icsa labs onc health it certification program cy 2018 ... · surveillance activities are tracked...
TRANSCRIPT
ICSA Labs ONC Health IT Certification Program
CY 2018 Surveillance Plan
Document Version 1.0 Effective: January 1, 2018
www.icsalabs.com
ONC Health Certification Program CY 2018 Surveillance Plan
Page 2 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
ICSA Labs - ONC-Authorized Certification Body (ACB) CY 2018 Surveillance Plan
I. Introduction and Overview
The ICSA Labs ONC Health Certification Program Surveillance Plan was developed to meet requirements
per ISO/IEC 17065:2012, the Permanent Certification Program Final Rule, 2014 Edition Release 2 Final
Rule1, 2015 Edition Final Rule2, and the latest and most relevant ONC Program Policy Guidance
documents. In developing this plan ICSA Labs also considered industry best practices, ongoing feedback
offered by customers, the ONC Approved Accreditor (ANSI), the ONC and suggestions developed
collaboratively by industry associations such as the HIMSS Electronic Health Records Association (EHRA).
For CY 2018, ICSA Labs has prepared this surveillance plan in accordance with Guidance #15-01A and the
ONC Health IT Certification Program: Enhanced Oversight and Accountability Proposed Rule.
II. Surveillance Approach
ICSA Labs conducts regular surveillance on all certified products to ensure continued conformance to
the standards and requirements under which the product was certified – not only in a controlled testing
environment, but also when implemented and used in a production environment, as mandated by ONC.
Surveillance activities are tracked and documented as part of the ISO/IEC 17065:2012 requirements for
an accredited certification body and generally consist of proactive and reactive surveillance.
In order to gauge ongoing compliance with certification requirements, surveillance approaches will
combine both administrative reviews and technical assessments based on selection triggered by
complaints and/or feedback from users, retesting, and customer and end-user surveys.
A. Proactive Surveillance
Proactive surveillance focuses on ensuring certified Health IT maintains conformity to the ONC
prioritized certification criteria, and adherence to guidelines around public facing information
about a certified product. Administrative surveillance is conducted regularly on all certified
products to ensure vendors and product developers:
1 2014 Edition Release 2 Electronic Health Record (EHR) Certification Criteria and the ONC Health IT Certification Program; Regulatory Flexibilities, Improvements, and Enhanced Health Information Exchange; Final Rule (79 FR 54430) (2014 Edition Release 2 Final Rule). 2 2015 Edition Health Information Technology (Health IT) Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modifications final rule (80 FR 62601).
ONC Health Certification Program CY 2018 Surveillance Plan
Page 3 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
Clearly and correctly communicate to prospective consumers and implementers of said
technology the mandatory disclosure requirements at 45 CFR § 170.523(k)(1) pertaining
to Certified EHR Technology;
Appropriately use the ONC and ICSA Labs certification marks; and,
Provide and follow internally documented procedures such as a product developer’s
complaints resolution process.
Surveillance is carried out by monitoring customer websites, reviewing and approving press
releases for ONC Health Certified products, and periodic reviews of other ONC-mandated,
publicly available materials.
B. Reactive Surveillance
Reactive surveillance involves the certification body acting on information concerning ongoing
compliance with certification requirements. In order to determine ongoing compliance and what
if any corrective actions are necessary to ensure compliance, ICSA Labs may request, obtain, and
analyze information including but not limited to the following:
Complaints and other information about certified health IT submitted directly to
ICSA Labs by customers or users of ICSA Labs Certified health IT, by the National
Coordinator, or by other persons.
Results of collected feedback from surveys or by notification of:
o Changes significantly affecting the product’s design or specification, or
o Changes in the standards to which compliance of the product is certified, or
o Changes in the ownership, structure or management of the customer, if
relevant, or in the case of any other information indicating that the product
may no longer comply with the requirements of the certification system.
o Repeated number of inherited certified status requests (pursuant to 45 CFR
170.545(d) and 45 CFR 170.550(f) – (Products requesting 3 or more
inherited certified status requests)
o ONC or ONC-ACB identified priority criteria
o Reviews of complaint logs and service tickets submitted by Health IT
developers, and other documentation concerning the analysis and
resolution of complaints or issues as reported to the developer (“Review
Developer Complaint Processes” for more information).
o Developers’ public and private disclosures regarding certified health IT
capabilities, including any discrepancies or failures to disclose known
material information about certified capabilities, as required by
§170.523(k)(1). (See section IV A, “Surveillance of Developers’ Disclosures”
for more information.)
