- New World Order: Effectively Securing Healthcare Data Through Secure Information Exchanges
- QualSight LASIK Achieves HIPAA Compliance After Attempted Hack
- Case Study: Blood Systems Expands Remote Access Connectivity to Prepare for Disaster
- 5 Tips for Successful Patient Identity Management in Government Agencies
- Sizing Up Your Cloud Options - Is Now the Time?
The Office of the National Coordinator for Health IT released a final rule about the consequences if the organization that oversees the bodies that certify electronic health records engages in improper conduct.
ONC described the conduct violations, methods to discipline the authorized accreditor (ONC-AA) of the permanent certification program for improper conduct, and its process for corrective action.
[Editor's Desk: This Week in Government Health IT.]
Earlier this year, ONC selected the American National Standards Institute (ANSI) as its sole ONC-AA.
The regulation became available Nov. 23 in the preview section of the Federal Register. The final rule, which tweaks a proposed rule published earlier in the year, will take effect 30 days after it is officially published Nov. 25 in the Federal Register.
ONC said that the final rule does not impose any “unexpected” requirements for an organization that wants to serve as the ONC-AA in order to fulfill its responsibilities. In fact, these processes “create positive effects for program participants by increasing the accountability of the ONC-AA,” ONC said in the rule.
“We believe that the processes that we have established constitute the minimum amount of requirements necessary to accomplish our policy goals,” ONC said.
Conduct violations include fraud, falsifying accreditations of certifying organizations, withholding or altering information that would indicate fraud, and failure to perform responsibilities satisfactorily. The rule provides a period of time to become compliant, and in the case of removal, time to respond.
[See also: What HIE needs to mature -- regional critical mass.]
The single accreditor is critical to the permanent certification program because that organization approves organizations that will certify EHRs as able to perform the functions that are required for healthcare providers to meet meaningful use.
On Nov. 2, however, ONC said it decided to delay the launch of the permanent program until mid-2012 from Jan. 1 to coincide with the anticipated final rule for stage 2 of meaningful use and standards and certification criteria.
Until then, ONC will continue with its six authorized temporary testing and certifying bodies (ONC-ATCBs) to approve EHRs and/or EHR modules, which perform only selected functions. They have certified 1,300 EHRs or modules to date.
On May 31, ONC proposed the process for disciplining the accreditor and accepted comments through August. The final rule does not veer from the proposed regulation.
[Commentary: Will HITECH money be there tomorrow?]
In the final rule, however, ONC reduced the burden and negative consequences to approved certifying organizations if the accreditor is removed by allowing them to maintain their approved status for a reasonable period while a new accreditor is selected.
ONC will be able to assess the accreditor’s performance through the annual reports of EHR product surveillance by the certifying organizations. The surveillance results should also include feedback from the accreditor.
The accreditor must also adhere to ISO/IEC 17011, a standard developed by the International Organization for Standardization that specifies the general requirements for bodies that approve conformity assessment organizations, such as ONC's authorized certification bodies. The accreditor applicants must also assure that the certification bodies conform to ISO/IEC Guide 65, a standard for general requirements for product certifying bodies.