Thursday, March 25, 2010

Additional Comments on the Certification Proposed Rule

The Certification Proposed rule assigns to NIST the responsibility of developing a testing framework and and subsequently NVLAP the responsiblity for the laboratory accreditation program.

In its role as a developer of a testing framework, NIST is developing tools that will be used to test electronic medical record systems with regard to standards compliance and certification critieria.  These systems are coming under increased scrutiny by the FDA as medical devices.  As a maker of a medical device, a vendor is responsible for "validating" the tools they use they use to test the proper function of the medical devices.

Validation is a specialized term, but basically it means: Make sure all is well and good with the tool, that it is appropriate for the use, has been tested thoroughly, has good design, is under version control, and/or that the supplier has adequate quality processes, et cetera (Please Note, I AM NOT questioning the quality of the NIST work). 

I expect that vendors will be using the NIST testing framework to verify their implementations of the standards selected under 45 CFR Part 170 and also under the certification criteria contained therein.  So I think we need more than just a statement that NIST will be responsible for this testing framework and development in the Certification Rule.  I'm not sure what that statement needs to be, but when I do figure it out, I will report it here.

I'd also like to see more being done to make it easier and less costly for vendors to use the NIST tools in verifying product conformance.  That means that there needs to be more visability into the processes that NIST uses to create and test these tools.  I also think that vendors can help contribute in this area. 

I've been bugging the people I know in NIST about this for a while, but its probably time to bug them some more.

0 comments:

Post a Comment