 |
Code of Federal Regulations (Last Updated: April 5, 2024) |
 |
Title 45 - Public Welfare |
|
Subtitle A - Department of Health and Human Services |
|
SubChapter D - Health Information Technology |
|
Part 170 - Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology |
|
Subpart E - ONC Health IT Certification Program |
§ 170.556 - In-the-field surveillance and maintenance of certification for Health IT.
-
§ 170.556 In-the-field surveillance and maintenance of certification for Health IT.
(a) In-the-field surveillance. Consistent with its accreditation under 170.523(a) to ISO/IEC 17065 and the requirements of this subpart, an ONC-ACB must initiate surveillance “in the field” as necessary to assess whether a certified Complete EHR or certified Health IT Module continues to conform to the requirements of its certification in subparts A, B, C and E of this part once the certified Complete EHR or certified Health IT Module has been implemented and is in use in a production environment.
(1) Production environment. An ONC-ACB's assessment of a certified capability in the field must be based on the use of the capability in a production environment, which means a live environment in which the capability has been implemented and is in use.
(2) Production data. An ONC-ACB's assessment of a certified capability in the field must be based on the use of the capability with production data unless the use of test data is specifically approved by the National Coordinator.
(b) Reactive surveillance. An ONC-ACB must initiate surveillance (including, as necessary, in-the-field surveillance required by paragraph (a) of this section) whenever it becomes aware of facts or circumstances that would cause a reasonable person to question a certified Complete EHR or certified Health IT Module's continued conformity to the requirements of its certification.
(1) Review of required disclosures. When an ONC-ACB performs reactive surveillance under this paragraph, it must verify that the requirements of § 170.523(k)(1) have been followed as applicable to the issued certification.
(2) [Reserved]
(c) Randomized surveillance. During each calendar year surveillance period, an ONC-ACB must may conduct in-the-field surveillance for certain randomly selected Complete EHRs and Health IT Modules to which it has issued a certification.
(1) Scope. When an ONC-ACB selects a certified Complete EHR or certified Health IT Module for randomized surveillance under this paragraph, its evaluation of the certified Complete EHR or certified Health IT Module must include all certification criteria prioritized by the National Coordinator that are part of the scope of the certification issued to the Complete EHR or Health IT Module.
(2) Minimum number of products selected per year. 2% of the Complete EHRs and Health IT Modules to which an ONC-ACB has issued a certification must be subject to randomized surveillance. [Reserved]
(3) Selection method. An ONC-ACB must randomly select (subject to appropriate weighting and sampling considerations) certified Complete EHRs and certified Health IT Modules for surveillance under this paragraph.
(4) Number and types of locations for in-the-field surveillance. For each certified Compete EHR or certified Health IT Module selected for randomized surveillance under this paragraph, an ONC-ACB must:
(i) Evaluate the certified Complete EHR or certified Health IT Module's capabilities at one or more locations where the certified Complete EHR or certified Health IT Module is implemented and in use in the field.
(ii) Ensure that the locations are selected at random (subject to appropriate weighting and sampling considerations) from among all locations where the certified Complete EHR or certified Health IT Module is implemented and in use in the field.
5) Exclusion and exhaustion. An ONC-ACB must make a good faith effort to complete in-the-field surveillance of a certified Complete EHR or certified Health IT Module at each location selected under paragraph (c)(4) of this section. If the ONC-ACB is unable to complete surveillance at a location due to circumstances beyond its control, the ONC-ACB may substitute a different location that meets the requirements of paragraph (c)(4) of this section. If no such location exists, the ONC-ACB may exclude the certified Complete EHR or certified Health IT Module and substitute a different randomly selected Complete EHR or Health IT Module to which it has issued a certification.(
(6) Prohibition on consecutive selection for randomized surveillance. An ONC-ACB is prohibited from selecting a certified Complete EHR or certified Health IT Module for randomized surveillance under this paragraph more than once during any consecutive 12 month period. This limitation does not apply to reactive and other forms of surveillance required under this subpart and the ONC-ACB's accreditation.
(d) Corrective action plan and procedures.
