Category Archives: Certification for EHRs

HIT Standards Committee Mtg: Consumer Permissions, Consent Mgmt- March 24, 2010

Posted on by
Reply

HIT Standards Committee–Consumer Permissions, Consent Management
March 24, 2010
9:00 a.m. to 2:15 p.m. [Eastern Time]
Below agenda, key points are excerpted from Privacy and Security Workgroup about consumer permissions and consent management, including schedule for educational sessions.

A G E N D A (pdf)
Washington, DC

9:00 a.m. CALL TO ORDER – Judy Sparrow
Office of the National Coordinator for Health Information Technology
9:05 a.m. Opening Remarks – David Blumenthal, MD, MPP
National Coordinator for Health Information Technology
9:15 a.m. Review of the Agenda – John Halamka, Vice Chair
9:20 a.m. Priority Setting & Synchronization with the HIT Policy Committee
John Halamka, Vice Chair
9:45 a.m. Implementation Workgroup Report on Implementation Starter Kit Hearing
Aneesh Chopra, Chair
Liz Johnson, Workgroup member
Cris Ross, Workgroup member
10:30 a.m. NHIN Direct Interoperability Framework
Doug Fridsma, Office of the National Coordinator
11:15 a.m. Clinical Operations Workgroup/Vocabulary Task Force Update
Jamie Ferguson, Chair
11:45 a.m. Clinical Quality Workgroup Update
Janet Corrigan, Chair
Floyd Eisenberg, Workgroup member
12:15 p.m. LUNCH
1:00 p.m. Privacy & Security Workgroup Update (PPT)
Dixie Baker, Chair
Steve Findlay, Co-Chair
1:30 p.m. Report on Certification NPRM (PPT)
Carol Bean, Office of the National Coordinator
Steven Posnack, Office of the National Coordinator
2:00 p.m. Public Comment
2:15 p.m. Adjourn

To Participate
Webconference
Audio:
You may listen in via computer or telephone.
US toll free:   1-877-705-6006
International Direct:  1-201-689-8557
Confirmation Code: HIT Committee Meeting  

Key Notes Excerpted from
Privacy and Security Workgroup Slides
Focus on Consumer Permissions, Consent Mgmt
PPT Slides
Progress
–Updated IFR Review to incorporate comments from the HIT Standards Committee – submitted to HITSC Chairs
–Supporting HIT Policy Committee’s Privacy and Security Policy Workgroup, and aligning our standards efforts to their priorities
          Consent management
          Review of existing security policy inherent in HIPAA Security Rule
–Launching educational sessions on standards activities around consent management

Consumer Health Permissions
–Privacy Consent (or Consent Directive) – Consumer’s written or verbal permission to collect, use, and/or disclose individually identifiable health information (IIHI)
–Privacy Authorization – A signed, written document that contains all of the elements required by the HIPAA Privacy Rule and that gives a covered entity permission to use or disclose specified IIHI for specified purposes
–Informed Consent – Consumer’s written permission to perform a specific medical procedure, or to participate in a specific research study or clinical trial, that is given only after the consumer has been fully informed of the purposes, risks, benefits, confidentiality protections, and other relevant aspects of the activity

Consent Management Today
–Consumer permissions captured as manual signature on paper form
–Paper forms filed in each organization who holds consumer’s private health information

Consent Management Tomorrow
–Consent/Authorization: Consumer digitally signs consent or authorization
–Permissions and updates captured as part of health record
–Permissions interpretable by humans & computers
–Permissions cross-validated & translated into consent rules enforced by security access control mechanisms
–Rules inexorably tied to information exchanged – updates propagated to all data instances throughout life cycle

Standards Needed
–Digital signatures
–•Privacy policies •Data model & schema •Permission syntax & vocabulary
–•Cross-validation of consumer permissions •Maintaining and retrieving permissions •Translating permissions into access-control rules •Enforcement and auditing of permission-related activities
–•Exchanging permissions & access rules •Propagating permission revocations & modifications

