On September 3, the Certification Commission for Healthcare Information Technology (CCHIT) unveiled their plans for certification under ARRA. CCHIT plans two program concepts: 1) comprehensive certification which meets or exceeds federal standards and and 2) modular certification related to security, privacy and interoperability meeting federal standards.
Federal standards for HHS Certification will mean that a system meets the "minimum government requirements for security, privacy, and interoperability, and that the system is able to produce the Meaningful Use results that the government expects." HHS Certification will not be a 'seal of approval' nor an indication of the relative value of systems.
CCHIT's action were in response to ONC's Certification and Adoption Workgroup recommendations presented at the August 14 HIT Policy Committee meeting.
The Certification and Adoption Workgroup's recommendations include:
Focus Certification on Meaningful Use
Leverage Certification process to improve progress on Security, Privacy, and Interoperability
Improve objectivity and transparency of the certification process
Expand Certification to include a range of software sources: Open source, self-developed, etc.
Develop a Short-Term Certification Transition plan
The Certification Workgroup emphasized the need for more explicit requirements for information exchange
Unlike CCHIT today, certification criteria should be established independently of the organizations performing the certification. Multiple certification organizations will be allowed to perform testing after they become accredited. Vendors need certification from any one testing organization.
As such, accreditation is a lynch pin in the Workgroup's recommendations to "insure that multiple certification entities use identical criteria and provide a 'level playing field' so that all certification organizations offer the same level of scrutiny."
HHS Certification would also serve as qualification for the Stark exception.
Providers would be allowed to achieve meaningful use through use of certified components.
In one sure-to-be-controversial recommendation, the Workgroup recommended that the “lock down” requirements of EHR software should be removed to address concerns of the Open Source community.
Self-developed software may also be certified, on a site by site basis.
The certification transition "includes a concept of 'Preliminary HHS Certification' so that vendors, who take a risk on the content of the final regulations, can be ready as quickly as possible when final regulatory approval is obtained" which should be valid through 2011."
"This certification is called “preliminary” because the meaningful use criteria and the certification criteria will not yet have completed their paths through the regulatory process. When the regulatory process is completed for Meaningful Use, presumably in early 2010, then, if necessary, establish a short “regulatory gap certification” for any necessary changes from preliminary certifications. After completing this “regulatory gap certification”, the National Coordinator should certify those products as qualifying under the statute, with a goal of having HHS Certified products in the marketplace in early 2010."
"For vendors who already completed CCHIT 2008 certification, we recommend providing an optional shorter, expedited process. Request that CCHIT submit, as soon as possible, a proposal for “2008 Gap Certification,” which will apply only to vendors who already completed 2008 Certification. The 2008 Gap Certification must cover any missing privacy capabilities (e.g., audit trails, consent) required by statute It must also cover capabilities for Meaningful Use, and expanded interoperability capabilities. Once approved by ONC, the completion of 2008 Gap Certification should also qualify products for “Preliminary HHS Certification.” Those products will be required to complete the “Regulatory Gap Certification Process” before the National Coordinator similarly certifies those products. Working with CCHIT and the Policy Committee, the ONC should investigate whether similar gap certifications are appropriate for products that achieved 2007 certification."