Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

ICSA Labs Questions Strength of ONC Certification Rules

Posted on August 11, 2011 I Written By

You’ve undoubtedly heard the argument before: EHR certification is about assuring that systems meet minimum requirements for functionality and interoperability, but the certification process falls way short in terms of usability, privacy and security. But have you heard the argument from one of the ONC-authorized certification bodies?

This is an excerpt from an e-mail I received today:

Meaningful Use criteria have become a massive EHR certification driver for healthcare organizations. Hospitals and other providers rely on the criteria to ensure that their health IT systems meet minimum government-specified functionality and interoperability requirements to support Stage 1 of Meaningful Use.  Achieving Meaningful Use also ensures a health care organization qualifies for reimbursement under the American Recovery and Reinvestment Act as a way to incent adoption of e-health processes among health organizations. The ultimate goal is to improve our nation’s healthcare system by leveraging technology to allow greater access to important health information and empower patients to securely access their own health information.

However, as one of only five organizations authorized to test both complete and modular EHRs by the Office of the National Coordinator (ONC) for Health IT, ICSA Labs questions whether EHR certifications are enough as the criteria represents only minimum requirements. Amit Trivedi, healthcare program manager at ICSA Labs, believes providers should take further steps to heighten the security and privacy of their health IT systems. He also suggests vendors should look beyond the current regulations to address and improve usability, data portability, and information exchange in their products.

That’s right, ICSA Labs, one of five organizations currently authorized to test and certify complete EHRs on behalf of the Office of the National Coordinator for Health Information Technology, seems to think that the standards it tests EHRs against are inadequate, which is something that critics of certification—particularly critics of the Certification Commission for Healthcare Information Technology—have been saying for years. Critics of many of the larger vendors have been saying that, too. But it’s shockingly refreshing to hear this from an actual certification body.

In fact, the publicist for ICSA, a unit of Verizon Business, has offered interviews with executives of two lesser-known vendors,  Health System Technology and Design Clinicals, to talk about how they are going beyond the minimum certification requirements. Deadlines beckon, so I didn’t really have time to wait for the publicist to try to find me an schedule opening for one of the executives, but here’s a statement from a March 30 ICSA press release that is somewhat telling:

“This year we are expanding our certification programs into health IT, a much-needed area of focus to help modernize today’s health care system,” said George Japak, managing director for ICSA Labs. “With our new focus on safeguarding patient information within electronic health records, we are committed to helping accelerate the adoption of health IT.”

We don’t hear too much about security in the context of certification from too many other camps, so it’s nice to hear that at least one certification organization is critical of the rules it is under contract to follow. Perhaps we’ll see tougher usability, privacy and security standards in the permanent certification program ONC needs to have in place by the beginning of 2012 to support the forthcoming Stage 2 “meaningful use” requirements from CMS.

Wishful thinking?

The Problems with CCHIT Certification

Posted on February 26, 2009 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In a really thoughtful post on HISTalk, Dewey Howell MD, PhD, Founder, CEO Design Clinicals, Inc. wrote a n article called “The Real Problem with CCHIT Certification.” In it, Dr. Howell basically makes the case against CCHIT, because it doesn’t take into account all of the various specialized EHR which only need to do a few things really well. His example was an EMR for “ambulatory, inpatient, and emergency settings.”

These arguments remind me when near the beginning of the CCHIT certification process it included such things as growth charts. Sure, growth charts are essential to a pediatric EMR, but not so much so for other EMR companies. Luckily, the vetting process did remove this criteria and what CCHIT ended up with was much better than what they started to create. Unfortunately, it’s still an onerous process for a specialized EHR to be CCHIT certified.

Dr. Howell also provides this really interesting insight:

Another deficiency of the current certification process is the lack of requirement for certification of results or outcomes. How do we certify and validate that the system actually delivers the outcomes that we are trying to achieve? The current process encourages vendors to throw a button or screen into their application that produces a specific action or display. But, there is no accountability to the patient and quality of care delivered with the tool. It encourages technology for technology’s sake, presuming that outcomes will be “better” just because a product is certified, instead of really validating results. Maybe this is a much tougher nut to crack, but it is considerably more important than things like, “The system shall provide the ability to allow users to search for order sets by name.”

I like how he described the need to measure results or outcomes. We’ve often mentioned on this blog CCHIT’s biggest problem is actually measuring usability, but results and outcomes are another way to look at the challenge of certification.