eClinicalWorks settlement raises questions of certification, oversight

When eClinicalWorks settled with the U.S. government for allegedly misleading users about its capabilities, in part by cheating on certification tests, it raised questions of how electronic health records should be certified and monitored by the federal government.

Some are questioning the requirements established by the Office of the National Coordinator for Health Information Technology, which sets certification standards that EHRs must meet to qualify for Medicare and Medicaid incentive programs. The office's program was amended in October 2016 to include the ONC Health IT Certification Program: Enhanced Oversight and Accountability Final Rule which expands the federal oversight of health IT, including EHRs. Under the rule, the ONC can directly review certified health IT to make sure it's meeting certification requirements when the office thinks the technology endangers public health or safety.

Had that rule been in place a few years ago, said Jeff Smith, vice president of public policy for the American Medical Informatics Association, the problems with eClinicalWorks may never have become as severe. "I would like to believe that were these capabilities in place, then it wouldn't have taken this long for everybody to know this was going on and to take the appropriate actions," he said. "The oversight rule would have surfaced these issues sooner, thus mitigating some of the patient safety risks that have arisen as a result of some of the deficient technology."

The ONC, for its part, thinks the issue at hand was less about the oversight rule and more about the False Claims Act. "The thing that drove the fairly large monetary settlement was clearly the fraud," said Dr. Andrew Gettinger, chief medical information officer and director of the office of clinical quality and safety for the ONC. "I don't think the oversight rule was connected with this," he added and explained that he thinks that, in the future, ONC action under the oversight rule will need to occur "fairly infrequently."

Rather than rely on "heavy-handed regulatory oversight," Gettinger said, the industry might turn to something similar to the Aviation Safety Reporting System, an initiative the FAA and aviation community use to address safety issues by collecting safety reports and other from stakeholders across the industry. "We believe it would be better to have a protected area where various health IT stakeholders can get together to share and solve problems than to have heavy-handed regulatory oversight," he said.

The eClinicalWorks settlement not only raises questions about how to make sure already certified EHRs are safe—it also raises issues about how to make sure they're safe from the get-go, through certification. The current certification program may put patient safety in danger, Smith said, and those patient safety risks are at the core of the eClinicalWorks incident. "This case sheds light on the deficiency of the certification program in and of itself," he said.

That, in turn, is making providers nervous, said Mari Savickis, vice president of federal affairs at the College of Healthcare Information Management Executives. They're concerned about patient safety, and they also may be concerned about what will happen to their incentive payments for using eClinicalWorks. "The root cause is that EHRs need to not be developed to support an overly prescriptive set of requirements from the inception," she said. "The certification program needs to evolve."

Meanwhile, the agency will have to "focus its efforts," Savickis said, as it has less funding under Donald Trump's proposed budget cuts. The agency didn't say how those budget cuts would specifically affect what tasks it addresses first, but it did say that it will have to seek a new balance. "ONC is going to need to pivot to focus on the priorities that Cures calls for," Gettinger said. "We're looking at opportunities to be more efficient and to do more with less."