Skip to Content

ONC Issues Rule Proposing the Establishment of Certification Programs for Health IT

On Tuesday, the Office of the National Coordinator (ONC) for Health Information Technology (Health IT) within the U.S. Department of Health and Human Services (HHS) issued a proposed rule that establishes two voluntary certification programs to test and certify health IT. The National Coordinator for health IT is required by the American Recovery and Reinvestment Act of 2009 (ARRA)  to work with the Director of the National Institute of Standards and Technology to develop a program (or programs) for voluntary certification.
 
This proposed rule represents the third in an important set of coordinated rulemakings by HHS affecting health IT. Back in December 2009, HHS released two proposed regulations. The first, a proposed rule, describes how eligible professionals and eligible hospitals can qualify for incentive payments under the Medicare and Medicaid programs through the meaningful use of certified electronic health record (EHR) technology. The second, an interim final rule, describes the standards, implementation specifications and certification criteria that EHR technology needs to meet for providers to receive incentive payments. HHS has invited the public to submit comments on both of these rules on or before March 15, 2010. 
 
Since providers need to use “Certified EHR Technology” to qualify as meaningful users, HHS has developed a certification approach designed to ensure the technology includes the functionality that will enable achievement of meaningful use as early as 2011. The proposed approach has two phases. The first phase involves the quick implementation of a temporary certification program whereby the National Coordinator would authorize organizations to test and certify EHR technology, including Complete EHRs (EHR technology developed to meet all applicable certification criteria adopted by the HHS Secretary) and EHR Modules (any service, component, or combination thereof able to meet the requirements of at least one certification criterion adopted by the Secretary). HHS recognizes the potential innovative benefits of EHR Modules, but also expresses the need for them to include appropriate privacy and security safeguards to build trust. HHS proposes a framework (and seeks comment) for determining when authorized organizations are required to test and certify EHR Modules to the privacy and security certification criteria adopted by the Secretary.
 
The second phase involves a permanent certification program that would eventually replace the temporary program and delegate many of the National Coordinator’s responsibilities under the temporary program to others, including private sector organizations. The permanent program also would introduce accreditation requirements for certification bodies authorized by the National Coordinator. Authorized certification bodies could also potentially certify other types of health IT, including Personal Health Records.  
 
HHS invites the public to comment on the proposed temporary certification program (due 30 days after publication in the Federal Register) and the permanent certification program (due 60 days after publication in the Federal Register) here. HHS anticipates issuing separate final rules for each of these programs.