Elise Sweeney Anthony and Steven Posnack | September 21, 2017

The Office of the National Coordinator for Health Information Technology (ONC) is always on the lookout for ways to improve the ONC Health IT Certification Program’s efficiency and reduce burden on health information technology (health IT) users and health IT developers. Whether it is making certification criteria clarifications clearer and more rapidly accessible through the Certification Companion Guides, or offering more flexible certification options through rulemaking, ONC looks to achieve its mission in the most nimble way possible while still serving the needs of patients, providers, and the health IT community.

To that end, today ONC announced two changes designed to improve the Certification Program’s efficiency and reduce burden industry-wide. These include:

Approving more than 50% of test procedures to be self-declaration; and

Exercising discretion for randomized surveillance of certified health IT products.

These changes were recently issued to ONC-Authorized Certification Bodies (ONC-ACBs) and ONC-Authorized Testing Laboratories (ONC-ATLs).

Self-Declaration for Certain Certification Criteria

First, ONC revised the ONC-approved test procedures for 30 out of the 55 certification criteria that were adopted to, in part, support the Centers for Medicare & Medicaid Services’ (CMS) Quality Payment Programs; those 30 certification criteria are now “self-declaration only.” This means that health IT developers will self-declare their product’s conformance to these criteria without having to spend valuable time testing with an ONC-ATL. This testing typically included either a visual demonstration of the product’s functionality or submission of documentation confirming the required functionality.

Self-declaration is not a new approach and is used among other industry testing programs. In evaluating the Certification Program’s potential burdens, ONC determined that this industry approach would best meet our efficiency goals while maintaining overall integrity.

Notably, the test procedures for health IT products now designated as “self-declaration” are for functionality-based certification criteria. By making this change, ONC enables ONC-ATLs and health IT developers to devote more of their resources and focus on the remaining interoperability-oriented criteria, aligning with the tenets of the 21st Century Cures Act. In addition, health IT developers are still required to meet certification criteria requirements and maintain their products’ conformance to the full scope of the criteria. Any non-conformity complaints received and associated with these certification criteria would continue to be reviewed and investigated by ONC-ACBs.

Exercising Enforcement Discretion for Randomized Surveillance Requirements

Second, ONC is exercising enforcement discretion when it comes to ONC-ACBs conducting randomized surveillance, including the requirement to conduct randomized surveillance for, at a minimum, two percent of the health IT certifications they issue. ONC will not, until further notice, audit ONC-ACBs for compliance with randomized surveillance requirements or otherwise take administrative or other action to enforce such requirements against ONC-ACBs. In addition, we will not consider lack of implementation of these requirements by an ONC-ACB to be a violation of an ONC-ACB’s compliance requirements under the Principles of Proper Conduct, nor will it impact an ONC-ACB’s good standing under the Certification Program.

This exercise of enforcement discretion will permit ONC-ACBs to prioritize complaint driven, or reactive, surveillance and allow them to devote their resources to certifying health IT to the 2015 Edition. These new actions we are announcing today will support greater availability of certified health IT for providers participating in the CMS’ Quality Payment Program.