Healthcare Compliance Newsletter – Spring 2021

Healthcare Compliance Newsletter – Spring 2021 600 444 Drummond Group
In this issue:
  1. ONC Real World Test Plan Template Available
  2. 21st Century Cures Updates for Health IT
  3. New FHIR® API Program Helps Fill Interoperability Gap
  4. PCI DSS Protects Card Data in Your EHR Application​​
ONC Real World Testing (RWT) Plan Template Available

For the past several weeks, Drummond worked alongside the Office of the National Coordinator for Health Information Technology (ONC) to help finalize the Real World Testing (RWT) Plan Template. This template is designed to provide health IT developers with guidance on developing and submitting their RWT plan. Drummond clients can log into our Customer Portal and download a copy here.

The ONC also will be releasing a “Real World Testing Resource Guide” soon to provide further details and clarifications. After the release of this additional guidance, Drummond will invite clients to a webinar discussing the resources shared and a review of the RWT requirements.

As a reminder, in order to maintain compliance to ONC health IT certification, developers are required to submit a RWT test plan for any product certified to one or more of the following criteria: §170.315(b), (c)(1) through (3), (e)(1), (f), (g)(7) through (10), and (h). Test plans must be submitted no later than Nov. 15, 2021.

21st Century Cures Updates for Health IT

Are you ready for the ONC’s 21st Century Cures updates? Many health IT developers have begun attesting to meeting compliance with Cures requirements. A full recertification is not required for products already certified under 2015 edition. Rather, developers may self-attest to the new and revised Cures criteria with the exception of 315(g.10) Standardized API for Patient and Population Services which requires scheduling a live test session.

Drummond clients can log into our Customer Portal to access resources regarding Cures updated criteria, compliance timelines, and more. For more information, please feel free to contact us at

New FHIR® API Certification Program Helps Fill Interoperability Gap

Drummond continues to fill the interoperability gap by extending a valuable certification service to the payer community with its Payer and Patient Access FHIR® API Certification Program powered by Touchstone. This service ensures payer implementations of patient access APIs remain compliant with the Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access final rule (CMS-9115-F), as well as instill confidence in the ability to securely share data with patients and other payers. The API infrastructure is built upon the HL7® FHIR® standard. Patients can then utilize third-party applications of their choosing to access their information within payer systems. Sign up today for more information.

PCI DSS Protects Card Data in Your EHR Application

Is your electronic health record (EHR) software application integrated with a payment gateway so that healthcare practices may charge their patients from within the software application? The Payment Card Industry (PCI) Data Security Standard (DSS) enhances cardholder data security to protect an organization from hackers and thieves and facilitates broad adoption of consistent data security measures globally. Drummond’s PCI compliance practice can ensure the payment process is efficient and can help reduce patient waiting time.

And, our experts in the PCI compliance practice stay on track of ongoing updates to regulatory requirements that are sometimes difficult to interpret. With the rising importance of achieving PCI DSS compliance, Drummond can help guide organizations through a baseline of technical and operational requirements designed to protect cardholder data. This applies to all organizations that store, process or transmit cardholder data.

Our Quality Security Assessors (QSAs) work with your organization to understand your cardholder data environment, determine the scope of the assessment and select samples. Being PCI DSS compliant is important and should be a top priority for your business and your clients – it is time to protect your data digitally.

Let us help you navigate through the entire compliance process, sign up by August 2021 for a 10 percent discount of our PCI service offerings. Email for more details.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.