ONC Health Certification Program CY 2018 Surveillance Plan
Page 4 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
o Information from publicly available sources (e.g., a developer’s website or
user forums).
o Other facts and circumstances of which ICSA Labs is aware.
In the event ICSA Labs is contacted either by ONC or by a customer in possession of a health IT
product certified by ICSA Labs with complaints about a product’s ability to comply with the
certification criteria, ICSA Labs will notify the vendor/developer and investigate the complaint to
take appropriate action. A record of all complaints received, the action taken and its
effectiveness will be maintained.
All nonconformities identified during surveillance activities will be communicated to the
customer (See Section V Corrective Action Procedures for more information). In order to
determine whether the technology remains in conformance, ICSA Labs will take into account all
information collected including the volume, substance, and credibility of any complaints about
the certified product, as well as the response from the vendor/developer (including past
submissions and the results of previous surveys and surveillance artifacts.
Further assessment by ICSA Labs or additional evaluation by an ONC-ATL may be potential next
steps to determine conformance by requesting:
Sample files and generated output to verify conformance to standards
Corroborating documentation to ensure previously certified functionality has not
been compromised
Verification via live demonstration that the product is conformant in the field, as
appropriate
The customer is provided an opportunity to correct the nonconformities before the issue is
escalated. See the ICSA Labs ONC Health Certification Program Manual’s section on
“Certification Suspension and Withdrawal” and Section V of this document, “Corrective Action
Procedures” for more information.
Note: Products that have been rebranded may be candidates for surveillance testing to ensure
that certified functionality remains intact and in accordance to the original product certified.
III. Prioritized Elements
ONC considers the following elements a priority for surveillance:
The assessment of developers’ disclosures, as required by 45 CFR 170.523(k) and the evaluation
of potential non-conformities resulting from the failure to disclose material information about
limitations or additional types of costs associated with certified health IT.
ONC Health Certification Program CY 2018 Surveillance Plan
Page 5 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
The assessment of potential non-conformities resulting from implementation or business
practices of a health IT developer that could affect the performance of certified capabilities in
the field.
The adequacy of developers’ user complaint processes, including customer complaint logs,
consistent with ISO/IEC 17065 § 4.1.2.2 (j).
The appropriate use of the ONC Certification Mark.
IV. Transparency and Disclosure Requirements
The transparency and disclosure requirements adopted in the 2015 Edition Final Rule, and prioritized in
this surveillance plan for CY 2018, are documented in the ICSA Labs ONC Health Certification Program
Manual and will be reinforced in messaging to HIT product developers via email, program webinars, the
ICSA Labs website, and other various forms of communication to ensure proper understanding and
conformance.
Product developers will be required to adhere to the transparency and disclosure requirements adopted
in the 2015 Edition Final Rule 45 CFR § 170.523(k) which states:
A Health IT developer must conspicuously include the following on its website and in all marketing
materials, communications statements, and other assertions related to the Complete EHR or Health IT
Module's certification:
“This [Complete EHR or Health IT Module] is [specify Edition of EHR certification criteria]
compliant and has been certified by an ONC-ACB in accordance with the applicable certification
criteria adopted by the Secretary of Health and Human Services. This certification does not
represent an endorsement by the U.S. Department of Health and Human Services.”
And
a. The vendor name
b. The date certified
c. The product name and version
d. The unique certification number or other specific product identification
e. Where applicable, the certification criterion or criteria to which each EHR module has been
tested and certified
f. The clinical quality measures to which a complete EHR or EHR module has been tested and
certified
g. And where applicable, any additional software a complete EHR or EHR module relied upon
to demonstrate its compliance with a certification criterion or criteria adopted by the
Secretary
h. And where applicable, any additional types of costs that a user may be required to pay to
implement or use the Complete EHR or Health IT Module's capabilities, whether to meet
ONC Health Certification Program CY 2018 Surveillance Plan
Page 6 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
meaningful use objectives and measures or to achieve any other use within the scope of the
health IT's certification. (Examples given include: fixed, recurring, transaction-based, or
otherwise that are imposed by a health IT developer (or any third-party from whom the
developer purchases, licenses, or obtains any technology, products, or services in connection
with its certified health IT) to purchase, license, implement, maintain, upgrade, use, or
otherwise enable and support the use of capabilities to which health IT is certified; or in
connection with any data generated in the course of using any capability to which health IT
is certified.)
i. And where applicable, any limitations (whether by contract or otherwise) that a user may
encounter in the course of implementing and using the Complete EHR or Health IT Module's
capabilities, whether to meet meaningful use objectives and measures or to achieve any
other use within the scope of the health IT's certification. (Examples given include, but not
limited to technical or practical limitations of technology or its capabilities, that could
prevent or impair the successful implementation, configuration, customization,
maintenance, support, or use of any capabilities to which technology is certified; or that
could prevent or limit the use, exchange, or portability of any data generated in the course of
using any capability to which technology is certified.)
