Getting “the CCHIT question” wrong

Matthew Holt

There’s been a lot of blather from one commenter (who may or may not be a front for a group of  malcontents) on the WSJ Health Blog and lots of other blogs about CCHIT and whether it was doing business without a license in Chicago, and/or was a front organization for HIMSS or EHRA. All summarized on Neil Versel’s blog. Indeed I did get a call from one well known blogger telling me that HIMSS’ lawyers had asked for him to take those comments down—not too bright a piece of PR on HIMSS’ part IMHO.

MrHISTalk thankfully did what I certainly could not be bothered to and actually looked into the “CCHIT is not a licensed corporation” situation and figured out that it’s basically being run legitimately. I myself cracked the joke privately that if CCHIT/HIMSS/EHVRA/Leavitt et al had only managed to get $2m (or $7m for that matter) out of the Bush Administration, they needed to go to the Haliburton school of “how to stick it to the taxpayer properly.”

The other wisecrack I’ve heard is that  the way to determine the list of functions an EMR needs to have to get CCHIT certified was to copy the feature set of Allscripts TouchWorks. (Of course you can insert the name of any of the other big EMR vendors here too).

OK, so we’re kidding around here, but underneath this discussion are some serious points. And those serious points have got little to do with what has indeed been a pretty close relationship between the powers that be at HIMSS,EH(V)RA, CCHIT & HITSP.

In any case I assure you that the back room dealings and conflicts of interest are nothing compared to how the rest of the Federal government has colluded with industries it regulates for the last 8 years. The money given from ONC to CCHIT wouldn’t even be a rounding error on what’s been completely lost in Iraq in cash in suitcases. let alone what Blackwater, Halliburton et al have stolen, And there’s no evidence that the Feds didn’t get what they/we paid for from CCHIT, which is a certification process.

So if this is a non-story, what are the actual issues?

1) Part of the justification for a certification process is that there is a great deal of fear and trepidation among physicians who have heard the horror stories about EMR implementations, and are now being bribed (and later to be threatened) by the Federal government into installing EMRs. Given the plethora of vendors out there, and the fact that these providers are more or less Federal contractors who tend not to understand IT, it’s not unreasonable to suggest that the Federal government (or someone) gives authoritative guidance as to what’s a robust system that has the right features and functions. Remember that the nation’s biggest and richest integrated provider organization trashed not one, but two national investments in EMRs before getting it right at try three. Having recalled that it becomes reasonable to agree that most providers need some help. And of course there is some slight protection for the taxpayer if the providers who are about to get their $40K have to do more than just claim that they bought an EMR from Sonny on the corner.

2) Of course once you say that the Federal government will pay out only to those purchasing certified products you then run into two other problems. First, the certification process is going to get somewhat politicized. Despite all the yakking about “volunteers” on all these committees, what we’re talking about is the people with a deep interest in EMRs et al being those “volunteers” and of course they are mostly from the vendor side or users who know the vendors well. I don’t see a way around that unless we really want to develop a civil service that has expertise in health care IT and also is prepared to stay in the job for 30 years like they do in Japan. Second, by its very nature the certification process is likely to run behind the development of technology, which means that vendors building for the certification process are like teachers prepping students for tests, not creating innovations. Again that may not be a terrible thing, but it’s not how innovation works in most other industries. (John Moors at Chilmark has a rather blunter, bleaker assessment of how this might work out)

3) And of course, the reason that you don’t see Federal certification of, say, MP3 players or automobiles is that there’s a somewhat effective market there that means that innovation and user experience gets rewarded. Make a confusing MP3 player, you don’t move the needle much. Figure out how to make it easy and elegant and you’re called Steve Jobs and you sell a gazillion iPods a year. Health care doesn’t have such a market, or even rationally managed incentives from its Federal paymaster.

