Achieving ONC Certification and Ensuring Compliance : Your Trusted Partner

• 04 July, 2023

The majority of healthcare organizations are adopting electronic medical record (EMR) or electronic health record (EHR) systems to improve efficiency, enhance patient care, and make better decisions. According to the AHA annual survey in 2021, nearly 78% of office-based physicians and 96% of non-federal acute care hospitals have implemented certified EHR systems.

By utilizing an EHR, healthcare providers can access a patient's medical history, lab results, and other vital health information instantly, enabling them to make more informed decisions regarding patient care. However, the extensive range of EHR solutions available in the market can make the selection process overwhelming. Additionally, the costs associated with EHR implementation projects, which can reach billions of dollars, further contribute to the decision-making pressure.

To assist healthcare providers in choosing the most suitable EHR tool for their needs, the Office of the National Coordinator for Health Information Technology (ONC) established the ONC Health IT Certification Program. This program certifies EHR software that complies with federal legislation, EHR interoperability requirements, and information blocking prevention policies. It serves as a reliable selection pool of certified health IT products.

In this guide, we will provide comprehensive information on how to successfully navigate the ONC Health IT Certification Program and achieve ONC certification. You will acquire foundational knowledge about the certification program, its history, and its requirements. We will also delve into the 170.315(g)(10) Standardized API for Patient and Population Services criterion, as well as the necessary steps for API testing.

Your Trusted Partner to Achieve Compliance: KPi-Tech

In today's healthcare landscape, regulatory standards and certifications play a crucial role in ensuring the quality, interoperability, and security of healthcare IT systems. If you require ONC Certification or compliance with regulatory standards such as the Rx Module or DRUMMOND Group, we are here to support you. With our extensive experience in achieving ONC Certification and meeting industry requirements, we can guide you through the certification process and ensure your systems are compliant. In this blog post, we will explore the importance of ONC Certification and regulatory compliance, discuss the challenges you may face, and demonstrate how our expertise can assist you in meeting these critical needs.

The Significance of ONC Certification and Regulatory Compliance:

The ONC Health IT Certification Program was established under the Public Health Service Act to set standards for the dynamic health information technology industry. Independent organizations evaluate Electronic Health Record (EHR) systems to assess their capabilities in recording, securing, and sharing information. Certification is granted to providers who meet the ONC's criteria. To receive Medicaid and Medicare incentive payments, medical providers must use ONC-certified EHR systems. This certification instills confidence in providers and patients regarding the storage and use of health information.

The ONC's Health IT Certification Program is a voluntary evaluation program for health information technology that follows the frameworks established by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).

Compliance with regulatory standards, such as the Rx Module or DRUMMOND Group, demonstrates your commitment to adhering to specific requirements set by industry organizations. These certifications and compliance initiatives offer several benefits:

1. Enhanced Interoperability

   ONC Certification and regulatory compliance help promote interoperability, enabling seamless exchange of health information across different systems. This ensures that patient data is accessible, accurate, and secure, supporting coordinated and efficient care delivery.

2. Patient Safety and Quality of Care

   Meeting certification and compliance requirements helps improve patient safety by ensuring that health IT systems adhere to standards and regulations designed to protect patient information and facilitate safe clinical workflows. It promotes the use of reliable, standardized processes, reducing the risk of errors and improving the overall quality of care.

3. Marketability and Competitive Advantage

   Achieving ONC Certification and meeting regulatory standards enhances the marketability of your healthcare IT products or services. It signals to healthcare providers, payers, and patients that your solutions meet the highest industry standards, giving you a competitive advantage in the marketplace.

The ONC Health IT Certification Program involves several key entities that collaborate to establish and maintain the testing and certification requirements for Health IT products. These entities include:

1. National Institute of Standards and Technology (NIST)

   NIST works together with the ONC to create the necessary testing infrastructure and tools for the certification program.

2. National Voluntary Laboratory Accreditation Program (NVLAP)

   NVLAP is responsible for accrediting testing laboratories. These laboratories evaluate the conformity of health IT products with the criteria outlined in the ONC Health IT Certification.

3. Accreditation Bodies

   These bodies have the role of accrediting certification bodies. Certification bodies are responsible for granting ONC certifications to health IT products.

4. ONC-Authorized Testing Laboratories (ONC-ATLs)

   ONC-ATLs are authorized to conduct the actual testing of health IT products. They assess whether these products conform to the standards set by the ONC.

5. ONC-Authorized Certification Bodies (ONC-ACBs)

   ONC-ACBs are authorized to grant certifications to health IT products that meet the ONC's certification criteria. The results of these certifications are published on the Certified Health IT Product List (CHPL).

6. Health IT Developers

   These are the entities that develop health IT products. They seek certification from ONC-ACBs to ensure that their products meet the criteria defined by the ONC Certification Program.

21st Century ONC Cures Act Update

Since its establishment in 2010, the ONC Health IT Certification Program has undergone four editions, each aimed at advancing its objectives. The program consistently seeks improvement by updating certification criteria, standards, and implementation specifications to enhance interoperability and facilitate health information exchange across diverse clinical health information purposes.

The most recent version of the program is the 2015 Edition Cures Act Update, which was released in 2020 as part of the 21st Century Cures Act. This edition further emphasizes the seamless and secure access, exchange, and utilization of electronic health information.

The ONC Health IT Certification Program has the following goals:

1. Ensure uninterrupted and secure access to Electronic Health Information (EHI).
2. Foster an environment that promotes innovation and competition by encouraging the development of new applications.
3. Encourage the widespread use of standardized Application Programming Interfaces (APIs).
4. Prevent the practice of information blocking, which refers to actions that hinder or discourage the access, exchange, or use of electronic health information.
5. Impact areas such as Fast Healthcare Interoperability Resources (FHIR), information blocking, SMART IG/OAuth2.0, and various other relevant areas.

