170.423—Principles of proper conduct for ONC-ATCBs.
An ONC-ATCB shall:
(a)
Operate its certification program in accordance with ISO/IEC Guide 65:1996 (incorporated by reference in § 170.499) and testing program in accordance with ISO/IEC 17025:2005 (incorporated by reference in § 170.499 );
(b)
Maintain an effective quality management system which addresses all requirements of ISO/IEC 17025:2005 (incorporated by reference in § 170.499 );
(d)
Maintain a training program that includes documented procedures and training requirements to ensure its personnel are competent to test and certify Complete EHRs and/or EHR Modules;
(e)
Use test tools and test procedures approved by the National Coordinator for the purposes of assessing Complete EHRs and/or EHR Modules compliance with the certification criteria adopted by the Secretary;
(7)
Other such matters that may otherwise materially affect its ability to test and certify Complete EHRs and/or EHR Modules;
(g)
Allow ONC, or its authorized agents(s), to periodically observe on site (unannounced or scheduled) during normal business hours, any testing and/or certification performed to demonstrate compliance with the requirements of the temporary certification program;
(h)
Provide ONC, no less frequently than weekly, a current list of Complete EHRs and/or EHR Modules that have been tested and certified which includes, at a minimum:
(5)
The clinical quality measures to which a Complete EHR or EHR Module has been tested and certified;
(6)
Where applicable, any additional software a Complete EHR or EHR Module relied upon to demonstrate its compliance with a certification criterion or criteria adopted by the Secretary; and
(7)
Where applicable, the certification criterion or criteria to which each EHR Module has been tested and certified.
(i)
Retain all records related to tests and certifications according to ISO/IEC Guide 65:1996 (incorporated by reference in § 170.499) and ISO/IEC 17025:2005 (incorporated by reference in § 170.499) for the duration of the temporary certification program and provide copies of the final results of all completed tests and certifications to ONC at the conclusion of testing and certification activities under the temporary certification program;
(1)
Requests for testing and certification that are withdrawn while its operations are suspended by the National Coordinator;
(3)
Previous testing and certification that it performed if its conduct necessitates the recertification of Complete EHRs and/or EHR Modules;
(k)
Ensure adherence to the following requirements when issuing a certification to Complete EHRs and/or EHR Modules:
(1)
All certifications must require that a Complete EHR or EHR Module developer conspicuously include the following text on its Web site and in all marketing materials, communications statements, and other assertions related to the Complete EHR or EHR Module's certification:
(i)
“This [Complete EHR or EHR Module] is 201[X]/201[X] compliant and has been certified by an ONC-ATCB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services or guarantee the receipt of incentive payments.”; and
(ii)
The information an ONC-ATCB is required to report to the National Coordinator under paragraph (h) of this section for the specific Complete EHR or EHR Module at issue;
(2)
A certification issued to an integrated bundle of EHR Modules shall be treated the same as a certification issued to a Complete EHR for the purposes of paragraph (k)(1) of this section except that it must also indicate each EHR Module that comprises the bundle; and
(3)
A certification issued to a Complete EHR or EHR Module based on applicable certification criteria adopted by the Secretary at subpart C of this part must be separate and distinct from any other certification(s) based on other criteria or requirements.