(1) When an ONC-ACB determines, through surveillance under this section or otherwise, that a Complete EHR or Health IT Module does not conform to the requirements of its certification, the ONC-ACB must notify the developer of its findings and require the developer to submit a proposed corrective action plan for the applicable certification criterion, certification criteria, or certification requirement.
(2) The ONC-ACB shall provide direction to the developer as to the required elements of the corrective action plan.
(3) The ONC-ACB shall verify the required elements of the corrective action plan, consistent with its accreditation and any elements specified by the National Coordinator. At a minimum, any corrective action plan submitted by a developer to an ONC-ACB must include:
(i) A description of the identified non-conformities or deficiencies;
(ii) An assessment of how widespread or isolated the identified non-conformities or deficiencies may be across all of the developer's customers and users of the certified Complete EHR or certified Health IT Module;
(iii) How the developer will address the identified non-conformities or deficiencies, both at the locations under which surveillance occurred and for all other potentially affected customers and users;
(iv) How the developer will ensure that all affected and potentially affected customers and users are alerted to the identified non-conformities or deficiencies, including a detailed description of how the developer will assess the scope and impact of the problem, including identifying all potentially affected customers; how the developer will promptly ensure that all potentially affected customers are notified of the problem and plan for resolution; how and when the developer will resolve issues for individual affected customers; and how the developer will ensure that all issues are in fact resolved.
(v) The timeframe under which corrective action will be completed.
(vi) An attestation by the developer that it has completed all elements of the approved corrective action plan.
(4) When the ONC-ACB receives a proposed corrective action plan (or a revised proposed corrective action plan), the ONC-ACB shall either approve the corrective action plan or, if the plan does not adequately address the elements described by paragraph (d)(3) of this section and other elements required by the ONC-ACB, instruct the developer to submit a revised proposed corrective action plan.
(5) Suspension. Consistent with its accreditation to ISO/IEC 17065 and procedures for suspending a certification, an ONC-ACB shall initiate suspension procedures for a Complete EHR or Health IT Module:
(i) 30 days after notifying the developer of a non-conformity pursuant to paragraph (d)(1) of this section, if the developer has not submitted a proposed corrective action plan;
(ii) 90 days after notifying the developer of a non-conformity pursuant to paragraph (d)(1) of this section, if the ONC-ACB cannot approve a corrective action plan because the developer has not submitted a revised proposed corrective action plan in accordance with paragraph (d)(4) of this section; and
(iii) Immediately, if the developer has not completed the corrective actions specified by an approved corrective action plan within the time specified therein.
(6) Withdrawal. If a certified Complete EHR or certified Health IT Module's certification has been suspended, an ONC-ACB is permitted to initiate certification withdrawal procedures for the Complete EHR or Health IT Module (consistent with its accreditation to ISO/IEC 17065 and procedures for withdrawing a certification) when the health IT developer has not completed the actions necessary to reinstate the suspended certification.
(e) Reporting of surveillance results requirements -
(1) Rolling submission of in-the-field surveillance results. The results of in-the-field surveillance under this section must be submitted to the National Coordinator, at a minimum, on a quarterly basis in accordance with § 170.523(i)(2).
(2) Confidentiality of locations evaluated. The contents of an ONC-ACB's surveillance results submitted to the National Coordinator must not include any information that would identify any user or location that participated in or was subject to surveillance.
(3) Reporting of corrective action plans. When a corrective action plan is initiated for a Complete EHR or Health IT Module, an ONC-ACB must report the Complete EHR or Health IT Module and associated product and corrective action information to the National Coordinator in accordance with § 170.523(f)(1)(xxii) or (f)(2)(xi), as applicable.
(f) Relationship to other surveillance requirements. Nothing in this section shall be construed to limit or constrain an ONC-ACB's duty or ability to perform surveillance, including in-the-field surveillance, or to suspend or terminate the certification, of any certified Complete EHR or certified Health IT Module as required or permitted by this subpart and the ONC-ACB's accreditation to ISO/IEC 17065.
[80 FR 62758, Oct. 16, 2015, as amended at 80 FR 76872, Dec. 11, 2015; 81 FR 72466, Oct. 19, 2016; 85 FR 25952, May 1, 2020]