The Cures Act encompasses multiple healthcare sectors and establishes seven ongoing Conditions and Maintenance of Certification:

1. APIs

   Health IT must provide transparent access to APIs and comply with updated API requirements.

2. Assurances

   Health IT must report that it does not obstruct the exchange of electronic health information (EHI).

3. Attestations

   Health IT must attest to complying with the Conditions and Maintenance of Certification every six months, starting from April 2021.

4. Communications

   Health IT cannot impede communications concerning the usability, interoperability, security, user experiences, business practices, or manner of use of health IT.

5. Information Blocking

   Health IT must not engage in actions that hinder the access, exchange, or use of patient information.

6. Real-World Testing

   Health IT must create and implement a plan to thoroughly test the real-world use of the EHR on an annual basis. The initial plan must be completed by the end of 2021 and implemented in 2022.

7. Submission of EHR Reporting Criteria

   Act Under the ONC Health IT Certification Program, health IT developers must comply with reporting criteria for certified health IT as mandated by the 21st Century Cures Act. The EHR Reporting Program is currently being developed, and future rulemaking will outline the Condition and Maintenance of Certification requirements for health IT developers.

Furthermore, the update includes a provision mandating that patients have electronic access to all their electronic health information, structured or unstructured, at no cost to them.

What are the ONC Certification Criteria?

The ONC has released three versions of certification criteria, with the most recent being the 2015 Edition Health IT Certification Criteria. To obtain 2015 Edition Certified EHR Technology (CEHRT) status, vendors must ensure that their EHR systems or health IT modules meet the 2015 Edition certification criteria and the 2015 Edition Base EHR definition. Unlike previous versions of the program, the 2015 Edition criteria are program-agnostic and can support various use cases and incentive programs.

RELATED: Standards & Regulations for Healthcare IT Services and Software development

The certification criteria for the 2015 Edition focus on several key areas:

1. Interoperability

   The criteria incorporate standards for organizing, documenting, and sharing healthcare data to promote interoperability. This includes the use of a standardized Common Clinical Data Set and compliance with the C-CDA exchange standard.

2. Health data exchange and access

   Certified health IT should have enhanced data export capabilities, support transitions of care, and allow third-party access through an API.

3. Health IT standardization

   The final rule establishes a framework for an open and accessible Health IT Certification Program that supports different care settings, practice settings, and public and private interests.

4. Enhanced demographic data capture

   Health IT tools must capture detailed information related to race, ethnicity, sexual orientation, gender identity, socioeconomic factors, psychological history, and behavioral health concerns.

5. Sensitive data segmentation

   The final rule promotes the secure exchange of sensitive health information by incorporating data privacy requirements and allowing data segmentation for privacy purposes.

In order to fulfill the requirements of the 2015 base EHR definition, a system should possess the following capabilities:

1. Offer clinical decision support functionality.

2. Support physician order entry.

3. Capture and query health information.

4. Exchange health information with external sources and integrate information received from those sources.

5. Store patient demographic and clinical health information, including medical history and problem lists.

Challenges in Achieving ONC Certification and Regulatory Compliance:

While the benefits of certification and compliance are substantial, the journey to achieve them can present challenges:

1. Complex Certification Criteria

   ONC Certification and regulatory standards often encompass a wide range of technical, functional, and security requirements. Navigating these criteria and understanding their implications can be complex, requiring a deep understanding of the certification process.

2. Implementation and Integration

   Meeting certification and compliance requirements often necessitates modifications or enhancements to your existing systems. Ensuring smooth implementation and integration of these changes while minimizing disruptions to daily operations can be a significant challenge.

3. Maintenance and Updates

   Certifications and compliance requirements evolve over time. Keeping up with changes, performing necessary updates, and maintaining ongoing compliance can be a demanding task, requiring dedicated resources and expertise.

Our Expertise in Achieving Certification and Ensuring Compliance:

At KPi-Tech Services, we specialize in helping healthcare organizations achieve ONC Certification and meet regulatory standards. Here's how we can support your certification and compliance needs:

1. Comprehensive Assessment and Planning

   Our experienced team will conduct a comprehensive assessment of your systems, identifying gaps and areas requiring attention to meet certification and compliance requirements. We will then develop a customized roadmap and plan to guide you through the process, ensuring a systematic approach.

2. Implementation and Integration

   Our experts will collaborate closely with your team to implement the necessary changes and enhancements required for certification and compliance. We will ensure smooth integration of new functionalities, seamless data exchange, and minimal disruption to your daily operations.

3. Ongoing Maintenance and Updates

   Our commitment doesn't end with certification. We provide ongoing support and maintenance services to keep your systems compliant with evolving standards. We will monitor changes in certification criteria and regulatory requirements, perform necessary updates, and guide you through subsequent certifications and renewals.

4. Documentation and Audit Support

   We understand the importance of comprehensive documentation and audit preparation. Our team will assist you in preparing the necessary documentation, ensuring that you are well-prepared for audits and evaluations.

Achieving ONC Certification and ensuring compliance with regulatory standards is a critical step in demonstrating your commitment to quality, interoperability, and patient safety. With our expertise and experience, we are dedicated to supporting you throughout the certification process, helping you meet regulatory requirements, and ensuring your systems are compliant.

Contact KPi-Tech Services today to discuss your certification and compliance needs and let us be your trusted partner in achieving regulatory excellence.

Together, we can navigate the complexities and ensure your healthcare IT systems meet the highest industry standards.