A final rule released last week by the Office of the National Coordinator for Health IT (ONC), concerning federal oversight of electronic health records (EHRs), is being met with a mixed reaction by payer, provider, and vendor groups.
According to the rule, ONC could have the ability to decertify—and pull from the market—health IT products, such as EHRs, that don’t meet certain requirements for certification. Following decertification of a product that doesn’t meet ONC criteria, the vendor would be required to notify its customers, as well as issue a cease-and-desist notice to prevent future sales of the product, according to the rule. The rule has three main focuses, according to a Department of Health and Human Services (HHS) press release:
- Direct Review:Enabling ONC to directly review certified health IT products, including certified electronic health records systems (EHRs), and take necessary action to address circumstances such as potential risks to public health and safety. This will complement existing ONC-Authorized Certification Bodies (ONC-ACBs) responsibilities.
- Enhanced Oversight:Increasing ONC oversight of health IT testing bodies to align with ONC’s existing oversight of ONC-ACBs and provide the means for ONC to quickly, directly, and precisely address testing issues.
- Greater Transparency and Accountability:Making identifiable surveillance results of certified health IT publicly available to provide customers and users with valuable information about the overall performance of certified health IT, including illuminating good performance and continued compliance.
Under terms of the final rule, ONC walked back its proposal to review cases in which nonconformity could compromise the security or protection of patients’ health information or that could lead to inaccurate or incomplete documentation and result in bad or duplicative care, Modern Healthcare noted.
“Our decision not to establish regulatory processes for such oversight at this time is based in part on the recognition that other agencies have the ability to investigate and respond to these types of issues and our desire to make the most efficient use of limited federal resources,” the rule states.
Robert Horne, executive director of Health IT Now, a collective representing patients, providers, and payers, was disappointed with the final rule.
“…our chief concern is the potential for negative consequences from the ONC final rule. Simply put, the Office of the National Coordinator for Health IT was not created by Congress to be a regulator like the Food and Drug Administration,” said Horne in a statement to Health Data Management. He added that ONC is “clearly overstepping its statutory authority by moving forward with direct review of uncertified functionalities and products, in addition to certified products.”
Doug Fridsma, president and CEO of the American Medical Informatics Association, was more positive in his organization’s response to the rulemaking.
“We believe this rule provides a sensible process through which known and potential harms to patient safety can be identified and corrected,” said Fridsma. “We are glad to see improvements in scope and in process with this final rule, and believe this regulatory framework gives ONC the tools they need to better ensure patient safety,” Fridsma told Health Data Management.