The Department of Health & Human Services through the Office of the National Coordinator for Health Information Technology recently updated the process for certification of health information technology. Some of the modifications are intended to address use of artificial intelligence in health IT systems. ONC's certification is required for certain programs, such as where the health IT will be used for Medicare and Medicaid Incentive programs. It is optional for others. Those who are already certified will need to update their certifications. Those seeking new certifications will be subject to the new process.
The certification process requires developers of health IT to demonstrate that their products satisfy certain criteria. The demonstration can be completed through documentation or through inspection which must be approved by the Office of the National Coordinator for Health Information Technology. The updated certification process applies to health IT systems that use predictive modeling to assist with decision making (often referred to as "DSIs"). In particular, those that use training data for that modeling. Of particular interest, companies that want to have their systems certified will need to demonstrate conformance to the appropriate criteria while also demonstrating that they:
- Have taken steps to ensure that users understand how the DSI works. As part of this, give users access to underlying information about the DSI's design and development.
- Conducted risk practice assessments on the health IT and publish a summary of these practices publicly.
If your health IT is already certified, you will need to update your product and certification to ensure they satisfy the new criteria. If you do not complete the necessary updates, you may forfeit certification. Looking ahead, developers of health IT incorporating predictive DSIs must comply with the updated criteria by the end of 2024. That said, the rule spaces out many of the other new requirements over a period of years.
Putting It Into Practice: Developers that wish to secure certification should review these requirements to assess whether their products satisfy the new criteria or need to be adjusted. Developers that wish to maintain certification should review these requirements and start updating their certifications to avoid forfeiture.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.