Uncategorized

Finally, A Reasonable Plan for Certification of EHR Technologies

A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA). It may not be as critical as the larger health care reform effort or as entertaining as Sarah Palin, but it WILL matter to hundreds of thousands of physicians, influencing how difficult or easily those in small and medium size practices acquire health IT. And indirectly for the foreseeable future, it could affect millions of American patients, their ability to securely access their medical records, and the safety, quality, and the cost of  medical care.

Three weeks ago, on July 14-15, 2009, the ONC’s Health IT Policy Committee held hearings in DC to review and consider changes to CCHIT’s current certification process. The Policy Committee is one of two panels formed to advise the new National Coordinator for Health IT, David Blumenthal. In a session that was a model of open-mindedness and balance, the Committee heard from all perspectives: vendors, standards organizations, physician groups, and many others.

And then, on July 16, they released their final recommendations on what is now referred to as “HHS Certification.” The effects of their recommendations – these are available online and should be read in their entirety to grasp their extent – are potentially monumental, and could very positively change health IT for the foreseeable future.

At the heart of these hearings was the issue of who will define the certification criteria and who will evaluate vendors’ products. Among many others, we have voiced concerns that the Certification Commission for Health Information Technology (CCHIT), the body currently contracted by HHS to perform EHR certification, has been partial to traditional health IT vendors in defining the certification criteria, and in the ways certification is carried out, and thereby able to inhibit innovation in this industry sector. Despite its leaders’ claims that the certification process has been developed using an open framework, CCHT’s obvious ties to the old guard IT vendors have created an overwhelming appearance of conflict of interest. That appearance has not been refuted by CCHIT’s resistance to and delays in implementing interoperability standards, or by its focus on features and functions over safety, security, and standards compliance.

In the hearings that led to the recommendations, longtime IT watchers were treated to some extraordinary commentary, much of which dramatically undermined CCHIT’s position.

“HHS Certification means that a system is able to achieve government requirements for security, privacy, and interoperability, and that the system would enable the Meaningful Use results that the government expects…HHS Certification is not intended to be viewed as a ‘seal of approval’ or an indication of the benefits of one system over another.”

In other words, as the definition of Meaningful Use is now tied to specific quality and safety improvements and cost savings that result from health IT — among them e-Prescribing, quality and cost reporting, data exchange for care coordination, and patient access to summary health data — HHS Certification will closely follow. Rather than pertain to an EHR’s long list of features and functions, some of which have nothing to do with Meaningful Use, certification will be focused on each IT system’s ability to enable practices and hospitals to collect, store, and exchange health data securely.

Who Determines the Certification Criteria

The Office of the National Coordinator – not CCHIT – would determine certification criteria, which “should be limited to the minimum set of criteria that are necessary to: (a) meet the functional requirements of the statute, and (b) achieve the Meaningful Use Objectives.” As regulator, funder for this project, and a major purchaser of health services, the government, not users or vendors, will now determine HHS’ Certification criteria.

A New Emphasis on Interoperability

“Criteria on functions/features should be high level; however, criteria on interoperability should be more explicit.” That is, functions/features criteria will be broadly defined, but there will be a greater focus in the future on the specifics associated with bringing about straightforward data exchange.

Multiple Certifying Organizations

ONC would develop an accreditation process and select an organization to accredit certifying organizations, then allow multiple organizations to perform certification testing. In other words, the Committee recommended that CCHIT’s monopoly end.

Third Party Validation

The “Validation” process would be redefined to prove that an EHR technology properly implemented and used by physician or hospital can perform the requirements of Meaningful Use. Self-attestation, along with reporting and audits performed by a Third Party, could be used to monitor the validation program.

Broader Interpretation of HHS Certification

HHS Certification would be broadly interpreted to include open source, modular, and non-vendor EHR and PHR technologies and their components.

These bold, forward-thinking proposals from the HIT Policy Committee have not been accepted yet. But in our opinion they should be. These measures would encourage new technologies to enter the market for physician medical practices seeking EHR technology, and wrest control away from the legacy health IT vendors that have maintained barriers and delayed adoption, so you can be sure that the old guard players are doing everything possible to have them rejected.

But these are hugely progressive steps in the right direction, toward allowing HIT to enable improvements in care and cost efficiencies that would be in the best interests of users and the public at large. If implemented, the changes recommended by the HIT Policy Committee would create greater choice, more standardization, lower price, less interruption of the practices — as well as a check from CMS or Medicaid each year to help smooth the implementation, starting in 2011.

David C. Kibbe MD MBA is a Family Physician and Senior Advisor to the American Academy of Family Physicians who consults on health care professional and consumer technologies. Brian Klepper PhD is a health care market analyst. Their collected collaborative columns may be found here.

Livongo’s Post Ad Banner 728*90

28
Leave a Reply

28 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
15 Comment authors
User CentricMD as HELLElizabethhionithosp exec Recent comment authors
newest oldest most voted
The EHR Guy
Guest

MD as HELL, Nationwide EHR? You’re being facetious, right? We won’t be able to tap into 20% of the over 80% of hospitals currently without an EHR so I wouldn’t worry about a universal EHR until way after 2050. And I guess that won’t be our problem, will it? Unless you believe in reincarnation, of course. The first step is getting EMRs into hospitals and physician practices. This task alone is daunting. Many will be tossed out the door before completing implementation and hospitals will prefer the penalties than lose millions in futile efforts. The next task is giving EHR… Read more »

Alexander Saip
Guest

Should we abandon electric power because of the risk of being electrocuted? I have already responded to justine’s comment about technology being sometimes blamed for the failure to establish proper protocols or to follow them. I am sorry about your hospital’s network having been compomised. Actually, it makes me even more convinced that a nationwide system can provide better protection to patient information than a bunch of sloppily managed IT shops. I haven’t seen any reports about hackers breaking in to the Google or Microsoft PHR systems.