So I don’t have the answer, but I do have the question. And it’s the same one being posed by the Dogs, in response to the Cats. Can we realistically expect CMS and the rest of the big payers to start rewarding providers for producing the correct outcomes. If we paid for outcomes, providers would change their organizational structure, and their processes, and the technology they use. The ones that worked would succeed and the others would go away. That’s how a market works. And that would create lots of interesting technological innovation of the type that is already happening in the consumer health arena in Health 2.0.

But (beware: run-on sentence coming up so take a deep breath) if we realistically can’t get to some massively enhanced version of pay for performance very soon, and instead are going to insist that providers use EMRs or something like them and the Feds will pay them for it, and we are happy to declare that that solution is as good as we’re going to get while we work on wider health system reform later, then I don’t think that we can complain about the CCHIT process too much. We have to accept that the Feds are going to put a stake in the ground somewhere as to what is an acceptable technology to reward. And those rewards are not going to be market or outcomes-based yet.

So the ultimate question, is what’s the time-scale for junking our stupid current health care incentives and finance system? And the answer is, not in the next 2–3 years.

Which means that if we’re paying directly for technology (which we are as the law is now passed), a certification process is a necessary evil to help providers and to make sure that the tax payer isn’t being defrauded (see we’re back to Iraq again!).

Of course, this doesn’t mean that the certifiers shouldn’t be made to appear to be (as we;; as actually be) completely above board and be watched like hawks to make sure that they’re not putting too many restrictions on smaller companies or discriminating against them. And maybe that kind of oversight demands that we see greater separation between the HIMSS/EHRA/CCHIT/HITSP/ AHIMA players, which would fit in with Obama’s “no lobbyists in the Administration” line.

But I can’t see that this is an issue for anyone to go to the barricades about. And in the end if CCHIT helps providers get better tools than they have now, it’s probably a net positive—even if it may prevent greater innovation happening faster.

8 replies »

  1. I developed my own EHR which I used in the eighties until now. It is obvious to me that the main problem is getting a system to be universally compatible, i.e. able to be accessed by others without too much hassle. Otherwise, the technical details are seemingly straightforward. Having companies without appropriate expertise in software in charge of the coordination is not a good idea. Physician input must be supported. Why bother to charge for this coordination? Answer: Physicians are usually easy marks.

