Why Rush Vendor Certification of EHR Technologies?

A surprise move by ONC/HHS indicates the wheels may be falling off health IT reform at about the same rate they’ve fallen off Democrats’ broader health reforms.

David Blumenthal and his staff have unveiled two separate plans to test and certify EHR technology products and services. We don’t think this is a good idea. We’ve supported the purpose and spirit of the ARRA/HITECH incentive programs, and believe ONC’s/HHS’ re-definition of EHR technology puts it on a trajectory to improve the quality and efficiency of health care in the U.S. But this recently-announced two-stage EHR technology certification plan bears all the marks of a hastily drawn up blueprint that, if rushed into production, could easily collapse of its own bureaucratic weight.

The new Proposed Rule puts vendors through the wringer, twice. As defined by ONC, vendors with “complete EHRs” and those with “EHR modules” will have to find an “ONC-approved testing and certification body” (ONC-ATCB) that will take them through a “temporary certification program” from now until end of 2011. Then in 2012, under a “permanent certification program,” they’ll have to switch over to a National Voluntary Laboratory Accreditation Program (NVLAP)-accredited testing body for testing, after which they must seek an “ONC-approved certification body” (ONC-ACB, not to be confused with ONC-ATCB) that can provide certification. The ONC-ATCB will be accredited by ONC, but the ONC-ACBs will be accredited by an “ONC-approved accreditor” (ONC-AA).

Confused? This is just the start. We can’t imagine many federal agency Notices of Proposed Rule Making (NPRM) that have created, in a single document, more new acronyms. And the prose in the document can challenge even the most focused minds. For example, the drafters of the NPRM recognize that things could get a little complicated, saying:

“Should CMS finalize its proposed staggered approach for meaningful use stages, we recognize that some confusion within the HIT industry may arise during 2013 and 2014 because of this apparent inconsistency and the divergent use of the term “meaningful use.”

But, then they go on to clarify:

“We would anticipate, therefore, that ONC-ACBs would clearly indicate the certification criteria used when certifying Complete EHRs and/or EHR Modules, and identify certifications according to the calendar year and month rather than the meaningful use stage to reflect the currency of the certification criteria against which the Complete EHRs and/or EHR Modules have been certified. Consequently, if an eligible professional or eligible hospital were seeking to obtain a certified Complete EHR or certified EHR Module in 2014, for instance, that eligible professional or eligible hospital would look for Complete EHRs and EHR Modules certified in accordance with certification criteria current in 2014, rather than Complete EHRs and EHR Modules certified as meeting certification criteria intended to support meaningful use Stage 1, Stage 2, or Stage 3. We request comments on ways to ensure greater clarity in the certification of Complete EHRs and EHR Modules.”

Got that? Glad they’re requesting comments, though we’re not sure where to start. The use of the word “staggered” to describe ONC’s programs is apt: this new NPRM is going to leave a lot of people staggering, as in punch drunk.

We would like to see ONC and HHS abandon temporary certification in favor of a single, permanent certification process, even if it means delaying testing and certification until mid- or late 2011. The hurry appears to be related to the need to have at least some EHR technology tested and certified by the end of 2010, so at least some physicians and hospitals can meet the meaningful use criteria. That would require them to use “certified EHR technology” by the official start year for the incentive programs, 2011.

But we don’t think this timetable makes sense any longer, and the rush may jeopardize the whole program. Between meaningful use, accreditation, testing, and certification, there are simply too many moving parts to implement and coordinate in too short a time.

Delays seem inevitable. For example, we know that the release of the meaningful use final rule will be postponed until early summer and perhaps longer due to the large number of comments received and their implications. A consortium of physician membership groups will soon recommend that the meaningful use criteria be simplified. It also predicts that many small and medium sized medical practices will sit on the sidelines during 2011 and 2012, rather than rush into risky attempts to meet the meaningful use requirements. In addition, CMS has said it won’t be ready to accept EHR technology product and service data until 2012, at the earliest. That timeline could be ambitious by about a year.

The ONC/HHS interim final rule (IFR) may have inadvertently caused another kind of delay. It set initial standards and implementation specifications for EHR technology – we applauded this – endorsing a modular EHR technology approach that opens the door to industry innovation. But it will take time for market entrants to bring modules and components to their customers, and perhaps longer to integrate different EHR vendors’ modules in plug-and-play fashion. In other words, by opening up the market, ONC/HHS created circumstances that will almost certainly delay the goals it seeks.

So what if, to get the certification process right, ONC were to postpone payments by one year? It would be worth it.

The “permanent certification” plan in this new NPRM is very reasonable. Under it, NIST would be involved in setting up the testing of EHR technology software under the auspices of the National Voluntary Laboratory Accreditation Program. A single accrediting body would be chosen by ONC/HHS to oversee, supervise, and accredit the certification entities, following established international standards, including the International Organization for Standardization’s (ISO) standards 17011 and Guide 65, that have guided conformity assessment in numerous industries, and ISO 17025 that is used for assuring quality of testing and calibration laboratories.

