FDA comes to HIT…but through the back door.

By Frank Poggio, President, The Kelzon Group, All rights reserved
January 2011

For several decades there has been a raging debate as to whether HIT systems should be
regulated by the FDA. A search of  HISTalk on ‘FDA’ brings up hundreds of mentions. Some
clinicians believe FDA oversight is desperately needed, others feel it would be a major detriment to
new development.  Now the debate is over, last week it came through a back door called ONCHIT,
probably while you were sleeping.

On January 7th ONCHIT issued the Permanent Certification Program Final Rules
PCP-FR. These
are the rules that will transfer the testing activities from the ‘temporary’ agencies to ‘permanent’
ones as of January 2012. On the surface you would think these rules would impact only the
companies like CCHIT, Drummond, InfoGard, etc. but our creative friends at CMS–ONCHIT went
many steps beyond that.

Here are some highlights from a vendor perspective.

    1) First, a new entity was created called the ONC-AA, called the Approved Accreditor
        agency. The current ATCB will be changed to ACB, or Authorized Certification Body. In a
        nutshell the ACB administers the test, and the AA oversees the ACB. Today under the
        temporary rule the ATCB does both. What is now a one step process will become in 2012
        a two step process for software firms seeking certification. The AA will also be the agency
        that selects and contracts with the ACBs for testing services (such as CCHIT,
        Drummond, etc.)

    2) The new ONC-AA is required to insure the ACBs conduct 'surveillance' of certified
         vendor products. Surveillance is CMS' way of saying 'audit'. Here's how the surveillance
         will work. The AA can walk unannounced into an ACB office and review all certification
        documentation, or can randomly sit in on tests.

More importantly, the AA or ACB can audit at will, unannounced, the MU criteria out in the field at
the providers shop to ensure the certified system really does what it was certified to do. And it
doesn’t stop there. Similar to the FDA processes any user of a certified system (provider clients or
their employees) can file a complaint directly with the ONC-AA or ACB stating that the vendors
installed certified system DOES NOT MEET the certification criteria. At that point the AA will
conduct an investigation at the site, and make a determination whether the vendor's certification
should be pulled. If so, as with the FDA, press releases to that effect will be circulated. OUCH!
Better start thinking about stronger client support in the future and set up internal channels to
catch the gripes before they get so bad a user wants to scream ‘ONCHIT’.

One of my friends called this the ‘HIT Whistle Blower Act’, a good description. It’s just like the FDA,
if a device or drug has an unexpected adverse impact anyone can file a complaint with the FDA.  I
hear a train a coming…

This article was originally published on January 17, 2011 on

Return to TKG Publications

TKG Home Page