Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Monday, May 03, 2010

Certification and Compliance - Has this Been Made Just Too Complicated or Does it Have to Be?

NEHTA has just released a couple of documents covering what they term the Compliance, Conformance and Accreditation (CCA) stream of NEHTA’s overall work program.

The documents are found here:

http://www.nehta.gov.au/connecting-australia/cca

With the specific documents being here:

http://www.nehta.gov.au/component/docman/doc_download/995-cca-assessment-concept-of-operations-december-2009

and here:

http://www.nehta.gov.au/component/docman/doc_download/994-national-e-health-certification-capability-discussion-paper

The second document presents a possible framework for the operation of CCA and the first a concept of operations.

In part this work stream flow from the Deloittes National E-Health Strategy.

This is the relevant section.

R-2.2 Establish a National Compliance Function

Establish a compliance function and associated compliance processes and procedures to conduct testing and certification of E-Health solutions for compliance with E-Health standards

Description

A compliance regime is a key mechanism for driving adoption of standards within E-Health solutions. A key requirement for a compliance regime is the establishment of a compliance function that is responsible for testing E-Health solutions and certifying their compliance with Australian E‑Health standards.

There is a need to establish a national compliance function to drive the development of national E-Health solutions that comply with E-Health standards and can be integrated and scaled across the Australian health sector. A national compliance function will allow vendors and care providers to ensure that E-Health solutions that are developed and purchased are compliant with Australian E-Health standards.

Establishment of the compliance function will require the formation of an organisation with sufficient mandate and authority as well as the development of appropriate testing processes, procedures and testing criteria. The compliance function should also have responsibility for liaising with vendors together with development and publication of testing criteria, a testing schedule and progressive targets. Adopting a progressive approach to compliance testing will allow vendors to incrementally enhance their products as the use of E‑Health in the Australian health sector matures.

NEHTA has undertaken some research into different models that can be used for compliance functions. This research should be considered together with existing local and international compliance models such as the TGA (Australia), the FDA and the Certification Commission for Health Information Technology (USA), and Infoway (Canada) in determining the design of the E-Health compliance function.

Specific Actions

In order to establish an E-Health solutions compliance function it is recommended that the following actions be undertaken:

· Establish a compliance function that has sufficient authority, funds, infrastructure and resources to conduct an effective national E-Health solutions testing and certification program.

· Design and implement appropriate compliance testing processes and technical environments.

· Develop and publish the set of criteria against which IT systems will be certified as being E-Health compliant. These criteria should be based on the principle of setting progressive targets to be achieved over a rolling three year timeframe.

In browsing these documents the main response I had was that this whole work stream seemed to be a little disconnected from practicality and reality.

Let me say at the outset the objective of setting up some processes for qualifying products and implementations for utility, functionality, safety, reliability and so on is a more than worthy one.

The issues I see are in working out how to do it cost effectively and in a credible fashion.

It is fascinating that on Page 5 of the discussion document we read:

“Certification of ehealth products is a commercially sensitive undertaking and a growing trend within the global ehealth marketplace. Accredited certification is considered the ‘gold standard’ for product assurance, and there is no current example of this within the global marketplace for any information systems in any industry sector, let alone the ehealth sector (inclusive of CCHIT and Canada’s Infoway). As a consequence, it will take time and careful consideration to understand the operations of accredited certification and the requirements to design and operate this capability in-line with national and global marketplace standards and best practices.”

The Concept of Operations Document has a similar assessment that indicates to me this area is very difficult to address (Page 11)

"International capability

Conformity assessment of e-health products across international jurisdictions exhibits a diversity of approaches and levels of maturity in-line with national e-health programs. Due to the intrinsic heterogeneity of national economies and significant lack of parity across the levels of national investment for both e-health programs and their supporting conformity assessment frameworks, a standardised approach and degrees of international alignment are yet to be realised.

In contrast with other more mature sectors and globally traded industries, e-health has yet to establish and realise the benefits of internationally portable and nationally recognised conformity assessment results for both testing and certification. Accredited test results and accredited product certifications are able to use the international multilateral agreements and frameworks for mutual recognition through either the International Laboratory Accreditation Cooperation (ILAC) or the International Accreditation Forum (IAF) multilateral recognition agreements (MRAs).

Despite this limitation, there are still significant conformity assessment programs either in operation or under development in various national jurisdictions. Examples of some of the more mature and prominent e-health conformity assessment regimes are:

· Common Assurance Process (CAP) for the UK Connecting for Health program using the National Integration Centre;

· Certification Commission for Health Information Technology (CCHIT) in the USA; and

· Canada Health Infoway Certification Services

These conformity assessment programs rely predominantly on automated testing and inspection activities although none are at present accredited by their respective peak national accreditation bodies for testing and/or certification. More information on this and its implications may be found in the Discussion Paper for the National Certification Capability for E-Health: Towards a Concept of Operations [CCACERTCAP]."

What is read here is that this is a very complex area and that we are going to have to move pretty slowly and feel our way.

Maybe, just maybe, an good approach might be to carefully review what is working in the three international jurisdictions and then assess where the most value can be added to our overall health sector.

I have to say focus in ensuring already promulgated Australian Standards in areas like messaging would be a good area to start as we aim to develop capability.

I would also like to see any Certification and Conformance function be separated from NEHTA and guided by a board that has an appropriate mix of commercial, clinical and technical skills.

What is good about these documents is the recognition that a lot of consultation will be needed to get something workable, practical and cost effective.

If there is a major gap I see there seems to be a lack of clarity as to just what the likely costs of all this might be and what the benefits will be to each of the stakeholders. I think this area needs a bit more work.

There may also be a bit of a gap between the words and reality in what NEHTA is presently able to do (as stated on the website) – given the clear ‘work in progress’ nature of these just released document.

These documents will definitely make interesting reading once developed and released.

Assessment scheme

NEHTA is creating an Assessment Scheme for each of its major e-health specifications. The documentation will describe the process for assessing compliance and conformance for NEHTA’s e-health specifications and the assistance that NEHTA provides to organisations performing the assessment.

The Assessment Scheme documentation will give the following information:

  • who may perform assessment (eg the scope of self assessment and the role of independent test laboratories and inspection bodies)
  • guidance concerning assessment methods, test specifications and test tools
  • levels of conformance and the timeframes for achieving conformance
  • guidance concerning conformance claims by implementers and the presentation of assessment results.

For most e-health specifications, NEHTA will also provide conformance test specifications and a comprehensive list of test cases to be used in conformance testing. NEHTA may also provide test software and assistance in understanding e-health specifications.”

I suggest those who are likely to be affected have a close read of the web site and the two documents – and form their own view!

David.

1 comment:

Andrew McIntyre said...

Hi David,

the brochures are well laid out, with nice pictures and lots of smiling faces. There are a lot of words and good intentions as well.

What is lacking is any real attempt to improve the eHealth environment as it stands. The current eHealth environment is not going to go away and AHML compliance could make a huge difference to whats happening now.

Alas I do not see any plans to actually progress the issues that are relevant now and actually improve the situation now. The time for action is now.

Andrew McIntyre