Medical groups worry new EHR rules could harm patients

This article was originally published by Scott E. Rupp on

The Office of the National Coordinator for Health IT recently signaled that it is pulling back on electronic health record (EHR) certification attestation requirements to remove a great many of the burdens on users and developers in an effort to advance interoperability.

The announcement was posted Sept. 21 to ONC officials revised the test procedures for 30 of the 55 EHR certification criteria, and developers will be allowed to “self-declare” that their product meets requirements. Previously, vendors were required to conduct a visual demonstration with an ONC-accredited testing laboratory or submit documentation.

The change covers “functionality-based certification criteria,” which officials say will allow developers to devote more time to interoperability.

“Health IT developers are still required to meet certification criteria requirements and maintain their products’ conformance to the full scope of the criteria,” Elise Sweeney Anthony, ONC’s director of the Office of Policy, and Steven Posnack, director of the Office of Standards and Technology, wrote. “Any nonconformity complaints received and associated with these certification criteria would continue to be reviewed and investigated by ONC [Authorized Certification Bodies].”

American Medical Association (AMA) president David O. Barbe, M.D., told Fierce Healthcare that he appreciated the ONC’s effort to focus on interoperability and usability, but argued the certification change could compromise patient care.

“We believe that vendor self-declaration of certain EHR functions could have unintended consequences that jeopardize patient health, care coordination and physician success in the Quality Payment Program,” Barbe said in a statement. “We encourage ONC to develop a timely, transparent process to hold health IT vendors accountable for their self-declarations.”

Robert Tennant, director of health information technology policy at the Medical Group Management Association, is worried about another incident of negligence like the recent trouble with eClinicalWorks.

“There are implications for patient safety,” Tennant told Healthcare Informatics. “If the software does not do what they claim it will do, it could have an impact on the care delivery process, and that to us is simply unacceptable.”

Nearly all of the requirements that still require testing have some ties to interoperability, while the remainder — like computerized physician order entry, medication lists and family health history — are now self-declared. ONC also is “exercising enforcement discretion” by ending requirements that Authorized Certification Bodies (ACBs) conduct random surveillance of at least 2 percent of the health IT certifications issued.

“ONC will not, until further notice, audit ONC-ACBs for compliance with randomized surveillance requirements or otherwise take administrative or other action to enforce such requirements against ONC-ACBs,” the ONC officials said via their blog. Enforcement will be “complaint driven” to allow ACBs to focus on certifying systems to meet 2015 Edition requirements.

Some wonder if these regulatory reductions are meant to match with a broader strategy to reduce regulatory burden, while others wonder if the reductions might lead to worse products. Needless to say, EHR vendors seem to appreciate the news.

National Coordinator Donald Rucker, M.D., said ONC wasn’t sacrificing any of its regulatory oversight but was simply doing what it could to reduce the hoop-jumping required of vendors so they could better allocate their resources to more usable and interoperable products.

“What we’re trying to do here is make things as smooth as possible in the regulatory process,” Rucker said during a call with reporters. “We’re not changing the certification requirements, per se. We’re doing a little bit of streamlining on the process. So that will hopefully, in part, reduce vendor costs — and in a market economy over time some of those savings come down to providers.”

“I think we have more questions than we have answers,” said Mari Savickis, vice president of federal affairs at the College of Healthcare Information Management Executives (CHIME) in an interview with Fierce Healthcare.

Certified technologies “do exactly what is asked of them from the certification criteria,” Rucker said. “Building medical software is a highly iterative process. And there are many inputs on this. Because these foundations tend to be so heavily used — minute in, minute out — things become obvious relatively rapidly.”

Rucker added that the goal of the deregulation is to “increase the operational efficiency of the vendors to the extent that we can. Because those (testing) costs are all eventually, sooner or later, borne by the providers purchasing the products.”