EHR FAQ

September 13, 2010 at 2:30 pm admin 2 comments

General EHR FAQ

1. How do I use the ONC CHPL?

The ONC Certified Health Product Listing functionality was updated December 24, 2010 with the addition of a shopping cart which is used to ultimately issue the CMS EHR Certification ID number. Users can obtain the CMS EHR Certification ID number by following these steps:

Go the ONC CHPL website: http://onc-chpl.force.com/ehrcert

a. Following the instructions on the site, search for the certified EHR products. There are many ways to search, but one option is to search by the ONC EHR Certification ID assigned to the vendor.

b. When the EHR product(s) is found, select the link on its row called “Add to Cart”. There is a shopping cart icon next to it.

c. When all EHR products used by the EP or hospital have been added to the cart, select the “View Cart” link at the top right which also has a shopping cart icon next to it.

d. Now in the Certification Cart section, verify the products in the cart are correct and then select the “Get CMS EHR Certification ID” button in the top right corner to request a CMS EHR Certification ID. However, the button will not be activated until the items in your cart meet 100% of the required criteria. If your EHR product(s) do not meet 100% of the Meaningful Use incentives, then a CMS EHR Certification ID number will not be issued.

e. Finally, you will see the CMS EHR Certification ID. It is typically a 15 digit string made up alphanumeric characters.

2. How much does it cost to test and certify with Drummond Group?

On page 10 of our EHR Testing and Certification Guide located here, you will find pricing. This valuable document also details the process from registration through certification. It includes answers to many questions such as: how to register, how to reserve a test date, test and certification process, the process for retesting, and much more.

3. Where can I find more information and standards on the HHC IT final rule for EHR?

You can find the criteria and set of standards in the ONC Standards and Certification Criteria Final Rule. Refer to sections 170.302 and 170.304 for more information on ambulatory criteria. Refer to sections 170.302 and 170.306 for more information on inpatient criteria. You can find the final rule document here: http://edocket.access.gpo.gov/2010/pdf/2010-17210.pdf.

4. Where can I find the NIST test criteria?

You can find the criteria here: http://healthcare.nist.gov/use_testing/effective_requirements.html

5. What are Clinical Quality Measures?

For more information on the certification requirements regarding clinical quality measures, see the ONC FAQ Question #12: http://healthit.hhs.gov/portal/server.pt/community/onc_regulations_faqs/3163

6. Does Drummond Group offer consulting services for EHR?

Due to our ONC-required vendor neutrality, we can neither offer nor recommend consulting services.

7. What is the difference between a Complete EHR and an EHR Module?

ONC address this question on their FAQ. Please refer to it at http://healthit.hhs.gov/portal/server.pt?CommunityID=2999&spaceID=41&parentname=&control=SetCommunity&parentid=&in_hi_userid=11673&PageID=0&space=CommunityPage.

8. How do you qualify for meaningful use?

For the full details, see the CMS Final Rule on Meaningful Use information at http://edocket.access.gpo.gov/2010/pdf/2010-17207.pdf. As an ATCB, we are certifying EHR systems which enable their user to qualify for Meaningful Use by having a certified EHR technology. With a certified EHR technology, eligible providers and hospitals must then use their EHR system in a “meaningful” way including providing various measures demonstrating this use. The CMS Final Rule goes into the necessary detail to explain what is required, but qualifying for meaningful use incentives is ultimately the responsibility of the eligible providers and hospitals.

9. My software is developed for a specialty practice (e.g., dental, etc.) and some criteria are not relevant for my customers. To be a Complete EHR, do I still need to certify over all the criteria?

There is not a specialized criteria set beyond the general categories of ambulatory or inpatient, and thus specialized software are required to satisfy the same criteria as general EHRs. The concept is that, even if a user will not utilize all the features of a certified EHR, the certified EHR must still have this functionality present within it. Regarding criteria that do not fit a specialty’s typical use, ONC address this type of situation in their Standards and Certification Criteria Final Rule (see question 4 above). They talk more of the situation with ED/inpatient settings and comments that growth charts are not needed. Here are the relevant sections that show the aggregated comments they received and their response.