MD as HELL
Guest
MD as HELL

Ever hear of Carnivore?
Ever hear of J. Edgar Hoover?
Ever hear of a hospital system being really secure? At this time my hospital system is infected with a virus.
Do you think a nationwide EHR will not be a target of hackers smarter than usual IT people?

Alexander Saip
Guest

MD as HELL, it’s up to the patient to decide who he/she wants to share their medical records with. Privacy, security and consent management considerations are at the heart of any EHR and HIE project. Why do you think that patient information is going to be published on the Internet for everybody to see? Are you familiar with the Google Health and Microsoft HealthVault systems?

User Centric
Guest
User Centric

User Centric will be hosting an event in Chicago on September 3rd about this topic. For more information, check out the website: http://www.hit-usability.com.

MD as HELL
Guest
MD as HELL

Medical records are part of the doctor -patient relationship and are PRIVATE.
If you think anyone in their right mind is going to allow their private medical info out on a nationwide database for all to see you are CRAZY!! They will not tell anyone what a doctor needs to know about their problem!!
Here ends the lesson.

Elizabeth
Guest

First, I’d have to agree with Alex’s comment about when something goes wrong. If everything is set up correctly, it is more common that a human will make the error (such as a security breach or improper use of information) than the technology.
Second, the focus interoperability is a must. With so many EHR technologies out there, there needs to be a consistency and greater interoperability between them.

Alexander Saip
Guest

Both optimists and pessimists contribute to our society. The optimist invents the airplane and the pessimist the parachute. ~Gil Stern On the serious note, I share justine’s patient safety concerns due to possible errors in important pieces of demographic or clinical information. Yes, EMR systems must (1) have data validation capabilities, where it makes sense, and (2) provide data correction tools. But, as with any other software application that requires user input, much more depends on business processes, which deal with patient information. In most cases, technology, if properly implemented and tested, is the last factor to blame if something… Read more »

The EHR Guy
Guest

hionit, FDA: I have asked through several FDA channels how can I obtain information of the EHR working group to no avail. If you search the internet you can’t find anything besides the fact that the working group was created. FORCED SIGNATURES: Many claim that the HIT vendors “force” them to sign a contract. This is what is not true. If the healthcare organization signs a contract it’s because they agree with the terms, period. Over 80% of healthcare facilities do not sign these contracts and hence they do not implement an EHR. And I believe that with this healthcare… Read more »

hionit
Guest
hionit

Dear EHR Guy,
Who is on the recently formed FDA working group?
Didn’t Koppel and Kreda, referenced earlier, offer a commentary in JAMA on the topic brought to the fore by hosp exec?

The EHR Guy
Guest

hosp exec, The FDA only recently formed a working group to determine whether or not they should regulate EHRs. It’s hard to know where this group stands due to the secrecy in FDA processes. Ironically they created a transperancy blog so that people could provide feedback. It’s also ludicrous that they only post comments of the sort: “the FDA is wonderful ….”. So it is for their transperancy. I don’t buy the “we are pressured by HIT vendors” argument. Who’s putting the money has the power to pressure. When a hospital executive pushes to make a purchase of several million… Read more »

hosp exec
Guest
hosp exec

As hospital executives,we are pressured by HIT vendors to sign contracts that interfere with appropriate patient safety maintnenance.
The companies know that their equipment has not been validated as safe and they do not want the public to know.
If the deployments of these systems were carefully scrutinized for adverse events and the truth be known, there would be a ban on such patient care systems.
The FDA has not done its job.

David C. Kibbe, MD MBA
Guest
David C. Kibbe, MD MBA

Dear justine: I certainly agree with you that the safety of EHR technology and its usage has not received nearly enough attention over the years. It is receiving that attention now, though. Papers are being written/published, and there are conferences and meetings being held, on the unintended consequences of EHR technology implementation. Problems with the integrity of data and its accuracy is one of these, and can lead to safety problems for patients/consumers. Do a Google search on Ross Koppel, and you’ll find a number of journal articles regarding EMRs and safety. Potential safety problems associated with EHRs was not… Read more »

The EHR Guy
Guest

propensity, Certification can only guarantee that the functionality exists. Certification does not guarantee user-friendliness. In addition, technology as has developed (e.g. moused based input) is difficult to introduce into the clinicians workflow. This paradigm is for people who have the comfort to sit in front of a computer dedicated to inputting/extracting information from it. Unless technology is leveraged in an efficient way by exploiting other input technologies (e.g. voice recognition, hand writing, etc.) we will make little progress. Of course this era is an opportunity for these technologies to undergoe a huge revolution. Another body, such as the FDA, should… Read more »

propensity
Guest
propensity

Have those commenting here ever evaluated and managed a patient with complex multi-organ disease using the user unfriendly and defective equipment being considered for certification?
It is shocking that there is not one mention of safety in the deliberations.
As UK leadership opined of its own, the same can be stated here, that the leadership of the US and this committee has been seduced by dreams of HIT.