A developer may satisfy the requirement to disclose the information required by § 170.523(k)(1) in its
marketing materials, communications statements, and other assertions related to a Complete EHR or
Health IT Module's certification by providing an abbreviated disclaimer, appropriate to the material and
medium, provided the disclaimer is accompanied by a hyperlink to the complete disclosure on the
developer's website.
Where a hyperlink is not feasible (for example, in non-visual media), the developer may use another
appropriate method to direct the recipient of the marketing material, communication, or assertion to
the complete disclosure on its website.
A. Surveillance of Developers’ Disclosures
As noted in Section II.A (Proactive Surveillance), ICSA Labs will proactively select health IT
developers and products for surveillance to ensure a developers’ compliance with the
mandatory disclosure requirements found in 45 CFR § 170.523(k)(1). Surveillance is carried out
by monitoring customer websites, reviewing and approving press releases for ONC Health
Certified products, and periodic reviews of other publicly available materials.
During surveillance activities, ICSA Labs will review a health IT product developer’s public
materials (i.e. websites, press releases, marketing materials, etc.) and assess whether the
information displayed matches the information attested to on the product developer’s
registration form.
As noted in Policy Guidance #15-01A, developers are not required to disclose information of
which they are not and could not reasonably be aware, nor to account for every conceivable
type of cost or implementation hurdle that a customer may encounter. “Developers are
ONC Health Certification Program CY 2018 Surveillance Plan
Page 7 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
required; however, to describe with particularity the nature, magnitude, and extent of the
limitations or types of costs.” A developer’s disclosure possesses the requisite particularity if it
contains sufficient information and detail from which a reasonable person under the
circumstances would, without special effort, be able to reasonably identify the specific
limitations he/she may encounter and reasonably understand the potential costs he/she may
incur in the course of implementing and using capabilities for any purpose within the scope of
the health IT's certification.
Any discrepancies or obvious issues with the information disclosed will be communicated to the
product developer with an opportunity for remediation (See Corrective Action Procedures). The
customer is provided an opportunity to correct the nonconformities before the issue is
escalated. See the ICSA Labs ONC Health Certification Program Manual’s section on Certification
Suspension and Withdrawal for more information.
B. Attestation Requirement
As a condition of certification, health IT developers must make one of the following attestations:
In the affirmative:
In support of enhanced marketplace transparency and visibility into the costs and
performance of certified health IT products and services, and the business practices of
health IT developers, [Developer Name] hereby attests that it will provide in a timely
manner, in plain writing, and in a manner calculated to inform, any part (including all) of
the information required to be disclosed under 45 CFR §170.523(k)(1)under the
following circumstances:
To all persons who request such information.
To all persons who request or receive a quotation, estimate, description of
services, or other assertion or information from [Developer Name] in connection with
any certified health IT or any capabilities thereof.
To all customers prior to providing or entering into any agreement to provide
any certified health IT or related product or service (including subsequent updates, add-
ons, or additional products or services during the course of an on-going agreement).
– OR –
In the negative:
[Developer Name] hereby attests that it has been asked to make the voluntary
attestation described by 45 CFR § 170.523(k)(2)(i)in support of enhanced marketplace
transparency and visibility into the costs and performances of certified health IT
products and services, and the business practices of health IT developers.
[Developer Name] hereby declines to make such attestation at this time.
ONC Health Certification Program CY 2018 Surveillance Plan
Page 8 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
A developers’ adherence to their attestations is voluntary; however, ICSA Labs is required to
include the developers’ attestations in the hyperlink submitted to the National Coordinator for
inclusion in the CHPL so that the public can determine which developers have attested to taking
the additional actions to promote transparency of their technologies and business practices.
ONC notes that a developer’s attestation under 45 CFR § 170.523(k)(2) does not broaden or
change the scope of the information a developer is required to disclose under 45 CFR
§170.523(k)(1).
V. Corrective Action Procedures
If a certified product is found to be non-conformant to the requirements of its certification, ICSA Labs
will notify the vendor/developer of any findings. The vendor/developer is required to submit to ICSA
Labs a proposed corrective action plan (CAP) for the applicable certification criterion, certification
criteria, or certification requirement. Related information will also be publicly reported to the ONC’s
open data CHPL as required by ONC.