Comments. A few commenters noted this certification criterion applies more directly to specialties that predominantly treat children. For other specialties, this criterion would add unnecessary cost and complexity to many HIT products that they would use. Many commenters suggested that a growth chart component should not be required for EHR technology designed for an inpatient setting, as it is not feasible to track this data in a meaningful way over a long enough period of time in an inpatient setting (which is typically of a short and infrequent duration). A couple of commenters suggested that non-traditional forms of growth charts should be accepted. One commenter suggested that the certification criterion establish a baseline, but should not limit the expansion of this capability to other ages. Other commenters made specific suggestions for different age ranges, such as including children under the age of two and lowering the upper age to ages less than 20 years old (e.g., 18).

Response. As we stated above with respect to the calculation of BMI, we believe that Certified EHR Technology should be capable of performing this capability regardless of the setting for which it is designed. Moreover, with respect to whether growth charts should be applicable to Complete EHRs and EHR Modules designed for an inpatient setting, we remind commenters that children’s hospitals qualify as eligible hospitals under the Medicaid EHR incentive program and will also need to demonstrate meaningful use of Certified EHR Technology. We do not preclude Complete EHR and EHR Module developers from designing novel approaches to displaying growth charts. Finally, we concur with the commenter that suggested this certification criterion should be a baseline. We reiterate that this certification criterion establishes a floor, not a ceiling, and we encourage Complete EHR and EHR Module developers to include additional functionality where it will enhance the quality of care that eligible professionals and eligible hospitals can provide.

10. Does my product have to meet all the privacy and security criteria to be certified?

Except for a few exceptions, every EHR Module or Complete EHR or Integrated Bundled EHR MUST satisfy all of the privacy and security criteria. These criteria are found in the ONC Standards and Certification Criteria Final Rule from 170.302.o to 170.302.w. They include user access, emergency access, automatic logoff, audit logs, integrity, authentication, encryption, encryption when exchanging data, accounting disclosures (note – accounting disclosures is an optional criteria).

The only exceptions are for EHR Modules which, in some circumstances, are exempt from some of the privacy and security criteria. Section 170.450 of the ONC Temporary Program Final Rule explains these exception allowances.

170.450 EHR Module testing and certification

(c) Privacy and security testing and certification. EHR Modules shall be tested and certified to all privacy and security certification criteria adopted by the Secretary unless the EHR Module(s) is/are presented for testing and certification in one of the following manners:

(1) The EHR Module(s) is/are presented for testing and certification as a pre-coordinated, integrated bundle of EHR Modules, which would otherwise meet the definition of and constitute a Complete EHR (as defined in 45 CFR 170.102), and one or more of the constituent EHR Modules is/are demonstrably responsible for providing all of the privacy and security capabilities for the entire bundle of EHR Module(s); or

(2) An EHR Module is presented for testing and certification, and the presenter can demonstrate and provide documentation to the ONC-ATCB that a privacy and security certification criterion is inapplicable or that it would be technically infeasible for the EHR Module to be tested and certified in accordance with such certification criterion.

NOTE – Drummond Group can NOT offer guidance to vendors of EHR Modules on whether their specific implementation meets the exceptions described in the ONC Temporary Program Final Rule prior to completing a test registration form. However, our general guidance is that vendors of EHR Modules should be very conservative in allotting these exceptions. It should be very clear based on the module criteria you are testing that the exceptions to the privacy and security criteria are met.

11. Can I view your test procedures/test scripts specific for my certification prior to testing?

Drummond Group will utilize the NIST test methods that have been extensively reviewed as the basis for our testing. We do create test scripts which we refer to as Proctoring Sheets, which clearly state the test procedures, expected results and verification steps for testing. However, our proctoring sheets in no way add additional requirements beyond what is expressed in the NIST test methods and are mapped back to the requirements dictated by the NIST test methods. Reviewing and using the NIST test methods for your test preparation will fully prepare you for the Drummond Group EHR HHS certification. The Drummond Group proctoring sheets will be issued to each applicant that has returned a signed Terms of Agreement, provided us a purchase order or deposit, and has scheduled a test date on our calendar.

