The Office of the National Coordinator for Health IT has finalized a rule (PDF) that will give it more oversight over certifying electronic health records and other technologies that store, share and analyze health information for consumers. The rule also gives the ONC the authority to ask developers to pull noncompliant products from the market.
The ONC first proposed increasing its role in the certification, review, and testing of health IT products in a draft rule released this past March. The agency received 48 comments by its May 2 deadline.
The ONC would now have the power to decertify health IT products that don't comply with regulations or are found to pose a risk to public health or safety, for example, if they caused medical errors.
If the ONC decertified a product, its developer would be required to notify affected customers and providers who purchased the products. The ONC would also issue a cease-and-desist notice to prevent the future sale or marketing of the product.
In the final rule, the agency backed off a proposal to review cases in which nonconformity could compromise the security or protection of patients' health information or that could lead to inaccurate or incomplete documentation and result in bad or duplicative care.
“Our decision not to establish regulatory processes for such oversight at this time is based in part on the recognition that other agencies have the ability to investigate and respond to these types of issues and our desire to make the most efficient use of limited federal resources,” the rule said.
Response to the rulemaking was mixed. The American Medical Association supported the ONC's idea to use corrective actions to resolve patient safety and security issues involving an IT product. However, the trade group was concerned about the suspension or termination of an IT product's certification.
That action “may have serious repercussions for physicians and patients. Without these tools, physicians and patients may be unable to access necessary information or coordinate care,” the trade group said in a letter commenting on the draft rule.
In response to the comment, the agency emphasized termination is a last resort. It also added a new, intermediate step in the direct review process called "proposed termination." That will give health IT developers a chance to resolve issues regarding a nonconformity prior to decertification.
The College of Healthcare Information Management Executives, a trade group that represents chief information officers at hospitals, praised the rule for addressing clinicians' concern about the usability of EHRs. Other members worry that some systems fail to calculate quality measurement data correctly, jeopardizing the accuracy of information that is increasingly tied to payment and penalties for providers.
The Electronic Health Record (EHR) Association felt the ONC's proposed rule inappropriately expands the agency's legal authority.
The potential costs of this rule for health IT developers, the ONC and healthcare providers may be as much as $650 million, with an annual cost of $6.5 million.