Educational Sessions Re: Standardization Efforts Relating to Consent Management
April 1, 2:00-4:00pm ET:  Organization for the Advancement of Structured Information Standards (OASIS) / International Security Trust and Privacy Alliance (ISTPA) Privacy Management Reference Model (PMRM); Speakers – John Sabo, Michael Willett
April 23, 2:00-4:00pm ET:  Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC) Profile; Speaker – John Moehrke
•[Schedule TBD]:  Health Level 7 (HL7) Version 3 Domain Analysis Model: Medical Records; Composite Privacy Consent Directive – Speaker (TBD)
[Schedule TBD]:  OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) and eXtensible Access Control Markup Language (XACML) – Speaker (TBD)

Certification Programs for HIT Webinar on Rulemaking NPRM Mar 25, 4pm EDT

Posted on by
Reply

Certification Programs for Health IT Webinar
Focus on Proposed Rulemaking NPRM
March 25, 2010 4:00 – 5:00 p.m. EDT
Sent via email on March 19, 2010
On March 25, 2010 from 4:00 – 5:00 p.m. EDT, The Office of the National Coordinator for Health Information Technology (ONC), with the National Institute of Standards and Technology (NIST), will present a webinar on the recently released Certification Programs for HIT Notice of Proposed Rulemaking (NPRM).  Public comments on the NPRM are now being accepted.  The temporary certification program’s comment period ends April 9 and the permanent certification program’s comment period ends May 10.  Because this NPRM is currently in the comment period phase, this webinar will be solely informational and seeks to help listeners better understand the proposals included in the NPRM.  

Background
Eligible professionals and eligible hospitals who seek to qualify for incentive payments under the Medicare and Medicaid EHR Incentive Programs are required by statute to use Certified EHR Technology.  This webinar will discuss the proposals included in the NPRM that would enable eligible professionals and eligible hospitals to adopt health IT that meets the definition of Certified EHR Technology.   

Learn more about the NPRM at http://healthit.hhs.gov/CertificationNPRM

To Participate
There is limited space on this webinar. For those unable to join, there will be a transcript posted to the ONC website, http://healthit.hhs.gov, by March 29, 2010.

Join the meeting

Audio Information
Dial-In: 1-888-673-9805
Participant Passcode: 9033671

First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.

Troubleshooting
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
  2. Copy and paste the required information:
    • Meeting ID: 9CS6RH
    • Entry Code: 5z}BQR5

If you still cannot enter the meeting, contact support
# # #

ONC Web site on Certification Programs NPRM
Certification NPRM | [PDF - 463 KB]
Submit a comment on the certification NPRM
Facts-at-a-Glance
Frequently Asked Questions
ONC HIMSS Town Hall (3/2/2010) Slides [PDF - 1.31 MB]
Certification NPRM Webinar

ONC publishes certification rule, triggers comment period

Posted on by
Reply

ONC publishes certification rule, triggers comment period
Certification Programs Proposed: ONC description/links
Diana Manos of Healthcare IT, reported on March 11, 2010 “ONC policy analyst Steven Posnack said the 184-page certification proposal (published in the Federal Register on March 10, 2010) will allow organizations to apply for temporary or permanent authorization to become certification bodies. The ONC is proposing the temporary certification to speed things up because of the looming deadline, he said.”

April 9 Deadline for comments on Temporary Certification
May 10 Deadline for comments on Permanent Certification

Certification Programs NPRM
Excerpts from ONC site on March 11, 2010:
“Certification of Health IT will provide assurance to purchasers and other users that an EHR system, or other relevant technology, offers the necessary technological capability, functionality, and security to help them meet the meaningful use criteria established for a given phase. Providers and patients must also be confident that the electronic health IT products and systems they use are secure, can maintain data confidentially, and can work with other systems to share information.  Confidence in health IT systems is an important part of advancing health IT system adoption and allowing for the realization of the benefits of improved patient care.

“Eligible professionals and eligible hospitals who seek to qualify for incentive payments under the Medicare and Medicaid EHR Incentive Programs are required by statute to use Certified EHR Technology.  Once certified, Complete EHRs and EHR Modules would be able to be used by eligible professionals and eligible hospitals, or be combined, to meet the statutory requirement for Certified EHR Technology.  

