How 3rd Party Specialists Help Health IT Teams Meet Compliance Requirements

How 3rd Party Specialists Help Health IT Teams Meet Compliance Requirements

Having too many compliance professionals on payroll is not a common problem for Health IT companies these days. It seems the opposite is often true – as many organizations struggle to justify even one full-time professional dedicated to their compliance and certification needs. Yet they must ensure compliance and keep up with evolving changes from the Office of National Coordinator (ONC) and Centers for Medicare & Medicaid Services (CMS). Compliance and rule changes deeply impact product roadmaps, development activities, and customer experience. When it comes to staying ahead of required mandates the choice can be difficult—should you attempt to build and maintain this expertise in-house, or engage specialized expert consultants?

Outside expertise is increasingly the winning choice. A recent study by Vantage Market Research shows demand for healthcare IT outsourcing continues to rise. The research shows global demand will reach $96 M by 2028. Organizations who look externally for this compliance expertise find that benefits fall predominantly into these areas:

  • Specialized Expertise, with access to deep and broad healthcare compliance knowledge and insights from a team of experts.
  • Improved Collaboration, supported by refined compliance processes that are developed from years of working in the field.

Keeping Up with Certified Health IT

Even when organizations have internal resources dedicated to ensuring they stay current with regulation requirements, they run the risk of losing vital institutional knowledge should their employees leave or change roles. Replacing valued and experienced staff can be difficult and time-consuming. For many, there simply is no Human Resource (HR) budget to employ the full-time dedicated team, or individual, needed to guide the organization on current or future compliance requirements—putting them at risk of falling behind.

In 2023 alone, ONC requirements can include a dozen or more activities and deadlines for certified Health IT providers, including significant development, testing and reporting responsibilities that may apply to multiple product versions. New proposed rulemaking and evolving guidance can add further planning requirements. When compliance resources are limited, and the entire organization is impacted by compliance requirements (e.g., product development, product support, sales and marketing), external health IT compliance specialists can bring cost-effective knowledge that streamlines work efforts and helps organizations meet deadlines.

Specialized Expertise

ONC certification and compliance require an understanding of often highly complex mandates coupled with fast-approaching deadlines unique to the EHR industry. The scope of ONC compliance ranges from maintenance of certification requirements such as attestations and standards adoption to detailed development and testing requirements.

These complex requirements extend to the development process. Typically, development teams are not compliance experts skilled in interpretation of regulatory requirements, nor in understanding how related issues will impact their product roadmaps or release schedules. Translating regulatory requirements into development plans can be challenging, often requiring hands-on engagement between compliance experts and developer teams, down to the level of collaborative and iterative testing that combines compliance requirements with all the other QA elements necessary to assure a good product release.

To meet this challenge, many organizations augment their teams with specialized expertise in ONC compliance and certifications so their organization can efficiently and successfully plan and develop compliant capabilities.

Facilitating Collaboration

Successful compliance efforts require cross-organization collaboration—and many teams have a stake, with differing responsibilities. The left hand must know what the right hand is working on—everyone from product management, development and testing to customer support as well as sales and marketing need to be plugged in. Compliance mandates affect them in different ways:

  • Product Management – Compliance has a direct impact on development and product roadmaps.
  • Quality Assurance – Developing to compliance requirements in addition to client needs can alter, increase and complicate testing requirements.
  • Product Development – Evolving requirements and options [new interoperability requirements or adoption of the Standards Version Advancement Process (SVAP), for instance] impact development plans and can cause delays and reprioritization when not planned effectively.
  • Executives – Attestations require executive-level sponsorship and signatories who must have confidence that developed solutions are fully compliant.
  • Customer Support – Certified capabilities must ultimately be implemented by healthcare providers for them to receive the benefits associated with this functionality—improvements for their patients and incentive payments from CMS. Effective documentation and support are essential, especially where certified capabilities drive new processes, workflows and policies like those surrounding EHI data export.
  • Sales and Marketing – Certification is often seen as a differentiator, the sales and marketing teams can utilize to retain existing and attract new customers. Sometimes it is simply table stakes, a minimum requirement of doing business especially when their customers get incentives for using certified products. In either case, the availability of certified EHR capabilities affects customer buying decisions.

When multiple internal groups are impacted by compliance, you need people and processes to ensure an efficient collaborative approach. Without it, your teams may face project delays and challenging customer interactions.

Risk Reduction

Risks are everywhere, and the costs associated with them are huge. Growing organizations balance the need to stay current with regulatory requirements to ensure compliance while also focusing on the need to meet business objectives. When you have the resources you need, either dedicated internal resources or trusted outside experts, solution development processes can run smoothly with the right knowledge in hand, and your organization’s leaders will have the confidence they need to attest to compliance. They will also have confidence the solution will help the organization avoid enforcement actions that can be expensive and damage reputations in the market. Most importantly, you can be confident the solution will provide a positive customer experience and support business growth.

Compliance Is a Moving Target.

Improve your aim with Drummond’s comprehensive Certification Lifecycle Management subscription services for ongoing planning, requirements guidance, test preparation, and certification support—including (b)(10).

Partner with Drummond to meet ONC Health IT Compliance

Maintaining certified platforms is a year-round compliance initiative that requires attestations, testing, and ongoing monitoring of industry regulatory changes and updates. The compliance experts at Drummond are ready to help you and your organization benefit from:

  • Immediate access to healthcare compliance experts
  • Improved cross-team collaboration supported by an objective external advisor
  • Reduced risks while meeting compliance and business objectives.

With more than a decade of expertise in Health IT Compliance, the Drummond Advisory Services team of experts works closely with our customers—we dive deep into the compliance requirements that impact your products and solutions and make recommendations that fit your needs.

Our team is ready to help you understand ONC Compliance requirements by providing the consultation and support your organization needs so you can focus on the business objectives. We have proven methodologies to ensure certification and compliance requirements are met in 2023. Speak with a member of the Drummond Advisory Services team and learn how we can help you improve and accelerate your compliance processes.


The services offered by Drummond Advisory Services are separate and distinct from the Drummond Group Test Lab and Certification Body. The purpose of Drummond Advisory Services is to provide expert support and guidance for the planning, analysis, and execution of certification activities; it does not negate the steps or required actions of the certification process. Use of Drummond Advisory Services does not guarantee successful ONC Health IT testing or certification.

Are you ready to start your compliance journey?

More News

Download Drummond's Guide to Integration Review of E-Prescription Module

Please fill out the form below to download the guide.

Oops! We could not locate your form.

Drummond's guide to EPCS Recertification

Please fill out the form below to download the guide.

Oops! We could not locate your form.

Drummond's guide to Initial EPCS Certification

Please fill out the form below to download the guide.

Oops! We could not locate your form.