Comments to RIN 0955-AA02: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 9: Line 9:


==Comments==
==Comments==
# The Certificate of Compliance (CoC). - Basis and scope - (sec. 170.400) Clearly applies to Software used by EHR. It is proposed that it be clarified that the certification for User Apps be a CoC and that a digital version be developed. The Kantara Initiative has published a draft candidate for this digital version as an implementor's report at [https://kantarainitiative.org/download/kantara-mobile-assurance-statement/ this location] and has stated to develop [[Software Compliance Attestation]]s to use to acquire the Certificate of Compliance. The addition of this proposed approach to software applications in user devices is considered to involve the least effort by the ONC and to yield the most consistent results across the technology community.
# The Certificate of Compliance (CoC). - Basis and scope - (sec. 170.400 or earlier if appropriate). Clearly applies to Software used by EHR. It is proposed that it be clarified that the certification for User Apps be a CoC and that a digital version be developed. The Kantara Initiative has published a draft candidate for this digital version as an implementor's report at [https://kantarainitiative.org/download/kantara-mobile-assurance-statement/ this location] and has stated to develop [[Software Compliance Attestation]]s to use to acquire the Certificate of Compliance. The addition of this proposed approach to software applications in user devices is considered to involve the least effort by the ONC and to yield the most consistent results across the technology community.
# Section 170.315 (certification criteria) (d)(13)(ii) current text. "When attesting “no,” the health IT developer may explain why the Health IT Module does not support authentication, through" suggested test "When attesting “no,” the health IT developer MUST explain HOW the Health IT Module ASSURES ADEQUATE authentication WITHOUT USING"
# Section 170.315 (certification criteria) (d)(13)(ii) current text. "When attesting “no,” the health IT developer may explain why the Health IT Module does not support authentication, through" suggested test "When attesting “no,” the health IT developer MUST explain HOW the Health IT Module ASSURES ADEQUATE authentication WITHOUT USING"
[[Category:Health]]

Latest revision as of 02:03, 18 February 2021

Full Title

Comments to RIN 0955-AA02 at the Federal Register Rule on "Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency"

Context

Comments are due at this site before 2021-01-04. Attachments should be in Microsoft Word, Microsoft Excel, or Adobe PDF; however, they prefer Microsoft Word.

  • However, the rules went into effect on 2020-11-04 and 2020-12-04.
  • The IFC also updates certain standards in the Program, and makes necessary corrections and clarifications to the ONC Cures Act Final Rule, which was published in the Federal Register on May 1, 2020 (85 FR 25642), and became effective on June 30, 2020
  • References below are all to 45 CFR Subtitle A Subchapter D.

Comments

  1. The Certificate of Compliance (CoC). - Basis and scope - (sec. 170.400 or earlier if appropriate). Clearly applies to Software used by EHR. It is proposed that it be clarified that the certification for User Apps be a CoC and that a digital version be developed. The Kantara Initiative has published a draft candidate for this digital version as an implementor's report at this location and has stated to develop Software Compliance Attestations to use to acquire the Certificate of Compliance. The addition of this proposed approach to software applications in user devices is considered to involve the least effort by the ONC and to yield the most consistent results across the technology community.
  2. Section 170.315 (certification criteria) (d)(13)(ii) current text. "When attesting “no,” the health IT developer may explain why the Health IT Module does not support authentication, through" suggested test "When attesting “no,” the health IT developer MUST explain HOW the Health IT Module ASSURES ADEQUATE authentication WITHOUT USING"