ONC Issues Final Rule to Update Health IT Certification Program

On October 14^th, the Office of the National Coordinator for Health Information Technology, the federal entity responsible for coordinating national efforts to implement and use health information technology, issued a Rule that finalized new changes and requirements under the ONC Health IT Certification Program. The Program was launched in 2010 and is largely charged with “defining the technical requirements” for health information technology in addition to the “process by which [health information technology] may become certified and maintain its certification.” While many believe that the Rule’s greater oversight and transparency in the area of health information technology is a move in the right direction, the Rule has been met with frustration by many health information technology stakeholders.
Among many changes, perhaps the most noteworthy is that the Rule sets up a regulatory framework by which the ONC is able to directly review health information technology that has been certified under the Program. According to the Rule, the ONC can directly review health information technology and take “responsive action” under two sets of circumstances: (1) when it has reason to believe that the certified health information technology is not conforming to the Program’s requirements because it is causing risk to public health or safety, and (2) if there exists any other basis for suspected non-conformities, but may be unfeasible for an ONC-Authorized Certification Body to investigate and respond to.
In an effort to increase transparency among customers and users of health information technology, another key aspect of the Rule requires ONC-Authorized Certification Bodies to post identifiable surveillance results on the Certified Health IT Product List, which is a compilation of health information technology that has been certified through the Program. This will allow both customers and users to see whether the health information technology conforms with Program requirements, in addition to highlighting good performance.
The Rule has been met with mixed reactions. Back in March 2016, when the Rule was proposed, a total of 47 comments were generated by various stakeholders, from physician and hospital groups to healthcare software companies. Among some of the arguments cited against finalizing the proposed rule included the possibility that ONC was overstepping its boundaries because Congress did not intend for it to be a regulatory organization, that the heavy regulation by this proposed rule would “stifle” innovation in the area of health information technology and prevent companies from successfully competing in the global market, and that the proposed rule would burden providers as no showing was made that the modifications were needed or would improve the certification process.
Now that the Rule has been finalized, it’s not likely that these stakeholders will back down. In fact, one coalition group of providers, patients groups, and payers has even urged Congress to prevent the implementation of the Rule by withholding appropriations. While the Rule has identified potential costs associated with appealing, renewing, and revoking certification,

there still remain questions as to how this additional oversight will be enforced by ONC and how health information technology products will be monitored.