  2. Harvard Journal of Law & Technology
    Volume 22, Number 1 Fall 2008
    Sharona Hoffman & Andy Podgurski
    p. 132
    3. The Current Oversight System: CCHIT
    To its credit, the HIT industry has engaged in an effort to selfregulate,
    particularly through the Certification Commission for
    Healthcare Information Technology (“CCHIT”).181 However, this
    initiative falls far short of providing comprehensive oversight for
    EHR systems. CCHIT, a private-sector organization, was created in
    2004 and is composed of three HIT industry associations: the American
    Health Information Management Association; the Healthcare Information
    and Management Systems Society; and the National
    Alliance for Health Information Technology.182 HHS awarded CCHIT
    a three-year contract in September 2005 with a mandate to develop
    certification criteria and an inspection procedure for EHR systems in
    the areas of office-based ambulatory care, inpatient care, and interoperability.
    183 CCHIT has certified over fifty ambulatory care EHR systems
    and a dozen inpatient systems under its 2007 criteria.184
    Applicants must pay CCHIT for certification,185 and ambulatory care
    products are certified for a period of two years,186 during which
    CCHIT monitors product changes187 and requires recertification for
    products that have been significantly modified.188
    CCHIT, however, is an industry-run organization, and its certification
    criteria are vulnerable to criticism as being excessively favorable
    to vendors. There are several areas of concern. First, prior to
    product testing, applicants are able to access the criteria, testing scenarios,
    and test scripts on CCHIT’s website.189 Vendors, therefore,
    need not be prepared for unanticipated tests that might reveal flaws in
    the system that they did not encounter in practicing the testing scenarios.
    Second, all testing for clinical functionality, interoperability, and security occurs during one day.190 Consequently, inspectors do not
    observe the system operating over time and in a variety of usage environments.
    Third, the certification jury is composed of “three clinical
    experts, at least one of whom must be a practicing physician.”191
    However, jurors cannot confer or deliberate during the demonstration
    or voting process,192 so they cannot draw each others’ attention to
    concerns or product shortcomings.
    CCHIT’s single day of testing is particularly troubling because
    experience indicates that it is unlikely to detect many significant reliability
    and safety problems. Though there are many examples, a series
    of incidents involving the Therac-25 radiation therapy machine vividly
    illustrates this point. Between 1985 and 1987 six patients died of
    massive radiation overdoses caused by software defects.193 The machine
    had passed safety analysis in 1983, which did not include software
    testing, and it was not recalled until after the sixth incident in
    1987.194 Likewise, flaws in EHR systems may not be initially obvious
    but could cause life-threatening errors after a period of time. Such
    errors could include deleting or incorrectly recording information
    about patient allergies, lists of medications already prescribed to a
    patient, or electronic medication orders. Patients who receive incorrect
    medications or drug dosages may well suffer serious or fatal
    CCHIT published final 2008 criteria for ambulatory care EHR
    products.195 These documents are substantial and cover many important
    areas. However, they also leave significant gaps. For example,
    they do not specify requirements concerning the reliability196 or safety197
    of EHR systems.198
    CCHIT, in fact, recognizes some of its own limitations. Its Certification
    Handbook states:
    [O]ur criteria at this point can only represent broad,
    basic capabilities, and . . . these may prove insufficient
    for some practice specialties, or may be inappropriate
    or excessive for others; . . . our criteria do
    not assess product usability, implementation service,
    product maintenance, technical and application support;
    and other facts.199
    Admittedly, EHR systems could be required to have almost endless
    capabilities. Determination of which capabilities should be required
    will necessitate careful deliberation and input from many interested
    parties, including physicians, patient representatives, public interest
    groups, and academic researchers.

  3. I agree with the need and support CCHIT. Health care is desperately In need of change. You can’t change what can’t be measured. Without true information exchange, there can be no change. What I disagree with is the current CCHIT process allowing OPINIONS held by representatives of a minority of a subset of the community to make decisions for the majority. An evidence-based approach would ideally be applied to each required, functional element. It is often pointed-out that it would be very difficult, and take too much time, to collect the evidence as to the benefits of this or that required EHR functional element. I agree. With the lack of time and process to analytically collect the evidence, I propose an alternative. Each and every EHR functional element that is REQUIRED for ambulatory EHR certification should be subject to a veto by a review committee that is derived from those representing the >70% of the public. If it does not pass the review committee, then move that element into an extension that applies to “enterprise” EHR system certification. I generally don’t see much disagreement between the subset of a minority and the majority based on the definition of what the end results should be. What I do see is a tremendous gap in understanding the practicality of the means.

