ONC-Authorized Certification Bodies (ONC-ACBs) are required to conduct ongoing surveillance activities to assess whether certified health IT not only meets the requirements of certification in a controlled testing environment, but also continues to do so when implemented and used in a production environment ("in-the-field"). Similarly, ONC-ACBs must conduct surveillance to assess whether developers of certified health IT comply with other requirements (e.g., mandatory disclosure of all known material types of costs, proper use of the ONC Certified Health IT Certification and Design Mark) under the Program. ONC-ACBs must develop annual surveillance plans in accordance with ONC-issued guidance outlining their approach to meeting the Program’s requirements for surveillance.
- Reactive Surveillance: An ONC-ACB must initiate reactive surveillance—including, as necessary, in-the-field surveillance—of a certified Health IT Module whenever it becomes aware of facts or circumstances that would cause a reasonable person to question the conformity to the requirements of its certification.
- Randomized Surveillance: ONC-ACBs are also permitted, at their discretion, to conduct randomized surveillance of certified health IT.
Note that a complaint does not always trigger surveillance activities. ONC-ACBs are required to receive, log, and assess complaints for validity and to determine whether there is cause to investigate.
When an ONC-ACB determines a Health IT Module does not meet a requirement of its certification, the product is considered “non-conforming,” and the ONC-ACB must notify the health IT developer of the finding. The health IT developer must then work with the ONC-ACB to develop a corrective action plan (CAP) to resolve the identified deficiency(ies) that led to the finding(s) of non-conformity and bring the product back into compliance. CAPs must contain certain required elements, including:
- A description of the non-conformity(ies) and related deficiency(ies);
- How widespread the problem may be across the health IT developer’s other customers and users;
- How the health IT developer will address the problem for all potentially affected customers and users;
- How the health IT developer will ensure that all potentially affected customers and users are alerted and that their issues are resolved;
- The timeframe in which all corrective action must be completed; and
- An attestation by the health IT developer that it has completed all elements of the approved CAP.
If the non-conformities are not resolved in accordance with the CAP, an ONC-ACB will follow its procedures to suspend and/or withdraw the certification of the Health IT Module.
ONC Surveillance Guidance
ONC periodically issues guidance for ONC-ACBs outlining priority topics and specific elements of surveillance that should be included in ONC-ACBs’ surveillance plans:
- ONC HIT Certification Program; Program Policy Resource #18-03 – ONC-ACB Surveillance Resource – October 5, 2018