The Health IT Certification program is a voluntary program administered by the Office of the National Coordinator for Health Information Technology (ONC). It’s designed to provide training, reassurance, compliance, and excellent standards for protecting healthcare data, software, and other technology in line with federal, state, and private needs.
Although the program is not mandatory, development in line with its certificates and standards is considered necessary for providers of healthcare technology to federal and state-run initiatives, bodies, and agencies.
That’s why medical device manufacturers and healthcare software developers need to understand any changes to the standards, requirements, or certifications under the program. In September 2017, the ONC announced two major changes to the certification program.
Over Half of the Testing Criteria for Certified Products can Now be Self-Declared by the Manufacturer or Developer
The ONC currently has 55 separate testing criteria for verifying that technology and software is developed in line with its health certification standards. Of those 55 areas, 30 can now be self-declared by developers as being in line with the program’s requirements. The drive behind this change was to not have to “spend valuable time testing” with an ONC-Authorized Testing Laboratory.
These certifications are based in large part around the Centers for Medicare & Medicaid Services’ (CMS) Quality Payment Programs. Developers supporting these programs will see their administrative burden reduce as they are able to self-declare rather than having to go through a more formal process.
The ONC states that “By making this change, ONC enables ONC-ATLs and health IT developers to devote more of their resources and focus on the remaining interoperability-oriented criteria, aligning with the tenets of the 21st Century Cures Act.“
The ONC Will Use Enforcement Discretion for Randomized Surveillance of Certified Products
The agency has decided to use more discretion when carrying out randomized surveillance, and, “will not, until further notice, audit ONC-ACBs for compliance with randomized surveillance requirements or otherwise take administrative or other action to enforce such requirements.”
These changes are both designed to advance healthcare data protection and software developers. This should result in less administrative overhead and lower costs as the ONC devolves some of its power and allows vendors to self-certify.