A. Corrective Action Plan Elements
To further clarify, per ONC a CAP is required under §170.556 any time an ACB finds that a
product or a developer is non-compliant with any certification criterion or any other
requirement of certification, including the transparency and disclosure requirements.
Corrective action plans submitted by a developer to an ONC-ACB must include the following
elements:
i. A description of the identified non-conformities or deficiencies
ii. An assessment of how widespread or isolated the identified non-conformities or
deficiencies may be across all of the developer’s customers and users of the certified
technology
iii. How the developer will address the identified non-conformities or deficiencies, both at
the locations under which surveillance occurred and for all other potentially affected
customers and users
iv. How the developer will ensure that all affected and potentially affected customers and
users are alerted to the identified non-conformities or deficiencies, including a detailed
description of how the developer will assess the scope and impact of the problem,
including identifying all potentially affected customers; how the developer will promptly
ensure that all potentially affected customers are notified of the problem and plan for
resolution; how and when the developer will resolve issues for individual affected
customers; and how the developer will ensure that all issues are in fact resolved
v. The timeframe under which corrective action will be completed
ONC Health Certification Program CY 2018 Surveillance Plan
Page 9 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
vi. An attestation by the developer that it has completed all elements of the approved
corrective action plan, or the target dates of completion
B. Corrective Action Plan Submission and Review
The CAP must be provided to ICSA Labs within 30 days of notification. A non-response may be
grounds for further punitive action. Extensions may be granted on a case by case basis. ICSA
Labs will review the CAP and make a determination as to whether the plan will be approved,
needs any revisions, or is altogether rejected.
The determination will be based on a review of the thoroughness and completeness of the
submitted CAP based on the CAP requirements outlined above, and whether the timelines and
proposed corrective actions provide confidence to the certification body that the product is in
conformance or will be by a certain target date. Depending on the degree and scope of the non-
conformities, it is still possible that the certification may be suspended or withdrawn. See the
ICSA Labs Certification Program Manual for more information.
C. Corrective Action Plan Submission and Review
Once the CAP is approved, ICSA Labs will follow up within 30 days to ensure adherence to the
approved corrective action plan and in order to verify that requirements of the corrective action
plan have been completed. ICSA Labs may conduct additional follow up with the
vendor/developer, as well as end-users, to verify the attestation and ensure that the corrective
actions have been implemented for all affected and potentially affected customers and users.
Similarly, the product may be a candidate for future surveillance.
VI. Submission of Corrective Action and Surveillance Information
A. Submission of Corrective Action Information
Any non-conformity/non-compliance would be reported to the CHPL and then updated to
include the CAP and the activities surrounding execution of the CAP. At any point during
surveillance ICSA Labs may notify ONC of its activities, especially if there are concerns about
safety, information blocking, etc.
As part of ICSA Labs’ reporting requirement to ONC, the following corrective action
information would be submitted to ONC for inclusion in the CHPL:
The CHPL Product number of each Complete EHR or Health IT Module that failed to
conform to its certification and for which corrective action was instituted under 45
CFR § 170.556.
The specific certification requirements to which the technology failed to conform.
A summary of the deficiency or deficiencies identified by the ICSA Labs as the basis
for its determination of non-conformity.
ONC Health Certification Program CY 2018 Surveillance Plan
Page 10 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
When available, the health IT developer's explanation of the deficiency or
deficiencies.
The dates surveillance was initiated and completed.
The results of randomized surveillance, including pass rate for each criterion in
instances where the Complete EHR or EHR Module is evaluated at more than one
location.
The number of sites that were used in randomized surveillance.
The date of the ONC-ACB's determination of non-conformity.
The date on which the ONC-ACB approved a corrective action plan.
The date corrective action began (effective date of approved corrective action plan).
The date by which corrective action must be completed (as specified by the
approved corrective action plan).
The date corrective action was completed.
A description of the resolution of the non-conformity or non-conformities.
B. Submission of Surveillance Information
1. Surveillance Narratives and Corroborating Documentation
ICSA Labs reports surveillance results to the National Coordinator on a rolling basis (i.e.,
no less frequently than quarterly) throughout CY18. When submitting annual
surveillance results, ICSA Labs will identify each instance of surveillance performed
during CY18 and the results of that surveillance, including a detailed narrative and
corroborating documentation and evidence to support any determinations or findings,
including:
Each certified Complete EHR or Health IT Module (identified by its CHPL product
ID), each certification criterion, and each certification program requirement that
was subject to surveillance.
The type of surveillance (proactive, reactive) initiated in each case.
The grounds for initiating surveillance and for deciding whether or not to
evaluate the certified health IT in the field.
