in the public MAUDE database. For EHRs, ONC-ACBs are “strongly encouraged” to make surveillance results available to the public, but the format of such disclosure is not specified.

A curious limitation on the ONC-ACB’s reports is that when an ONC-ACB conducts surveillance of EHR use by a specific health care provider at their practice site, or where the ONC-ACB has reviewed complaints submitted to an EHR vendor by one or more healthcare providers, the ONC-ACB “should NOT under any circumstances include any information in its surveillance results that would identify the healthcare provider(s) or practice site.” Although not explicitly stated, this may serve to limit the reluctance of providers to report safety issues that they have not only discovered, but which may have manifested themselves as an adverse patient event. In addition, access to providers by an ONC-ACB does not appear to be assured.

EHR problems can compromise patient safety, and it is therefore important to have a functional system that collects, analyzes, disseminates, and corrects such problems. Whether a voluntary reporting system mediated through EHR certification organizations is such a system remains to be seen.