“To this end, an NPRM proposing the establishment of certification programs for purposes of testing and certifying health information technology was issued in March 2010 with a request for comments. The NPRM proposes:

  • A temporary certification program to assure the availability of Certified EHR Technology prior to the date on which health care providers seeking the incentive payments would begin to report demonstrable meaningful use of Certified EHR Technology. 
     
  • A permanent certification program to replace the temporary certification program. ”

Learn more about the NPRM

Certification NPRM | [PDF - 463 KB]  (Federal Register, March 10, 2010)
Submit a comment on the certification NPRM
Facts-at-a-Glance
Frequently Asked Questions
ONC HIMSS Town Hall (3/2/2010) Slides [PDF - 1.31 MB]

Additional Information
“In collaboration with ONC, the National Institute of Standards and Technology (NIST) is developing the functional and conformance testing requirements, test cases, and test tools to support the proposed Health IT Certification Programs. These conformance test methods (test procedures, test data, and test tools) will help ensure compliance with the meaningful use technical requirements and standards.”

http://xw2k.nist.gov/healthcare/use_testing/index.html
# # #
For e-Healthcare Marketing selections from NIST Health IT Standards and Testing site.

NIST Launches Health IT Standards and Testing site

Posted on by
Reply

NIST Launches Health IT Standards and Testing site
http://healthcare.nist.gov
On February 26, 2010, the National Institute of Standards and Technology (NIST) launched the NIST Health IT Standards and Testing web siteExcerpts from the new site: ”This site provides information about the key health IT testing initiatives underway. It provides an overview of the Health IT Standards Testing Infrastructure,

NIST HIT Standards and Testing

NIST HIT Standards and Testing

information and access to the test methods to meet meaningful use technical requirements and standards, access to the Health IT Implementation Testing and Support website, as well as educational material on conformance and interoperability testing.”

This program is overseen by the NIST Information Technology Laboratory (ITL).

The site is dividied into four major sections:
1. Health IT Testing Infrastructure
2. Meaningful Use Test Methods
3. What is Conformance Testing
4. Health IT Testing and Support  

1. Health IT Testing Infrastructure
“NIST is responsible for leading the development of the core health IT testing infrastructure that will provide a scalable, multi-partner, automated, remote capability for current and future testing needs.  

“The objective of the Health IT Standards Testing Infrastructure Project is to harmonize the efforts of healthcare standards test development and delivery to meet the demands for conformance and interoperability within the healthcare domain. This is accomplished by working in collaboration with health IT stakeholders such as vendors, implementers, standards organizations and certification bodies to establish a testing infrastructure…”  

Project Stakeholders
“NIST will work with stakeholders to establish and utilize a testing infrastructure that will help ensure that the health information of Americans is exchanged safely, securely, reliably, and only to appropriate sources, and that the standards used are appropriate, consistent, and effective. The stakeholder landscape is outlined as follows:” 

NIST Stakeholders

NIST Stakeholders

 HITSP, SDOs, NHIN contribute standards and specifications. HIT vendors, system implementers, NHIN participants, and 3rd party testing organizations conduct testing. Certification bodies perform certification.

“The testing infrastructure is intended to centralize health IT testing resources to provide the U.S. healthcare IT industry and the Federal Government with a robust conformance and interoperability testing capability.”

2. Meaningful Use Test Methods
“In support of the health IT certification program, NIST is developing the conformance test methods (test procedures, test data, and test tools) to ensure compliance with the meaningful use technical requirements and standards.

“In developing the test methods, NIST has conducted an analysis of the HHS/ONC Interim Final Rule (IFR) published in the Federal Register on January 13, 2010 including:
–the functional and interoperable requirements
–the referenced standards
–the derived test requirements based on the functional and interoperable requirements and referenced standards
–the test methods and test procedures which could be used to validate conformance with the derived test requirements
–the assumptions which may influence the selection of a specific test method or the scope of testing”

3. What is Conformance Testing
NIST provides the necessary conformance tests, test tools and techniques to advance healthcare information technology standards that are complete and testable. As an introduction and overview into testing, the following articles provide details around healthcare information technology conformance and interoperability testing.”

