Here are my ten take-home bullet points:
- Certification should be solely focused on Meaningful Use, Privacy, Security, & Interoperability. Nothing extra.
- The setting of criteria and testing of criteria satisfaction should be done by separate entities.
- HHS establishes the certification criteria (not CCHIT).
- NIST should oversee the testing to determine if products or orgs meet the criteria.
- NIST can accredit orgs, such as CCHIT, to conduct the certification process.
- Certification is required every 4 years (this seems too long?).
- Slide 17 suggests a surveillance function, which might fill the 4-year gap with periodic monitoring, perhaps.
- Open source is clearly accommodated.
- CCHIT should keep doing what it is doing until further notice.
- "Criteria on functions/features should be high level; however, criteria on interoperability should be more explicit." (Slide 15)
If ONC and HHS agree with all of this, after public comment, then CCHIT will likely become more of a testing org, rather than a standards-setting body.
This is a huge step forward in clarifying and advancing our national HIT undertaking. The Workgroup should be congratulated for this set of recommendations.