Whether or not the surveillance activities confirmed a non-conformity.
The substantial factors that, in the certification body’s assessment, caused or
contributed to the apparent non conformity (e.g., implementation problem,
user error, limitations on the use of capabilities in the field, a failure to disclose
known material information, etc.).
The steps the certification body took to obtain and analyze evidence and to
arrive at its conclusions.
ONC Health Certification Program CY 2018 Surveillance Plan
Page 11 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
When documenting the surveillance activities, ICSA Labs will include the following
information in the report:
Methodologies and techniques employed to determine whether to initiate
surveillance, what type of surveillance to perform (e.g., in-the-field surveillance
or other forms of surveillance), and how to evaluate suspected non-
conformities.
How the certification body engaged and worked with developers and end-users
to analyze and determine the causes of any suspected non-conformities and
related deficiencies.
How the certification body evaluated any non-conformities resulting from
implementation or business practices of the health IT developer which then
potentially affected the performance of certified capabilities in the field.
How the certification body evaluated any potential non-conformities resulting
from the non-disclosure of material information about limitations or additional
types of costs associated with certified health IT.
2. Review of Developer Complaint Processes
Vendors and product developers are required to provide details of their complaint
handling process for complaints relating to the scope of functionality certified in the
ONC Health Certification Program on an annual basis.
The complaint handling process will include details as to how customers can report
defects or make complaints about the product including:
Methods customers can use to the report issue
The process used to track the issue
The process used to analyze the issue
How issues are resolved
How customers are subsequently notified
All product developers must also:
Provide ICSA Labs with documentation outlining internal complaint handling
processes
Maintain a record of all customer complaints related to a product's compliance
with the ONC Health Certification criteria against which it was tested
Retain a log of actions taken in response to such complaints.
The complaint handling processes of any developer whose technology was subject
to surveillance during the applicable calendar year will be reviewed by ICSA Labs to
determine whether the appropriate actions were taken as reported in their
ONC Health Certification Program CY 2018 Surveillance Plan
Page 12 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
complaint handling processes. If the issues were not properly addressed, ICSA Labs
will follow up, as necessary with the vendor/developer and end user as a next step
and reported to ONC.
ICSA Labs will also evaluate the frequency of complaints made to the developer that
were associated with the prioritized surveillance elements noted in Section III –
Prioritized Elements.
C. Due Process and Exclusion of Certain Sensitive Information
1. Meaningful Opportunity for Input and Comment on ONC-ACB Findings
Prior to making a non-conformity or other determination and prior to submitting
surveillance results (and, where applicable, corrective action information) to the
National Coordinator, ICSA Labs will attempt to conduct a thorough and complete
review of all relevant facts and circumstances including a review of all findings and an
opportunity to the developer to explain any deficiencies identified by the certification
body or complaint.
2. Exclusion of Certain Information from Submission of Corrective Action
Information and Surveillance Results
In order to safeguard confidentiality, prior to submitting corrective action information
and surveillance results to the National Coordinator, ICSA Labs will conduct a review to
ensure the exclusion of information that would identify any health IT developer
customer or user, any health care provider, location, or practice site that participated in
or was subject to surveillance, or any person who submitted a complaint or other
information to a health IT developer or ONC-ACB. This review would include de-
identifying any names or locations in reports or narratives, as well as any testing
artifacts.
3. Exclusion of Certain Information from Submission of Corrective Action
Information
With respect to the submission of corrective action information to the National
Coordinator for inclusion in the CHPL, ICSA Labs will not submit any information that is
in fact legally privileged or protected from disclosure and that therefore should not be
listed on a publicly available website. ICSA Labs may also implement other appropriate
safeguards, as necessary to protect information that, while not legally protected from
disclosure, ICSA Labs believes should not be reported to a publicly available website. As
intended by ONC, any such safeguards will be narrowly tailored and consistent with the
goal of promoting the greatest possible degree of transparency with respect to certified
health IT and the business practices of certified health IT developers, especially the
disclosure of material information about limitations and types of costs associated with
certified health IT.
ONC Health Certification Program CY 2018 Surveillance Plan
Page 13 of 13 Document Version 1.0 Copyright 2018 ICSA Labs. All Rights Reserved. Effective date: January 1, 2018 Printed copies are not controlled and may not be official.
VII. Public Accountability
Please note that the ONC recommends that all ONC-ACBs make their annual surveillance plans and
surveillance results publicly available after submission to ONC in an effort to strengthen the value
stakeholders receive from the ONC Health Certification Program. It is ICSA Labs intent to publish
surveillance plans and results publicly.