Software Compliance Attestation: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 2: Line 2:
A [[Software Compliance Attestation]] is a machine readable packet that can be sent by a software application to a [[Relying Party]] attesting to the application source and compliance status.
A [[Software Compliance Attestation]] is a machine readable packet that can be sent by a software application to a [[Relying Party]] attesting to the application source and compliance status.
==Context==
==Context==
The final rule
The [https://www.federalregister.gov/documents/2020/05/01/2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification#footnote-1-p25644 final rule on the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program] (issued 2020-05-01) has a fairly large chunk of guidance including:
* First the FDA part is interesting because upload of data to the EHR would probably trigger section 618 of FDASIA. SO
* Secition III Application registration = We encourage health IT developers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - However, implementers of § 170.315(g)(10)-certified Health IT Modules (e.g., health care providers) are not permitted to review or “vet” third-party applications intended for patient access and use (see section VII.C.6 of this preamble). We clarify that the third-party application registration process that a health IT developer must meet under this criterion is not a form of review or “vetting” for purposes of this criterion.
*
 
==References==
==References==


[[Category: Compliant Implementations]]
[[Category: Compliant Implementations]]

Revision as of 23:46, 27 May 2020

Full Title

A Software Compliance Attestation is a machine readable packet that can be sent by a software application to a Relying Party attesting to the application source and compliance status.

Context

The final rule on the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program (issued 2020-05-01) has a fairly large chunk of guidance including:

  • First the FDA part is interesting because upload of data to the EHR would probably trigger section 618 of FDASIA. SO
  • Secition III Application registration = We encourage health IT developers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - However, implementers of § 170.315(g)(10)-certified Health IT Modules (e.g., health care providers) are not permitted to review or “vet” third-party applications intended for patient access and use (see section VII.C.6 of this preamble). We clarify that the third-party application registration process that a health IT developer must meet under this criterion is not a form of review or “vetting” for purposes of this criterion.

References