By Ed Larsen
Certification of health information technology has become a hot topic.
ONC has published the 2014 Edition update to its certification criteria, and its approved Certification Bodies have had their scope of accreditation extended to cover these new criteria.
A consortium of the EHR/HIE Interoperability Workgroup and Healtheway, which has taken over stewardship of the Nationwide Health Information Network specifications, has selected the Certification Commission for Healthcare Information Technology to conduct certification of products claiming conformance to its specifications.
Now, Integrating the Healthcare Enterprise (IHE) USA has set up a pilot certification program with ISCA Labs to certify products claiming conformance to IHE integration profiles.
So what is certification and what is its value proposition driving these programs?
Certification, as defined by ISO, is third-party attestation related to products, processes, systems or persons. The attestation is a statement based on a determination following review that the object has demonstrated fulfillment of specified requirements.
Technically, this is different from a first party declaring that it meets the set of requirements. Preceding the review and certification decision, a certification body evaluates the results of testing or inspection conducted by an independent testing lab or agency.
Thus three separate and independent activities occur in certification:
- evaluation, and
The separation of testing from certification is a key part of the framework. Within the certification body, the review and certification decision must not be performed by the same individuals that evaluated the data and results. All of these restrictions are designed to ensure the integrity of the program in terms of impartiality, consistency and competency.
Certification bodies (CBs) base their certification activities on ISO/IEC Guide 65 and on the requirements of the “scheme” owner. The scheme owner establishes the scope of certification, the conformance requirements for certification and other terms and conditions.
As we noted at the beginning, we have three scheme owners in the health IT space:
- EHR/HIE WG – Healtheway consortium, and
Each establishes the terms of its certification program. The certification bodies, in turn, can be accredited to conduct the certification program according to Guide 65 and the scheme, giving further assurance of trustworthiness.
ONC has, through its regulatory authority under HITECH, defined its scheme in regulations, 45 CFR 170, including its certification criteria for EHR technology. Importantly, the ONC scheme includes both system functional requirements, e.g., CPOE or maintaining a problem list, and interoperability requirements, e.g., sending a clinical summary at a transition of care.
ONC has also established a single accreditation authority, the American National Standards Institute (ANSI) to accredit CBs and a single testing authority, NIST’s National Voluntary Laboratory Accreditation Program (NVLAP) to accredit test laboratories.
Currently, there are four accredited CBs and five test labs approved by ONC, which replace the temporary program Approved Certification and Testing Bodies. They are currently standing up the testing and certification processes for the 2014 Edition criteria. Note that a single organizational entity may conduct both testing and certification as long as it maintains these as separate organizational functions. In fact, a scheme owner can operate its own certification program.
We know less about the certification programs being established by EHR/HIE WG – Healtheway and IHE. Both have initially appointed a single certification and testing body to run their programs. Their respective schemes will be focused primarily on conformance to their interoperability specifications and profiles.
So, if this is what certification is, what is its value?
First, of course, a certification program is no better than its scheme. The scheme owner must establish the value of products conforming to its set of requirements. That value is first to the users of the certified product, giving assurance that a product will at least perform to these standards.
But the value also accrues to the product vendor in establishing its bone fides in a market. In the case of international markets, a certification may be transportable eliminating the need to repeat the process in individual local markets.
In the case of health IT interoperability, it provides assurance to the vendor that – if it conforms to an interface standard – its product should be capable of exchange information with other vendor products within any conformant system. For both user and vendor, it reduces the need for one-off demonstrations and interfaces.
None of these health IT schemes is ready to ensure “plug and play,” but the third-party certification program provides a level of assurance that claims of conformance have been independently tested and reviewed against the scheme requirements.
Ed Larsen is an independent consultant whose current contracts include support of ANSI accreditation of the ONC HIT Certification Program and of the ONC S&I Framework.