NIST continues defining the specifics of EHR certification

The process for defining how Electronic Health Records (EHRs) will be certified, in order that physicians can “ meaningfully use certified EHRs” to access ARRA/HITECH stimulus incentive bonuses, is becoming clearer step-by-step.

Over the past year, the Office of the National Coordinator (ONC) has been defining Meaningful Use, based on input from a very broad range of stakeholders. Through its HIT Policy Committee it has listed a set of National Priorities for what EHR Technology is supposed to accomplish, and from that has elaborated a series of criteria that support these priorities. For each criterion, a set of measures have been defined, which physicians must achieve in order to demonstrate Meaningful Use. This has been consolidated into a Meaningful Use NPRM, published by the Center for Medicare and Medicaid Services (CMS) – which is how HITECH bonus money will be distributed. The NPRM was open for a 60-day public comment period. That comment period is now over, the 4000+ comments received are being digested, and we are awaiting a finalized version of the Meaningful Use rules in the next 6 weeks or so.

Based on the Meaningful Use criteria that came out of the Policy Committee, the HIT Standards Committee has developed a framework for defining exactly how these criteria should be structured, and therefore what elements need to be present in EHR Technology in order that it be Certified. Parallel with the Meaningful Use NPRM, a Certification IFR was also released, detailing the capabilities needed by EHRs – something that EHR vendors have been paying close attention to. That 60-day open comment period is also now over.

On March 2nd, the ONC issued a third document, detailing exactly how certifying agencies can become ONC-Authorized Testing and Certification Bodies (ONC-ATCBs). To date, CCHIT and Drummond Group have indicated interest in becoming such certifying bodies.

Simultaneously, guided by the HIT Standards Committee, the National Institute for Standards and Technology (NIST) – the federal organization that defines all manner of standards across all areas of activity – has been building a set of specific definitions for each of the EHR Technology certification criteria. As one might expect, they have defined the “easy ones” first, and are spending more time defining the more difficult or controversial elements subsequently. But day by day, step by step, the NIST has been building its list of specific measures needed to certify an EHR Technology.

What is clear in this process is that the government – the public domain – is defining the specifics of what is important in EHR Technology. This is in contrast to the legacy certification process, previously carried out by CCHIT, which created its own set of criteria for certification. CCHIT, having been an outgrowth of an EHR-vendor trade organization (HIMSS), developed what it thought was important in EHR technology – a view that was influenced by the “big iron,” proprietary, all-encompassing, enterprise systems that dominated the CCHIT board and orientation. The result of that approach was a collection of CCHIT-certified products that were expensive, challenged by low adoption rates (particularly among small medical office practices), with poor interoperability and usability. The modular, plug-and-play, web-based approach to technology seen elsewhere in the IT world was lagging significantly in Health IT, largely as a result of this legacy.

As we watch the NIST define the specific measures that will determine ONC-Authorized certification (which is what is needed in order to demonstrate Meaningful Use), the “unique relevance” of CCHIT and its internally-created certification criteria has faded. In the public domain, the new definitions of what is important for EHR Technology is being spelled out, as are the specific methods by which ONC-ATCBs will certify such technology. The particulars of exactly which organizations do the certifying is less important (CCHIT no longer has a monopoly) – what counts is the ability to implement the NIST-derived criteria and testing methods.

In fact, we don’t even need to wait until the process of authorizing ONC-ATCBs is finished in order to see what the certification criteria are going to be. The NIST documents are the “open book test,” and EHR vendors (as well as EHR end-users, like physician practices and hospitals) can look at each of these criteria and ask themselves “does our system do this?” If yes, then great – check that one off. If no, then one can ask oneself “what do we need to do to
get there?” Having the specific criteria, as well as the specific testing steps, available in the public domain, serves to move EHR Technology adoption forward exactly the way it’s supposed to.

We welcome this approach. We believe that the public domain is where such standards should reside, and that only in this way can the Health Priorities that guide the overall effort to digitize medical recordkeeping in this country be carried out. We will keep a close eye on the NIST documentation, as it evolves, and make sure that we create an EHR product that addresses all the elements physicians need in order to demonstrate Meaningful Use.

Robert Rowley, MD
Chief Medical Officer, Practice Fusion, Inc.