WASHINGTON – The Office of the National Coordinator for Health Information Technology (ONC) approved in June the American National Standards Institute (ANSI) as the ONC-approved accreditor (ONC-AA) for the permanent certification program for health information technology.
As the approved accreditor, ANSI will accredit organizations to certify EHRs and perform other responsibilities under the permanent certification program. Accredited EHRs are a requisite for providers who want to achieve meaningful use and earn federal incentives for EHR adoption.
Approval of the ONC-AA is one of the initial steps in the implementation of the permanent certification program, anticipated to replace the temporary certification program for health information technology in 2012.
Some industry observers have said ANSI’s appointment does not come as a surprise given the organization’s role in the industry.
According to Farzad Mostashari, national coordinator for health information technology, there are nearly 750 EHR products certified for meaningful use Stage 1 currently under the temporary certification program.
Also in June, ONC collected comments on digital certificates that are cross-certified with the Federal Bridge.
The Federal Bridge is architecture designed by the government, to address healthcare IT authentication, privacy and data protection between various parties.
According to Arien Malec, ONC's coordinator for standards and interoperability framework, ONC is trying to find out what burdens providers face when obtaining and managing federal digital certificates, and if there is sufficient competition in the marketplace for digital certification.
ONC collected 14 comments by the closing date of June 5.
John Moehrke a Milwaukee, Wis.-based principal engineer specializing in standards architecture in interoperability, security, and privacy for GE Healthcare asked, “Why do we think we have the solution to a problem that has been around for a decade? Writing certificate issuing policy, identifying certificate authorities that can support that policy, and auditing them regularly to assure they are following the policy is something that allindustries (and users of certs) need to do. Healthcare is not special.”
“Certificates are just the technology,” Moehrke said. “Policy, procedures, and follow-up are what assure trust. This stuff is hard. Much harder if you do it wrong just once.”
Paul Egerman, a member of the HIT Policy Committee said, “It is not burdensome to obtain a federal bridge cross-certified certificate, because vendors can perform that function. The costs are reasonable.”
