Comments to RIN 0955-AA02

From IDESG Wiki
Revision as of 22:12, 8 November 2020 by Tomjones (talk | contribs) (→‎Comments)
Jump to navigation Jump to search

Full Title

Comments to RIN 0955-AA02 at the Federal Register Rule on "Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency"

Context

Comments are due at this site before 2021-01-04. Attachments should be in Microsoft Word, Microsoft Excel, or Adobe PDF; however, they prefer Microsoft Word.

  • However, the rules went into effect on 2020-11-04 and 2020-12-04.
  • The IFC also updates certain standards in the Program, and makes necessary corrections and clarifications to the ONC Cures Act Final Rule, which was published in the Federal Register on May 1, 2020 (85 FR 25642), and became effective on June 30, 2020
  • References below are all to 45 CFR Subtitle A Subchapter D.

Comments

  1. The Certificate of Compliance (CoC). - Basis and scope - (sec. 170.400) Clearly applies to Software used by EHR. It is proposed that it be clarified that the certification for User Apps be a CoC and that a digital version be developed. The Kantara Initiative has published a draft candidate for this digital version as an implementor's report at this location and has stated to develop Software Compliance Attestations to use to acquire the Certificate of Compliance. The addition of this proposed approach to software applications in user devices is considered to involve the least effort by the ONC and to yield the most consistent results across the technology community.
  2. Section 170.315 (certification criteria) (d)(13)(ii) current text. "When attesting “no,” the health IT developer may explain why the Health IT Module does not support authentication, through" suggested test "When attesting “no,” the health IT developer MUST explain HOW the Health IT Module ASSURES ADEQUATE authentication WITHOUT USING"