  4. I don’t think we are getting the CCHIT question wrong.
    I think we are getting the certification question wrong.
    EMRs are software applications that are meant to aid physician practices in their daily work. Goes without saying that they need to be effective, flexible, user friendly and affordable for every physician. This is not something you can “certify”.
    What one physician regards as user friendly, another may regard as a hindrance. For a fast typist, an EMR that requires a lot of typing would be user friendly. For me, it would be a nightmare, since I cannot type very well; I’d rather use the mouse and click on boxes.
    Flexibility can take an infinite number of shapes and forms, as many as the human mind can accommodate.
    Affordability depends on the buyer. For a 40 docs clinic in an affluent suburb, $250,000 maybe affordable. For a solo practitioner in rural Missouri, $250 may be more than she can spare.
    Interoperability is a relatively new addition to what we need EMRs to provide. Interoperability should be, and is indeed, certified by those who “interoperate” with your EMR. SureScripts/RxHub certify interoperability with pharmacies, FREE of charge, every day. LabCorp and Quest certify interoperability to reference labs, FREE of charge, for any willing EMR. Interoperability with other EMRs and hospitals is being worked on by some EMRs every day. The “certification” occurs when the interfaces are turned on and data flows between partners.
    So should we (the Feds) stay out of the certification business? The answer is NO. We should certify standards of communication. By creating, adopting, maintaining and certifying standards, a government group can help accelerate the efforts to connect our medical records repositories and provide high availability clinical information on demand.
    It may not be as lucrative as what CCHIT is doing now, and planning to do in the future, but it will constitue an actual contribution to the, so called, HIT vision.
    As to the Feds that are paying, or attempting to pay, for all these EMRs, I suggest that they pay for results, not the means to achieve them. I think we are all past 4th grade math and we shouldn’t have to “show our work” if the final answer is correct. Meaningful use of an EMR is meaningless.
    If the Feds want to oversee their investment in HIT, they should spend some of the funds on creating and supporting a standards committee. If they want to help physicians in their quest to find the perfect EMR (for them), then maybe dedicate some funds to a consulting office to come up with some basic recommendations for what to look for, and maybe even provide on demand guidance and answers to doctors; someone that can give impartial advice, someone free of bias and completely devoid of any financial considerations. Not very likely, I know….
    So let’s just stick with establishing standards of communication and measuring outcomes. Let the market do its own thing. It works for EMRs as well as it does for MP3 players.

  5. The idea of a certification process for EMR and EHR is a sound one; it’s just a shame that CCHIT certification doesn’t measure ease of implementation, which is one aspect of an EMR or EHR that is hugely influential in determining whether it is successful in streamlining clinical operations and increasing a practice’s revenue or whether it ends up being a painfully expensive experiment that the practice has to shelve after just a couple of months. The “stake in the ground” approach that you mention is all very well – but even without considering patient outcomes, there are ways of measuring whether an EMR has been designed in a vacuum (albeit a vacuum that considers functionality, interoperability and security) or whether it is designed with practicality in mind, and is flexible enough to adapt to the needs and workflow of the practice. Additionally, the quality of the training program has a big effect on how difficult it is to adopt an EHR. Hopefully the increased scrutiny will lead to CCHIT measuring more than just features – this will level the playing field and ultimately ensure that physicians looking for a certified product will have a wider choice of better products from smaller, more innovative vendors as well as the industry giants.

  6. CCHIT has developed a feature set that tries to get other EHRs to “look like me” (read that: Allscripts, NextGen, or any of the other client/server template-oriented EHRs). By focusing on the criteria domains of (1) functionality (features), (2) interoperability, and (3) security, and by charging a substantial fee for EHRs to undergo certification testing, the CCHIT certification effort has resulted in what we have today – expensive, entrenched systems with very low adoption rates across the landscape.
    What I would propose is an alternative set of certification criteria: (1) Usability, (2) Interoperability, and (3) Affordability. I believe that Usability – measured by the effectiveness, efficiency, and satisfaction of completing a set of tasks – can subsume “functionality”. Interoperability is key going forward. And Affordability is perhaps the biggest driver of EHR adoption and should be a factor in considering such systems.
    Under HITECH, the NIST has the remainder of this year to come up with a set of EHR certification criteria. My hope is that they won’t simply adopt the criteria used by CCHIT (regardless of what happens to CCHIT as an organization), but instead will implement something more along the lines of Usability / Interoperability / Affordability.

  7. The amount of money being allocated for EMR is obscene. If done propertly, the EMRs can be developed and implemented in less than 1 billion USD. In the times of economic crisis and so much going on in wall street, these types of short sighted waste is unbecoming to our government and corporations.
    Can they not find smarter people to do more productive work? EMR success lies in mapping the future, creating the standard definitions and program managing the development. Are we creating another SAP/Oracle which costs in millions to touch?