So each vendor would follow an orderly progression: first, ensuring that the product meets the technical testing criteria and then, having passed those technical tests, moving on to certification. The stability of this process has much to commend it.

We’re not alone in thinking that delaying the EHR incentives start date is a good idea. At a HIMSS session on Monday, March 1, Congressman Tom Price (R-Ga.), an orthopedic surgeon, said that ONC’s delay in issuing guidance on the certification process has prompted him to organize Congressional members. They’ll send a letter to federal officials asking to postpone the start date for for demonstrating meaningful use to qualify for incentive payments. Price said members of Congress are currently collecting signatures for the letter and could send it to HHS within a week.

David Blumenthal is smart, dedicated, and is hiring many talented, experienced people into ONC. But rushing ARRA/HITECH’s policy and statute beyond what is humanly possible could ultimately be at cross-purposes with the very goals they’re trying to achieve.

David C. Kibbe, MD, MBA and Brian Klepper, PhD write together about health care technology, innovation, market dynamics, and reform. Their collected writings can be found here.

Categories: Uncategorized

Tagged as: , , , ,

13 replies »

  1. I look back and I thought the process was getting way to complicated in 2008:) We are not creating all for the desktop any longer and bringing in more aggregated data so the certification job gets more complicated. What we don’t need is one more blog for suggestions right now:)
    I have always said we are missing a piece of the puzzle here with certifying EHR algorithms, we don’t certify the payer algorithms, which makes all the rest of this possible. We do have a real interest in those being accurate too I believe.
    The high fees for certification have always been an issue with smaller companies having a difficult time with the dollar amount, thus perhaps some nice software perhaps has missed the boat in the past.
    Now that the economy is not doing so well outside of Wall Street, it’s even more of a challenge. We also have everyone at so many different levels too. When it comes to security our Congress themselves are now just addressing laws to prevent government employees from using peer to peer networks, which most have dealt with years ago, so where do we go from here:)
    In the IT end of the business we get it as far as security and needing to interoperable systems, but those outside that make laws are not quite clued in yet on all the ramifications to all of this too.
    It’s a very daunting issue to say the least and little mention is made about devices that report data that are quickly worming their way in as well, perhaps one of the biggest overlooked areas of the entire process. How do you certify each device that will work with either a EHR or PHR, and now we are into the FDA’s area of responsibility on some issues here too.
    Who knows the FDA might just be approving your next cell phone before we know it:) The FDA is so busy with updating their own infrastructure too as of late 2008 they even still had top investigators writing out reports in longhand, a shocker to say the least and I do somewhat chuckle a bit when I hear about the potential of the FDA looking over Health IT in the news.

  2. Scrap certification. It is a ridiculous concept. Each organization should demonstrate meaningful use, that is all. It is possible to get to meaningful use with a combination of uncertified EHRs. So what is the value?

  3. Propensity has it right. The whole act is part of the “Total War scenario” declared by vendors against regulation of EHRs as medical devices many years ago (1997). With HIMSS and the EHRVA leading the charge on the battlefield , AKA Stakeholder Landscape, the industry is winning the war against safety testing. The whole idea of certification is really just a process of acculturation and that process is one of forcing the majority who do not want any of this to be force fed a technology that is unsafe . Oh an uh, excuse me for supporting the Null Hypothesis again, but these products are unsafe until proven safe and so replicated over and over again by independent labs testing according to scientific method.
    So lets be honest about the complete and incomplete EHRs. You are selling snake oil that doesn’t work and at this point, Dr. Blumenthal, this stuff is a throwback to the days of Dr. Kellog now quickly becoming the laughing stock of the world.

  4. propensity, I believe there is a thorough misunderstanding regarding what CCHIT certified in the past, or what ONC is proposing to certify in the future.
    To make this very simple, if EHRs where drugs, CCHIT (or ONC) certifies that all the chemical ingredients are indeed in the pill at the ratios advertised.
    It does not certify that the drug will provide good outcomes for a certain condition. It does not even certify that the side effects are not worse than the disease.
    If you want to provide safety and efficacy assurances, than you need RCTs, or at least some sort of trial where the product is observed over time in various settings.
    We don’t have that sort of oversight for EHRs right now, although it seems that folks in Washington are thinking about it. I hope they translate their thoughts into some sort of action.
    Personally, I would start from a legal requirement for EHR vendors to make public disclosure (to all customers) of any potentially harmful bug discovered, or reported by a customer. It’s only a preventative measure, but it’s a start.

  5. Delaying the start date could cause some serious problems for already stressed hospital budgets that have made investments already under the impression they could count on the original timeline. I think it is going to be very difficult to slow this train now that it has left the tracks…
    That being said, I have actually heard rumors that after the elections there will be a move to suspend spending from unspent ARRA funds (including HITECH). This could throw everything into disarray.