12. How do I test my software if I use a third-party ePrescribing solution?

Third-party software is permitted to be included in your certification testing. However, any third-party party software, including eRx solutions integrated within your system, must be noted in the ONC certification report which will eventually be reported within the ONC CHPL.

13. If I use a third-party module in my software, do I need to test that module if it has been certified by an ONC-ATCB?

Yes, if you want to receive certification over the criteria in question. A good example is a using a third-party e-Prescribing module. If that e-Prescribing module has been certified by an ONC-ATCB, but can also be integrated within an EHR system, a Vendor’s EHR product cannot receive certification for e-Prescribing (170.304.b) unless they test and demonstrate compliance with that criterion. However, if they choose not to test the e-Prescribing criterion but was certified as an EHR Module in the remaining ambulatory setting criteria, their customers could still have a qualifying EHR technology by virtue of the Vendor’s EHR Module and the third-party e-Prescribing EHR Module collectively satisfying the requirements of a Complete EHR.

14. How much assistance can I get before registering and signing-up for testing with Drummond Group?

Prior to registering and signing up for testing with Drummond Group, we will attempt to answer any questions you have, including detailed technical questions. Our technical team is very busy with our testing services, and we do assign priority in addressing technical questions to vendors who have completed registration and sign-up. However, we will work to sufficiently answer your questions and reply as quickly as possible.

15. When will I receive proctoring sheets and be assigned to a Test Proctor?

Once you have satisfied the necessary legal and payment requirements for obtaining a firm test date, you will be assigned a test proctor and receive the proctoring sheets. The test proctor will then setup an introductory conference call to go over the test process and answer any questions you may have. You can also email the proctor with additional questions prior to your test date.

16. Do I need to notify Drummond Group if I modify my certified product?

ONC does address this within their Final Rule on the Temporary Certification Program. The relevant section is quoted below in italics:

Comments. Several commenters requested that we clarify whether every single updated version of a Complete EHR or EHR Module would need to be retested and recertified in order to have a valid certification and whether there would be a mechanism available to accommodate routine changes and product maintenance without the need to fully retest and recertify each instantiation of a previously certified Complete EHR or EHR Module. Some of these commentators stressed that they provide bug-fixes and other maintenance upgrades to customers on a regular basis and that those versions are normally denoted by a new “dot release” (e.g., version 7.1.1 when 7.1 received certification).

Response. We understand that Complete EHR and EHR Module developers will conduct routine maintenance. We also recognize that at times Complete EHR and EHR Module developers will provide new or modified capabilities to either make the Complete EHR or EHR Module perform more efficiently and/or to improve user experiences related to certain functionality (e.g., a new graphical user interface (GUI)). Our main concern, as we stated in the preamble, is whether these changes adversely affect the capabilities to which a Complete EHR or EHR Module has already been tested and certified and whether those changes are such that the Complete EHR or EHR Module would no longer support an eligible professional or eligible hospital’s achievement of meaningful use. Accordingly, we clarify that a previously certified Complete EHR or EHR Module may be updated for routine maintenance or to include new capabilities that both affect capabilities related and unrelated to the certification criteria adopted by the Secretary without its certification becoming invalid. However, we do not believe that it would be wise to simply permit a Complete EHR or EHR Module developer to claim without any verification that the routine maintenance or new/modified capabilities included in a new version did not adversely affect the proper functioning of the previously certified capabilities. We believe that an ONC-ATCB should, at a minimum, review an attestation submitted by a Complete EHR or EHR Module developer indicating the changes that were made, the reasons for those changes, and other such information and supporting documentation that would be necessary to properly assess the potential effects the new version would have on previously certified capabilities.

