Home

ONC proposes direct oversight of health IT

HCPRO Website, March 7, 2016

A proposed rule would give the Office of the National Coordinator of Health IT (ONC) direct oversight of health IT certification, testing, and review. The ONC Health IT Certification Program: Enhanced Oversight and Accountability rulemaking aims to update the ONC Health IT Certification Program to keep pace with changes in the health IT market and EHR adoption, according to HHS’ statement.

The proposed rule outlines three areas that would come under the ONC’s authority:

  • Direct review of certified EHR and health IT modules
  • Increased oversight of health IT testing bodies
  • Enhanced transparency and public accountability of certified health IT compliance and performance


ONC would take direct control of the review, certification, and re-certification of EHRs and other health IT modules.

The potential annual cost for the proposed rule could be as much as $650 million to health IT vendors, healthcare providers, and the ONC, although HHS estimates that the average annual cost would be $6,595,286.

Security is a major focus of the direct review process. The proposed rule would give the ONC the authority to initiate a direct review of a certified EHR or health IT module if the agency receives information that suggests security vulnerabilities in the product are leading to medical errors, public health and safety risks, or breaches of protected health information.

The ONC would be able to issue corrective actions or even suspend or terminate an EHR or health IT module’s certification. Corrective action plans could include investigating and reporting the cause of the problem, notifying affected customers, correcting identified issues, and other actions. If a health IT module’s certification is terminated, hospitals are required to transition to another certified health IT module.

The proposed rule would also allow the ONC to review how health IT products interact with each other in an effort to identify and prevent information blocking, intentionally restricting access to electronic health information. This measure is in line other recent efforts to crack down on information blocking through legislation and increased funding to develop standards and methods to prevent the practice. In April 2015, the ONC released a report detailing widespread evidence that healthcare providers and healthcare IT vendors intentionally disrupt and restrict the exchange of data between healthcare systems.

Under the proposed rule, the ONC would publish quarterly reports on health IT performance and compliance. These reports would include information that identifies health IT products and both negative and positive surveillance results. The proposed rule notes that, to date, most surveyed health IT modules conform to existing rules and guidelines but the ONC believes that public accountability will increase health IT vendor transparency.

The proposed rule is open for public comment until May 2.