  6. You folks are deluding yourselves with this talk about a certification process that ignores the failure of these products to be fundamentally safe. David, you were at the HIT Risk conference on the 25th. You heard what the vendors said in response to questions. You heard what Koppel said. You heard what Shuren said. You heard what Walker said.There have been at least 6 deaths reported to the FDA, they said, and that represents the tip of the iceberg.
    Did CCHIT ever test the products? Does anyone have proof that it did? Did the vendors use CCHIT to crush their competition?
    David, have you forgotten the safety meeting so fast? Why is it that you and others fail to consider the intrinsic safety of the devices critical to certification?

  7. When all of this certification started back several years ago before ONCHIT, ONC, etc etc there were visionaries in the vendor market who came together to put together something that worked. That is how capitalism and entrepeneurial companies work. I don’t see a problem as long as there is full disclosure. The clock is ticking (actually racing) toward those ‘penalty’ dates, which in itself is a travesty…. Use what we have, get the damn thing going!!!Stop all the B.S. Why does everyone have to be so P.C.? When did socialism invent anything?

  8. David,
    I’m so glad you said that. I agree with the need to adhere to Guide 65. It is actually imperative.
    I don’t want to see a monopoly either, but this is a temporary situation by definition. If we don’t do this, I believe, as you wrote in your article, that the chances of staying on target with the stimulus time lines are zero to none.
    I don’t see any reason not to delay the start to 2012, but for ambulatory docs, it is already delayed to October 2011 and three more months will not make much difference.
    Actually, David, do you know if delaying is even an option? I mean, isn’t the 2011 schedule law by now? Will it have to go through Congress to change the start year to 2012?

  9. I think Margalit is right, at least as far as any temporary program should be run. Reinventing the wheel is always counterproductive: that spare tire may not look pretty, but it’ll get you to the service station for a patch when you need it to. Of course, the better (ideal) solution might be a delay in the whole process, so that people won’t have this weird stop-start-temporary-permanent certification process to go through. It’s already going to be hard to keep up with the steadily ramped up definition of meaningful use for the duration of HITECH; having the certification process change as well sounds like another moving target that the rule admits may crete problems.
    However, getting the date to change may not be a viable option at this point for any number of reasons, some political, some organizational, some legal. I’m certainly not an expert, but with the comment period almost over for the original meaningful use NPRM, we’re close to that thing becoming law, and there are already people working to meet those requirements. Any changes will probably prompt outcry (won’t the end of this month be interesting?) To quote a member of the HIT Policy Committee, “We have no more time to run out of time.” If the program were delayed, when would it start? And how does that work into the ultimate deadline of 2016?

  10. Margalit: I will surprise you: I have no problem with CCHIT being an ONC-ATCB, provided the organization’s financing, leadership ties, and other real or apparent conflicts of interest or biases are fully aired and resolved in line with Guide 65.
    I am not sure we are best served by a monopoly situation, however. This is something that could lead to all sorts of problems down the line.
    Kind regards, and many thanks for your comment. DCK

  11. David, Brian,
    I’m glad you wrote this article and I share your concern.
    My proposed solution is different, though. I posted this comment on the ONC blog in response for the certification NPRM announcement. It sat there “awaiting moderation” for two days, while more recent posts were approved. I guess they didn’t like it, and I am sure you are not going to like it, but sometimes you have to do the sensible thing, so here it is again:
    OK, I can’t believe I’m typing this, but I am.
    As anybody that reads things I write, or listens to things I say, knows, I had lots of issues with the way CCHIT operated in the past and the effects it had on the EHR industry. However, currently CCHIT has a complete certification infrastructure in place ready to service both comprehensive EHRs and EHR modules immediately. No other organization is even remotely close to such capabilities.
    I do believe your long term accreditation plan is good and much needed.
    However, I would like to suggest that the entire temporary certification program needs to be scratched and that CCHIT be awarded ONC-ATCB status so certification processes can begin now. I don’t really see the value of engaging in a formal lengthy process just to create temporary bodies of certification. I also don’t see how submitting a bunch of forms and documentation to ONC and taking a quiz can provide assurance to both vendors and physicians that these newly accredited temporary bodies really know what they are doing, considering they have never tested an EHR before.
    I believe ONC is underestimating the complexity of certification and the infrastructure required for a successful program, even a temporary one. Please remember that if all goes well, there will be a tremendous wave of adoption in the coming year and it will all be done under temporary certification bodies. In order to sustain future expansion of HIT, it is imperative that physicians have a good experience in 2010-2011.
    I can easily envision horror stories, particularly regarding EHR modules, created by small underfunded vendors, getting temporary certification and providing nothing but disappointment and financial loss to customers.
    In the engineering world, reinventing the wheel is not considered a worthy endeavor. CCHIT is there. It is experienced. It is up to date in it’s infrastructure and readiness. It has created a pared down ARRA certification and kept up with all ONC/CMS changes.
    So why not let CCHIT start working on a temporary basis, while ONC begins the long term accreditation process for all applicants? Wouldn’t it serve the market and all our goals better?
    It’s the simplest, cheapest, fastest and least risky solution and it’s the right thing to do.