ONC Relaxes Certification Requirements for Health IT

CAST | October 17, 2017

Providers can self-declare they meet certain criteria, and random audits are no longer required.

The Office of the National Coordinator for Health Information Technology (ONC) outlined two changes related to health information technology (IT) in a Sept. 21, 2017, blog post.

  • Providers Can Self-Declare Their Products Meet Functionality-Based Criteria: Health IT developers will no longer need to test with ONC-Authorized Testing Laboratories (ONC-ATLs). Instead, developers can self-declare that their products meet 30 of the 55 certification criteria. The 30 “self-declaration only” criteria are functionality-based criteria. The testing usually included either a visual demonstration or documentation of the product’s functionality. To comply with meaningful use regulations, providers must use a certified electronic health record (EHR). Conformance with the criteria is still required, and ONC-Authorized Certification Bodies (ONC-ACBs)  would continue to investigate conformity complaints.
  • Random Audit Requirements Put on Hold: ONC-ACBs will no longer be required to conduct randomized surveillance. Until further notice, ONC will not audit them for compliance with randomized surveillance requirements or enforce these requirements. This directive includes the requirement for ONC-ACBs to conduct randomized surveillance for at least 2% of the health IT certifications they issue. 

In its blog, ONC writes that the new self-declaration procedures will save health IT developers and ONC the time required for testing, enabling both to focus on the remaining interoperability criteria. The surveillance changes, ONC writes, will let ONC prioritize complaint-driven surveillance and spend more time certifying products under 2015 Edition requirements. As a result, providers in the Centers for Medicare & Medicaid Services Quality Payment Program will have more certified health IT products to use.

“The ease of these requirements should make the certification process more streamlined, efficient, and less time-consuming, which should encourage more EHR developers to pursue certification under the latest 2015 Edition requirements,” said Majd Alwan, executive director of LeadingAge CAST. “This is especially true of long-term and post-acute care (LTPAC) EHRs who have fewer resources than their acute care counterparts. We certainly would like to see more of these vendors pursue this certification and support more interoperability and information exchange with other providers in the health care ecosystem,” he added.
But these changes might also make for less capable—and less safe—electronic health records, said Robert Tennant, the Medical Group Management Association's director of health information technology policy in a recent Modern Healthcare article.
"Deregulating this area could cause more harm than good," Tennant is quoted as saying. “There might be less of an incentive for these vendors to meet the government requirements."
The coming lack of random audits compounds the patient safety concern, says the article, with certification bodies no longer conducting random audits. The decision comes at a less critical time than in the past. In the summer of 2017, CMS gave providers and hospitals subject to meaningful use another year to keep using 2014 Edition-certified EHRs.