Thursday, March 26, 2015

Too many masters in 2015 Certification

I've finally finished my review of the 2015 Certification Criteria.  As a reward I now get to read the Stage 3 Penalties Rule next.

I put together a spreadsheet containing a bunch of useful factoids from the rule.  The first tab is probably the most important.  It shows:

2015 CitationThe section of the NPRM
CriteriaThe name of the criterion
New/Revised/UnchangedWhether the criterion is new, revised, or unchanged, or whether comments are asked for.
CommentsNotes on the criterion
2015 StandardsWhat standards are referenced and where in the rule
2014 CitationWhere the former criterion that was similar to it can be found

Having completed this work, I can tell you overall, I'm not really satisfied with this rule.  For one, there are way too many references to unfinished work.  It would have been better to delay and let that work be finished, or simply not reference it this time around if it was not critical to the regulation. Unfortunately, I think ONC is trying to please too many masters on this regulation.

As a set of "Health IT Certification" requirements, it NEARLY COMPLETELY misses everyone Health IT modules supporting anyone previously excluded from Meaningful Use.  For example, while we have criteria on sending to public health, there are absolutely NO CRITERIA for public health to receive using Health IT that conforms to these standards.  This is a huge miss.  The ONLY reason we don't have a similar miss in Labs is because a Hospital EHR has to be able to transmit lab results.

Some material, such as the administrative criteria is overkill in the extreme.  Three different signatures, plus requirements for FIPS Level 2 certified encryption modules?  Really?  For a automating a part of the business that previously used copiers and fax machines and wet ink signatures (that could be applied with a stamp).  This is using a sledge-hammer to swat fleas.  There is really no accounting for physician workflows from the point of care of the patient to the point where payment is being requested.  A great deal more work is needed here before we could ever support this level of technology.  90% or more of what is needed could be done without imposing nearly such a complex set of technology requirements.

Also, while I very much welcome some of the requirements around C-CDA validation, this could have been applied very much at a sub-regulatory level.  NIST and others already have the opportunity to propose and the Secretary the authority to approve testing methods.  They need NOT be spelled out in regulation.  Having done so prevents NIST or others from developing or using better and more efficient testing methods that don't necessarily follow the patterns in the regulation.  So much for innovation and efficiency in testing if that path is continued.

    -- Keith

P.S.  In case you haven't seen it, John Halamka and Micky Tripathi have summarized both rules, in what Health IT News called "The Good, The Bad and the Ugly of Stage 3 MU".


Post a Comment