Certification

Certification of electronic health records has been a hot topic in health IT over the last few weeks. The concept of HHS Certification of electronic health record systems was unveiled to the public at the July open meeting of the Health IT Policy Committee (see link below.) The proposed plan is to require HHS Certification of an EMR in order for a user to qualify for incentives under Recovery Act (ARRA) legislation. Certification in the past has only been performed by the Certification Commission for Health Information Technology (CCHIT.) Now it looks like that is about to change. Responsibilities for testing and certification under ARRA were assigned to the National Institute for Standards and Technology (NIST.)
The certification process requires two components. First, a set of requirements must be established. Then electronic health record systems must be tested for compliance with these requirements. CCHIT has listed its requirements in a set of test scripts to which potential buyers and vendors may refer. The scripts are the product of many hours of volunteer committee work. All of the committees have multiple stakeholder representation. The bar to achieve certification has been raised by CCHIT annually. This is outlined in the CCHIT roadmap. A second arm of CCHIT is responsible for the testing of systems. The jurors who perform the evaluations for certification, for the most part, are active clinicians. For further information visit the CCHIT web site: http://www.cchit.org.
An important question is: What is the purpose of certification? There are a number of answers to this question. Certification is often viewed as a seal of approval by industry. For example, within a very short period of time after CCHIT began certification of electronic record systems many of the most well-known vendors applied. Also, many provider professional organizations supported CCHIT certification in their recommendations to members considering purchase of electronic medical record systems (EMRs.) Also, the federal government required certification for certain safe harbor exceptions from the Stark Anti-kickback Law. A reasonable purpose of certification is to provide assurance that the EMRs will deliver a defined level of functionality. This may help a potential purchaser screen vendor systems before a final purchase decision is made.
Under ARRA, certification will assure that the system meets the level of functionality required by the Meaningful Use definition. A clinician will be required to use a certified system in order to qualify for the financial incentives offered by ARRA. It appears that certification criteria will be set by the HIT Policy Committee in the future. Current proposals show progressive enhancement of the requirements during each two year certification cycle. This progressive "raising of the bar" poses significant technical and financial challenges for both vendors and purchasers. Many providers may choose to forego the ARRA incentives for just this reason.
So what organization will perform the actual certification? ARRA is somewhat vague on this issue. Rule making by the Secretary of the Department Health and Human Services, based on advice from the Office of the National Coordinator for Health IT (ONC) and the HIT Policy Committee, will determine the final arrangement. The preeminent role of CCHIT seems to be in jeopardy. It seems the plan is to make certification available through a number of designated entities. We will have to wait to see how this is determined in the final proposed rule that is due out by the end of the year.
NIST will have a more important role than it has had in the past. While NIST is a respected federal agency, I am not aware that it has played a major role evaluating HIT in the past. NIST has helped provided some important tools for software testing and validation though. Certainly, increased funding for its expanded role in health care will be needed. Whether it has the personnel or necessary experience to carry out its assigned role will need to be watched carefully. A visit to the NIST web site will provide a good idea of what had been the focus of NIST activities http://www.nist.gov.
Should all certification programs concentrate on the ARRA certification requirements? There is a real danger that ARRA will distort the certification landscape. For example, ARRA does not provide incentives for most providers of children's health care. Hospital-employed providers are not eligible for incentives. Also, many behavioral health providers and the specially adapted systems they use may not be included. An important gap is the lack of incentives for long term care facilities. Providers must also consider the health record needs of the 40%-70% of their patients for which ARRA does not apply. Therefore, there still may be good reasons for these groups to use certified systems that do not conform to the ARRA requirements.
What is the future role for CCHIT? The decisions by the HIT Policy Committee over the last several weeks certainly set CCHIT on less secure ground. The leadership of CCHIT has responded to the challenges of the ARRA legislation by expanding committee membership and developing new committees. They have outlined new certification pathways that address some of the previous criticism leveled at CCHIT. There is no foundation to the criticism that vendors have a disproportionate influence. Multiple stakeholders are well-represented on CCHIT committees. The criticism that the CCHIT process is biased because it both develops the test criteria and performs the testing itself is not necessarily valid. Test criteria development and testing are two well-segregated processes within CCHIT, supervised and performed by mostly separate staff.
Where are the gaps? Health IT implementations still fail at an alarming rate. In general, they are very expensive and take a long time to complete. Often user support post implementation is not what it should be. Some functions are excessively complex and difficult to use. True interoperability remains elusive and only occurs at a relatively few sites in the U.S. today. Future certification requirements must address the problem of usability and human factors engineering. Even though this will be difficult, it is important to develop objective, testable criteria and promulgate best practices. I think that certification should somehow assess the difficulty of the implementation process, need for training, and need for vendor support post implementation.
(The author has a personal interest in and a commitment to the certification process. He has been selected as a volunteer for the new advanced interoperability committee established by CCHIT this year. He has attended one CCHIT meeting thus far.)