The Office of the National Coordinator for Health IT is significantly pulling back on EHR certification attestation requirements, a move that will reduce the burden on users and developers and provide more bandwidth to advance interoperability, according to federal officials.
The announcement came as a surprise to several industry groups that spent Thursday trying to grasp the implications of the regulatory revisions amid questions over the possible downstream consequences.
ONC officials outlined two key changes to the EHR certification program in a post on Thursday. For 30 of the 55 EHR certification criteria, developers will be allowed to “self-declare” that their product meets requirements. Previously, vendors were required to conduct a visual demonstration with an ONC Accredited Testing Laboratory or submit documentation.
The change covers “functionality-based certification criteria,” which officials say will allow developers to devote more time to interoperability.
“Health IT developers are still required to meet certification criteria requirements and maintain their products’ conformance to the full scope of the criteria,” Elise Sweeney Anthony, ONC’s director of the Office of Policy, and Steven Posnack, director of the Office of Standards and Technology wrote. “Any non-conformity complaints received and associated with these certification criteria would continue to be reviewed and investigated by ONC [Authorized Certification Bodies].”
An ONC webpage devoted to 2015 Certification testing included an updated chart indicating exactly which criteria no longer required a test tool. Nearly all of the requirements that still require testing have some ties to interoperability, while the remainder—like computerized physician order entry, medication lists and family health history—are now self-declared.
American Medical Association (AMA) president David O. Barbe, M.D., said he appreciated the ONC's effort to focus on interoperability and usability, but argued the certification change could compromise patient care.
"We believe that vendor self-declaration of certain EHR functions could have unintended consequences that jeopardize patient health, care coordination, and physician success in the Quality Payment Program," he said in a statement to FierceHealthcare. "We encourage ONC to develop a timely, transparent process to hold health IT vendors accountable for their self-declarations."
ONC is also “exercising enforcement discretion” by ending requirements that Authorized Certification Bodies (ACBs) conduct random surveillance of at least two percent of the health IT certification issued.
“ONC will not, until further notice, audit ONC-ACBs for compliance with randomized surveillance requirements or otherwise take administrative or other action to enforce such requirements against ONC-ACBs,” the ONC officials wrote.
Instead, enforcement will be “complaint driven” to allow ACBs to focus on certifying systems to meet 2015 Edition requirements. ONC spokesperson Peter Ashkenaz said providers that believe a vendor isn't meeting certification criteria should address their concerns with the company first, and file a complaint with the ONC-ACB if it is not resolved.
"[The] complaint process does not change for self-declaration criteria," Ashkenaz said in an email.
Representatives with several of the major health IT organizations told FierceHealthcare the changes to the certification program took them by surprise, and many were still combing through the changes with their members.
“It’s kind of strange,” said Jeff Smith, the vice president of public policy at the American Medical Informatics Association (AMIA). “I don’t know what to make of this.”
“I think we have more questions than we have answers,” added Mari Savickis, vice president of federal affairs at the College of Healthcare Information Management Executives (CHIME), who wondered how the changes would impact providers that discover a deficiency within their EHR platform. Others echoed that concern, wondering if loosening certification requirements would pass the onus onto providers to uncover deficiencies.
Smith acknowledged that the changes fall in line with HHS' broader approach to reduce regulatory burden, but questioned whether that would lead to less-reliable products.
"There is a certain line of thinking that for these certification criteria, if they are self-declared, will that result in more nonconfirmation?" he said.
Former national coordinator Karen DeSalvo, who led the agency from 2014-2016, also wondered whether less regulation was the right direction for the program.
“The certification is relatively young and, just as we did during my tenure as national coordinator, should be subject to ongoing improvements and modifications,” she said in an email to FierceHealthcare. “That said, our experience and feedback from stakeholders drove us to provide more oversight so we could better protect the safety of care and the financial investments of providers.”
Making EHR certification requirements less onerous for vendors and unloading some of the burden from ACBs may be a vehicle for the agency to get more 2015 certified products into the marketplace—a concern that many have raised because 2015 certification is linked to quality payment programs.
“Anything that ONC can do to help get more vendors through 2015 certification is a good first step,” said Tom Leary, vice president of government relations at HIMSS, who also expressed some reservations about what the downstream impact would be for providers.
“The big issue is the industry’s comfort with the attestation and whether or not there will be an increase in post-deployment complaints and surveillance,” he added.
One group that was unsurprisingly pleased with the changes: EHR vendors.
“We have encouraged ONC to look for ways to make the certification process less expensive and more efficient,” Sasha TerMaat, chair of the EHR Association and director at Epic said in a statement. “We therefore appreciate the direction and intent of the proposed changes, and look forward to reviewing the details of this new approach.”