Therefore, if you make changes to your certified product which result in a new version release and wish to see this updated version of your product listed on the CHPL as a certified EHR technology, then you must submit a written attestation to Drummond which details exactly what was changed and how it impacts or does not impact the previously certified criteria. Drummond will provide a document containing several questions for your use in assessing the changes and their impact. The attestation will be reviewed by the Drummond Certification Committee and either approved or not approved, thus allowing the new version to be listed on the CHPL without retesting, or your company will be asked to retest this version before certification is granted. The first attestation is free and subsequent attestations are $1000. If your company is asked to retest, then retesting fees will apply. You can request this attestation document by registering on the Drummond website here.

17. What is an integrated bundle?

An integrated bundle of EHR Modules is a collection of two or more of EHR Modules which collectively satisfy the definition of a Complete EHR. Integrated bundles are typically used because one or more of the EHR Modules can not satisfy the required privacy and security criteria expected of an EHR Module. You should only register for the integrated bundle certification if 1.) you have multiple products (Modules) or part of a multi-vendor affiliation of Modules that 2.) collectively meet the definition of a Complete EHR but 3.) one or more of the EHR Modules cannot meet the required privacy and security criteria expect of an EHR Module however 4.) one or more of the EHR Modules can provide all of the privacy and security functionality for the entire integrated bundle whole.

18. Where can I find more information on CMS incentives?

For more information about CMS incentives, visit this link: http://www.cms.gov/EHRIncentivePrograms/

19. Which modules do I need to test for Ambulatory or Inpatient EHR?

The available modules are listed below.

For a Complete EHR Ambulatory, you are required to test all 170.302 modules as well as all 170.304 modules. All the Security and Privacy modules are required with the exception of the one optional module (170.302w)

For a Complete EHR Inpatient, you are required to test all 170.302 modules as well as all 170.306 modules. All the Security and Privacy modules are required with the exception of the one optional module (170.302w)

General Modules – Section 170.302

(a) Drug-drug, drug-allergy interaction checks

(b) Drug formulary checks

(d) Maintain active medication list

(e) Maintain active medication allergy list

(f) Record and chart vital signs, BMI and growth charts

(g) Smoking status

(h) Incorporate laboratory test results

(i) Generate patient lists

(j) Medication reconciliation

(k) Submission to immunization registries

(l) Public health surveillance

(m) Patient specific education resources

(n) Automate measure calculation

Ambulatory-Specific Modules – Section 170.304

(a) Computerized provider order entry

(b) Electronic prescribing

(d) Patient reminders

(e) Clinical decision support

(f) Electronic copy of health information

(g) Timely access

(h) Clinical summaries

(i) Exchange clinical information and summary record

(j) Calculate and submit clinical quality measures

Inpatient-Specific Modules – Section 170.306

(a) Computerized provider order entry

(b) Record demographics

(d) Electronic copy of health information

(e) Electronic copy of discharge information

(f) Exchange clinical information and summary record

(g) Reportable lab results

(h) Advanced directives

(i) Calculate and submit clinical quality measures

Privacy and Security Modules – Section 170.302

(o) Access control

(p) Emergency access

(q) Automatic log-off

(r) Audit log

(s) Integrity

(t) Authentication

(u) General encryption

(v) Encryption when exchanging electronic health information

(w) Accounting of disclosures (optional)

Additional Resources:

ONC FAQs are located at: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3163&PageID=2

CMS FAQs are located at:

http://www.cms.gov/EHRIncentivePrograms/95_FAQ.asp#TopOfPage

Edit in Admin

Comments

Trackback

Written by Drummond Group EHR Certification FAQ | EMR and EHR on September 15, 2010.

[...] Group has recently published an FAQ about EHR certification. I’m guessing that the FAQ will continue to grow over time. They do cover some important [...]
Written by Getting Your CMS EHR Certification ID Number | EMR and EHR on January 19, 2011.

[...] Group has updated their FAQ with an interesting question about how to obtain a CMS EHR certification ID and the difference [...]

Comment Pages:

Drummond Group EHR Blog

EHR FAQ

Comments

Blog Search

DGI Home

Important Links

Recent Comments

Categories

Meta