Friday, July 17, 2009

HITPC Recommends Changes to HIT Certification Process: 10 Bullet Points

The recommendations from the HITPC Certification & Adoption workgroup came out yesterday (see below).

Here are my ten take-home bullet points:
  1. Certification should be solely focused on Meaningful Use, Privacy, Security, & Interoperability. Nothing extra.
  2. The setting of criteria and testing of criteria satisfaction should be done by separate entities.
  3. HHS establishes the certification criteria (not CCHIT).
  4. NIST should oversee the testing to determine if products or orgs meet the criteria.
  5. NIST can accredit orgs, such as CCHIT, to conduct the certification process.
  6. Certification is required every 4 years (this seems too long?).
  7. Slide 17 suggests a surveillance function, which might fill the 4-year gap with periodic monitoring, perhaps.
  8. Open source is clearly accommodated.
  9. CCHIT should keep doing what it is doing until further notice.
  10. "Criteria on functions/features should be high level; however, criteria on interoperability should be more explicit." (Slide 15)
If ONC and HHS agree with all of this, after public comment, then CCHIT will likely become more of a testing org, rather than a standards-setting body.

This is a huge step forward in clarifying and advancing our national HIT undertaking. The Workgroup should be congratulated for this set of recommendations.