It's going very well. Here's what has happened thus far.
1. Recognizing that security and interoperability are some of the more challenging aspects of certification, we started with the CCHIT ONC-ATCB Certified Security Self Attestation Form to document all the details of the hashing and encryption we use to protect data in transit via the New England Healthcare Exchange Network .
Next, I had my staff prepare samples of all the interoperability messages we send to patients, providers, public health, and CMS. Specifically, we created
CCD v.2.5 used to fulfill the Discharge summary criterion HL7 2.51 Reportable lab HL7 2.51 Syndromic surveillance HL7 2.51 Immunizations PQRI XML 2009 for hospital quality measures
2. Next, I documented an inventory of all the applications we are using during our Meaningful Use measurement period for Hospital Inpatient and Emergency Department care (Medicare place of Service 21 and 23)
webOMR - our online medical record CPOE - our inpatient ordering system ED Dashboard - our emergency department workflow applications Massachusetts eHealth Collaborative Quality Data Center - our PQRI reporting system Performance Manager - web-based analytics from our hospital data marts
I assigned each of these applications to the 24 Hospital Meaningful Use Criteria
Drug-drug, drug-allergy interaction checks Drug-formulary checks Maintain up-to-date problem list Maintain active medication list Maintain active medication allergy list Record and chart vital signs Smoking status Incorporate laboratory test results Generate patient lists Medication reconciliation Submission to immunization registries Public health surveillance Patient-specific education resources Automated measure calculation Computerized provider order entry Record demographics Clinical decision support Electronic copy of health information Electronic copy of discharge instructions Exchange clinical information and patient summary record Reportable lab results Advance directives Calculate and submit clinical quality measures
Once I watched the CCHIT Certification Readiness video I was advanced to Readiness Learning Complete and we could begin preparing for inspection.
3. I assigned each of the CCHIT Test scripts (easier to use than NIST Test scripts) to my staff to ensure our applications met the certification functional requirements. They executed each of the scripts twice and timed the effort so that we could report our actual test execution experience to CCHIT.
4. We scheduled a time for inspection testing - a web-based desktop sharing application session with a CCHIT observer to evaluate our conformance.
5. In preparation for that testing my staff created test patients with test medications, test problems, test allergies, and test labs. Also, they practiced their demonstrations to ensure smooth and efficient execution of the test scripts.
Since we're certifying our applications in parallel with measuring our hospital meaningful use performance, we sent training materials to our clinicians reminding them of their responsibilities to use the applications completely and wisely.
Here are my lessons learned thus far 1. Take certification very seriously - it's not easy. I have a staff of very experienced IT professionals and we had to do a great deal of preparation. This is not a function of the Authtorized Testing and Certification Body you choose, it's a function of the certification requirements and the NIST test scripts. The staff and educational materials of the ATCB make a huge difference. In my case, I relied on CCHIT staff to guide me through the process and CCHIT inventory tools/test scripts to make the process as easy as possible.
2. Interoperability testing is rigorous. The more tightly constrained the content standards, the more likely they will be interoperable between sender and receiver.
3. Quality measurement is hard. There are 15 detailed numerators and denominators with exclusionary criteria to prepare. CMS requires these to be electronically submitted in PQRI XML, so you must generate a conforming electronic format.
4. Some of the NIST test scripts require functionality that may not be clinically obvious. Note that this is purely my own personal opinion as a doctor. You must demonstrate that super users can change drug/drug and drug/allergy alerting logic. As a clinician, I cannot think of a reason to change drug/allergy alerting - you are either allergic to a medication or you're not. There is no alert fatigue from reporting a drug/allergy interaction, no matter how minor.
5. You must certify all the technology you plan on using for Meaningful Use attestation. You can only report Meaningful Use data from "Certified EHR technology", hence the reason we are certifying our ED applications, inpatient applications, data warehouses, and analytic tools.
Thus far, the process has great integrity, appropriate rigor, and sufficient specificity. We're doing it with our existing teams within existing budgets. Yes, it is creating temporary stress. However, if we pass certification in the next several weeks, we'll all be very proud.
Also - the ONC Permanent Certification Program was published in the Federal Register last week (Thanks to Robin Raiford for this bookmarked copy). I'll write about industry reaction to it as soon as I hear more.