In a final rule released last week, the Office of the National Coordinator for Health Information Technology will have more oversight of electronic health records and other technologies that store, share and analyze patient information. The rule also gives the ONC the authority to ask developers to pull noncompliant products from the market.
The ONC now has the power to decertify health IT products that don't comply with regulations or are found to pose a risk to public health or safety by causing medical errors, for example.
If the ONC decertifies a product, its developer will be required to notify affected customers and providers who purchased the products. The ONC could also issue a cease-and-desist notice to prevent the future sale or marketing of the product.
The American Medical Association supported the ONC's idea to use corrective actions to resolve patient safety and security issues involving an IT product. However, the group was concerned about the suspension or termination of an IT product's certification.
That action “may have serious repercussions for physicians and patients” since both rely on the products to coordinate care. The agency emphasized termination is a last resort. It also added a new step that gives health IT developers a chance to resolve issues prior to decertification.
The College of Healthcare Information Management Executives, a professional association that represents chief information officers at hospitals, praised the rule. Its members worry that some systems fail to calculate quality measurement data correctly, jeopardizing the accuracy of information that is increasingly tied to payment and penalties for providers.
The Electronic Health Record Association felt the ONC was overstepping its authority in its ability to decertify products. The potential cost of this rule for health IT developers, the ONC and healthcare providers could range as high as $650 million, the rule said, but it pegged the average annual cost at $6.6 million.