Once all the best practices for securing electronic health records (EHR) and personal health information (PHI)
are implemented and the CIO believes all HIPAA, American Recovery and Reinvestment (ARRA) and HITECH act requirements have been met, who certifies the work? Similar to having a building inspector certify and approve the work a plumber or electrician has performed on one’s home, what certification organizations is the government using for the stamp of approval on a health care institution’s efforts in managing and securing electronic health records (EHRs) and personal health information (PHI)?
Founded in 2004, CCHIT was created by the American Health Information Management Association, the Healthcare Information and Management Systems Society and the National Alliance for Health Information Technology as a nonprofit organization whose mission is accelerating the adoption of health IT.
The Joint Commission was formed in 1951 by the American College of Surgeons, the American College of Physicians, the American Hospital Association, the American Medical Association and the Canadian Medical Association as an independent, not-for-profit organization whose primary purpose is to provide voluntary accreditation for patient safety and quality health services.
CCHIT and The Joint Commission have roles associated with certification within ARRA, as stated: “The National Coordinator, in consultation with the director of the National Institute of Standards and Technology, shall keep or recognize a program or programs for the voluntary certification of health information technology as being in compliance with applicable certification criteria adopted under this subtitle.”
Roles of CCHIT and The Joint Commission
Now the key phrase in ARRA is volunteer certification of health information technology. Health care institutions need to know that it’s volunteer certification as opposed to required certification.
On Oct. 26, 2006, Mike Leavitt, then secretary of the Department of Health and Human Services (HHS), designated CCHIT as a Recognized Certification Body (RCB). Although CCHIT is an RCB for HHS, the HITECH Act does not specifically state that an EHR system must be certified by CCHIT in order for a health care institution to be eligible for any of the funding available under ARRA. As posted on the CCHIT website, 198 ambulatory EHR vendor products and 17 in-patient EHR vendor products voluntarily met the requirements of the CCHIT certification through 2008.
On Oct. 7, CCHIT released its 2011 EHR certification. The 2011 EHR certification is called CCHIT Certified 2011, and a modular release is named Preliminary ARRA 2011. Preliminary ARRA 2011 is aimed at certifying EHR systems to reflect the federal government’s EHR 2011 and 2012 requirements contained in ARRA and the HITECH Act. Please take note that this is the preliminary certification process, not the final ARRA certification process.
CCHIT’s Oct. 7 release is the first official EHR certification process approved by the Office of the National Coordinator (ONC), as required by the HITECH Act. It should be considered a landmark moment for establishing specific functional and interoperability requirements for all EHR technology.
The Joint Commission is the oldest health care accreditation organization. Since the early 1980s, the commission has incorporated information management, including the use of EHR, in its accreditation standards. Its accreditation process focuses on operational systems critical to patient safety and quality of care. Accreditation is voluntary and includes information management, EHR management and PHI management under the requirements of HIPAA. The Joint Commission’s accreditation requires a health care organization to hold an on-site survey by the commission’s survey team once every three years.
In 1996, long before the creation of CCHIT in 2004, the commission incorporated the HIPAA PHI requirements across the board in all of its accreditation programs. Although The Joint Commission is not specifically recognized by HHS as an RCB, it is considered the primary authority for quality of patient care and patient safety in the U.S. and Canada.
The major difference between the two organizations when it comes to accreditation and certification of EHR and PHI is that The Joint Commission treats EHR and PHI as just a portion of its accreditation and certification of the overall delivery of health care, whereas CCHIT focuses solely on the performance of EHR in the delivery of health services. Simply put, CCHIT looks at the EHR system and verifies that it meets requirements for managing patient information, whereas the commission looks at the EHR system and verifies that the health care organization is using it correctly in providing patient care. These are two distinctly different accreditation and health care certification processes.
In addition, The Joint Commission has a better way of dealing with a health care organization’s use of paper health records, homegrown EHR systems and nonintegrated clinical systems. The CCHIT certification process does not cover paper health records. It doesn’t have a certification process that approves different clinical systems integrations, such as whether vendor A’s pharmacy system integrates with vendor B’s in-patient system.
The fast and the furious: Health care certification moving swiftly
During the 30 years I have been in the computer industry, I have witnessed a significant amount of “certification” processes. Yet I have never seen a certification process move at the speed that the federal government, specifically HHS, is progressing with electronic medical records certification under ARRA.
In one respect, this is a very good thing. Timing is everything, and health care services do need to be improved. Speed can sometimes mean recklessness. It is somewhat ironic that for a few centuries, getting anything accomplished in Washington, D.C., always required patience. HHS and its RCB, as well as the EHR vendors, are trying to accomplish an awful lot in a very short period of time.
On Sept. 3, CCHIT held a “Town Call” meeting with more than 700 attendees, mostly EHR vendors and developers. The purpose of the meeting was to gather feedback on the CCHIT 2011 certification process. Lots of information regarding this meeting can be seen at www.ehrdecisions.com. One of the most interesting highlights of the meeting was a poll of 367 EHR vendors, in which 58 stated they would apply for CCHIT 2011 certification in October and 70 vendors said they would apply for the CCHIT Preliminary 2011 certification, also in October. The certification process wasn’t released until Oct. 7, but all those vendors were committed to doing whatever it takes to get that HHS RCB Certification approval for their respective EHR products. That will be a lot of work in a very short period of time.
Show me the money: Finding funding for health care infrastructure
In the ARRA, there is approximately $19 billion in funding to establish centrally linked health data infrastructure for the purpose of containing the health information of each American citizen by 2014. The specifics of who gets this money, and how do they get this money, are still a work in progress.
The Joint Commission treats EHR and PHI as just a portion of its accreditation and certification of the overall delivery of health care, whereas CCHIT focuses solely on the performance of EHR.
Under the ARRA, managed through HHS, there is a HITECH Priority Grants Program for the establishment of Health Information Technology Regional Extension Centers that will provide “technical assistance, guidance and information on best practices to support and accelerate health care providers’ efforts to become meaningful users of Electronic Health Records (EHRs).” It appears there is approximately $598 million available in funding for these regional centers. So does this mean the funding is for these new regional centers, or does any of this funding actually go to the health care institution to purchase EHR systems? I am not sure.
This particular funding was also confirmed by a White House press release on Aug. 20, in which Vice President Joe Biden announced the availability of grants worth nearly $1.2 billion to help hospitals and health care providers implement and use electronic health records with $598 million for regional centers and $564 million to states and qualified state designated entities “to support the development of mechanisms for information sharing within an emerging nationwide system of networks.”
What I believe most health care institutions are looking for is the government to simply tell them what they have to do to get funding to purchase an EHR system. Something like this: Health care organizations with a certain number of in-patient beds, Joint Commission certification and a certain number of outpatient visits a month will receive a specific amount of funding for an HHS-approved, CCHIT-certified EHR system.
Al Gallant is the director of technical services at Dartmouth-Hitchcock Medical Center in Lebanon, N.H. Let us know what you think about the story; email firstname.lastname@example.org.