Feds propose tougher look at whether EHRs work

The federal health information technology coordinator's proposed certification rule signals that the agency wants to better ensure that electronic health-record systems perform as promised.

Last week, HHS' Office of the National Coordinator for Health IT proposed a two-pronged approach to achieve that goal. It will increase transparency for EHR systems marketed to providers and encourage EHR certifying bodies to raise their minimum standards.

“This will create another level of accountability,” said Cletis Earle, chief information officer at St. Luke's Cornwall Hospital, Newburgh, N.Y. “We're all challenged by lack of functionality to hit these (meaningful-use) measures,” he said. “It's because these systems are not truly ready.”

Providers say it's common for them to purchase a “complete” EHR, certified as complying with the meaningful-use program, only to find that they have to pay extra to achieve the program's goals.

The certification program is supposed to give clients assurance that what they're buying can perform the tasks required by the federal meaningful-use program. Certifying groups inspect EHRs in a controlled environment, then check to see if they work in the field.

But some buyers say the certified EHRs often do not perform as promised, and action is needed to ensure that they do. Earle said that when the second stage of the meaningful-use incentive program rolled out, St. Luke's Cornwall was using Meditech Magic, version 5.66. According to the government's EHR list, the program is certified for the “view, download and transmit” function, which allows patients to access their data and transport it elsewhere.

Earle said, however, that the software didn't actually have that capability. So he either had to buy a module from Meditech or a third party, or build one. Earle chose to buy one, which cost “tens of thousands of dollars.” Meditech did not respond to a request for comment.

“Time and time again, I'm going back to my vendors, and saying, 'Look, these are the regulatory requirements, and you're not necessarily making sure we fit those initiatives,' ” he said.

Charles Christian, CIO of St. Francis Hospital in Columbus, Ga., said he's had similar experiences with his hospital's EHR and direct messaging using the C-CDA standard, which allows hospitals to exchange patient data. His vendor attempted to sell the capability as an extra, despite claiming the EHR was complete. “After expressing my disappointment that they would use this as a revenue opportunity, I was successful in getting the services turned on without additional costs,” he said.

Dr. Farzad Mostashari, who formerly headed the ONC and now is CEO of the health IT firm Aledade, said such problems likely spurred the ONC to act. “I don't think that every vendor did this, or every certification requirement was treated this way,” he said. “But enough vendors are doing it in enough certification criteria.”

To win certification, the ONC now wants EHR vendors to disclose more information about the use of their systems, including how much it would cost to make the EHR perform as certified. The other prong of the agency's proposal is to increase surveillance requirements. The agency hopes that higher minimum requirements will stimulate more thorough surveillance by certifying bodies. The intent is for the certifying bodies to investigate whether the EHR systems are performing in the field as they do in the lab.

That will be accomplished through two methods: reactive surveillance, in which a certifying body responds to complaints from customers in the field; and randomized surveillance, in which a certifying body proactively inspects EHRs used by clinicians.

With randomized surveillance, the agency proposes that each certifying body must select 10% of its certified products per year to inspect for compliance.

Strengthening the inspection requirements is critical, Mostashari said. Up to now, he said, vendors “develop the functionality in order to pass the (certification) test. They don't bother reworking the whole product to make that function or feature a core part of their production environment.”

But Earle worries that the auditors testing the systems might not be up to the job, saying they need to have clinical experience to understand why certain functionalities might fail.

As a part of the proposed rule, the ONC is considering how to go about stripping an EHR's certification. But decertifying a product means it cannot be used to attest for meaningful use—which affects all the providers using that product, Mostashari warned. They might have to switch systems or hope the product can regain certification. “There has to be a lot of thought given to the process, to the due process, and how to minimize the potential impact to the innocent bystanders,” he said.