Publication Date: May 10, 2010
Certification is primarily a way of enforcing that products meet certain criteria or standards. It can exert a powerful influence on products and markets—an influence that is particularly potent when the certification program is run or sanctioned by government. It is therefore critical that any certification program with government imprimatur be structured carefully to support clear public policy goals and avoid unnecessary restraints on market innovation.
The American Recovery and Reinvestment Act of 2009 (ARRA) authorizes the National Coordinator for Health Information Technology to establish a voluntary certification program or programs for health IT. Although the proposed HHS program for testing and certifying EHR technology is technically voluntary, it will play a pivotal role in triggering eligibility for approximately $34 billion in stimulus funding and consequently will have a high degree of influence over technology development and choice in a rapidly changing health IT market. For these reasons, HHS must structure the certification program carefully to focus only on those elements that are necessary to achieving its policy goals while avoiding unintended consequences. Overall, the proposed program takes an appropriately measured approach to certification, as evidenced by its independence, limits in scope, emphasis on privacy and security, and flexibility for future innovations.
- HHS should create clear, standard language about the purpose and goals of its certification program, and its limitations in addressing important public policy questions raised by the adoption and use of health IT. HHS should establish ―labeling requirements for certified products that are consistent and clear to help providers and purchasers understand the scope of the testing and certification under the HHS program to implement ARRA financial incentives. In particular, the standard language should communicate the scope of certification, as well as its limitations both in terms of implementation experience and privacy and security.
- HHS should clarify the rules by which EHR modules may be exempt from testing against all privacy and security certification criteria.
- Except for the specific circumstances in which such services are being used to help health care providers and hospitals qualify for Meaningful Use incentives under ARRA, HHS should limit the scope of extending the current certification program to other forms of health IT such as electronic personal health records (PHRs) or health information exchanges (HIEs). In the eyes of the HHS-sanctioned testing and certification program, PHRs and HIEs should only be considered when packaged as EHR modules. In other words, when they are offered as components of a complete EHR or an EHR bundle, they may be tested and certified under the same rules as EHR modules, based on the limited scope of Meaningful Use. Otherwise, the public policy benefits are not clear for certifying PHRs or HIEs outside of the Meaningful Use context.
- HHS should clarify the type and scope of modifications that would require a product to be recertified.