Articles on Conformance Testing

4. Health IT Testing and Support
The Health IT Implementation Testing and Support website provides health IT implementers with access to the tools and resources needed to support and test their implementation of standards-based health systems. The site provides information about the key initiatives that serve as the foundation for the nationwide health IT infrastructure. It provides an overview of the HITSP Interoperability Specifications and the standards that they reference; and provides access to the test resources that are available to support their implementations.

“Visit the Health IT Implementation Testing and Support website for more information.”  

Certification Program Proposed by ONC

Posted on by
Reply

Certification Program Proposed by ONC
Facts-At-Glance, FAQs Posted
The official Notice of Proposed Rulemaking (NPRM) on EHR Certification was posted on March 2, 2010 by the Office of National Coordinator for Health IT, in addition to the release of Letter #10 from National Coordinator David Blumenthal on the same subject.

ONC Page on EHR Certification Programs

  • Certification NPRM [PDF - 1.14 MB]
    Please note: This PDF file is the version submitted to the Federal Register.  The link will be replaced with an official version once it is published in the Federal Register. Persons with disabilities having problems accessing the above pdf file may call 202-690-7151 for assistance.
  • Facts-at-a-Glance
  • Frequently Asked Questions
  • Blumenthal’s Letter #10 on Certification

    • Facts-at-a-Glance
    excerpted from ONC site on Mar 2, 2010 

    • Section 3001(c)(5) of the Public Health Service Act (PHSA) as added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires the National Coordinator, in consultation with the Director of the National Institute of Standards and Technology, to keep or recognize a program or programs for the voluntary certification of health information technology (health IT)as being in compliance with applicable certification criteria.
    • Certification of EHR Technology will provide assurance to purchasers and other users of health IT that an EHR system offers the necessary technological capability, functionality, and security to meet meaningful use criteria.
    • Under this authority the Office of the National Coordinator for Health Information Technology (ONC) has issued a Notice of Proposed Rulemaking (NPRM) proposing the establishment of two certification programs for the purposes of testing and certifying health IT, one temporary and one permanent.
    • As required by statute, ONC has consulted with NIST on all aspects of developing the proposed certification programs, and will continue to consult and collaborate with NIST during the implementation and operational phases of both temporary and certification programs.  NIST is developing a test method and infrastructure that will be used by testing laboratories in the testing component of both certification programs.
    • Certified EHR technology is a requirement for providers to receive incentive payments for the adoption and meaningful use of EHRs under the Medicare & Medicaid Incentives Program. The development of these programs is also authorized by the HITECH Act and a separate proposed regulation has been published that outlines provisions governing the program.  The proposed rule may be viewed at http://edocket.access.gpo.gov/2010/E9-31217.htm.
    • An initial set of standards, implementation specifications, and certification criteria for Complete EHRs and EHR Modules was also published in a related Interim Final Rule. This rule may be viewed at http://edocket.access.gpo.gov/2010/E9-31216.htm.
    • The first proposal within the NPRM would establish a temporary certification program whereby the National Coordinator would authorize organizations to test and certify Complete EHRs and/or EHR Modules, thereby assuring the availability of Certified EHR Technology prior to the reporting period in which health care providers may seek the incentive payments available under the Medicare and Medicaid EHR Incentives Program demonstrating meaningful use of Certified EHR Technology. 
    • The second proposal within the Certification Programs NPRM would establish a permanent certification program to replace the temporary certification program.  The permanent certification program would separate the responsibilities for performing testing and certification, introduce accreditation requirements, establish requirements for certification bodies authorized by the National Coordinator to related to the surveillance of Certified EHR Technology, and would include the potential for certification bodies authorized by the National Coordinator to certify other types of health besides Complete EHRs and EHR Modules.
    • The temporary program would end once the permanent certification program is established and at least one certification body has been authorized by the National Coordinator.
    • The public comment period for the temporary certification program will be open for 30 days after publication. The public comment period for the permanent certification program will be open for 60 days after publication.   
    • While two certification programs are described in this proposed rule, ONC anticipates issuing separate final rules for each of the programs.
    • To inform the rulemaking processes, ONC received recommendations from the HIT Policy Committee (a Federal Advisory Committee), and input from technical subject matter experts, health care providers, and other stakeholders.                                                        

      FAQs as posted on ONC site 2010/03/02