1. 1 EHR-Q TN Main Conclusions & Recommendations Brussels, March 30 th 2012

2. Why certification? Brussels, March 30, 2012 2

3. Reasons for “Certification” eHealth and more specifically Electronic Health Record systems have an enormous potential to improve quality, accessibility and efficiency of care, provided they are: reliable, trustworthy and of sufficient quality; sharable and interoperable; used appropriately. Quality labelling and certification through professional third party assessment offers best chances for a comparable and reliable quality documentation of those systems. Brussels, March 30, 2012 3

4. But there is a quality issue Myers et al*. show that adverse events related to the use of EHR systems are mainly resulting from: missing or incorrect data; data displayed for the wrong patient; chaos during system downtime; system unavailable for use. Examples of reported incidents in healthcare where a medical information system was the cause or a significant factor: http://iig.umit.at/efmi/badinformatics.htm http://iig.umit.at/efmi/badinformatics.htm *Myers DB, Jones SL, Sittig DF, Review of Reported Clinical Information System Adverse Events in US Food and Drug Administration Databases, Applied Clinical Informatics 2011; 2: 63–74.

5. Some EHR quality “statements” 1.Patients are too important to just suppose that EHR systems are trustworthy. 2.Patient data should not be locked into one system or application. 3.Patients essential data should be made available anywhere anytime to health professionals authorised to access them. 4.Patient has the right to request confidentiality of some data to be handled while taking full responsibility for that option. 5.Patients’ data accesses should be audit-trailed. Brussels, March 30, 2012 5

6. A Norwegian statement… A recent Norwegian statement is an important one and based on a large experience in certifying “messages” (certifying all kind of standards based data exchange). T he Norwegian Ministry of Health and Care Services stated that “EHR Quality will be difficult to reach unless certification of the EHR systems is made mandatory”. Brussels, March 30, 2012 6

7. Not all EHR systems are good enough Selecting the most appropriate application from the correct vendor is a real challenge => importance of assessing the systems’ quality. Comprehensive and correct use is another important factor => Importance of training the users Importance of assessing the users Motivation for incentives for the users. Brussels, March 30, 2012 7

8. EHR Market: some considerations Very fragmented as expected May endanger quality of applications, though never proven. Not the privilege of the suppliers: also large number of “important stakeholders”. There is no one single nor homogeneous provision of healthcare in Europe, neither within one country Each profession needs a “different” application. Using the same application in several countries does not work. There is some market “concentration” Concentration of ownership No concentration of applications, even when the same name is used in different countries Brussels, March 30, 2012 8

9. One of the project conclusions The only approach that may work seems to be to increase harmonisation within diversity, offering more and more “similar” (not identical), functions based on the same basic functional and quality specifications. Brussels, March 30, 2012 9

10. 10 Roadmap towards a sustainable pan- European certification of EHR systems

11. Verification versus Validation Verification = technical correctness of the software application or component of an application. Verification attempts to answer the question “is the software built right (rightly)?” => medical device directive ? Validation = compliance of the application to the consumer’s / user’s functional expectations: is the application offering what it is expected to do? Validation attempts to answer the question “is the right software built?”=> procurement and functional validation ! Brussels, March 30, 2012 11

12. Five areas for quality labelling and certification Data exchange facilities (incl. IOP) Functionality (incl. some aspects of IOP) Administrative and billing facilities Use related measurements and validation Software development quality (out of scope, not specific for EHR systems) => Different expertise, different organisations Dublin, November 17-18 12

13. Actual Status of Quality Labelling and Certification Brussels, March 30, 2012 13

14. Procedure and kind of attestation Certification procedureAttestation granted Third party assessment by a CAB being a public authority or an organisation granted power by a public authority either by law or by regulation. Certificate Third party assessment by a CAB on requirements issued by an organisation not empowered by law or by regulation. Quality label Self-assessment with an external audit. Conformity assessment is done by the supplier and documented to a third party, being a public entity, a professional organisation or an industry federation. No “attestation” but a Quality Mark on the product is allowed Self-assessment by vendor who performed testing on his own products and affirms that they conform to a given set of requirements. Declaration of quality most suitable procedure

15. Diversified reality Two Tracks : “Authority driven” versus “Market Driven” Public initiative / Supplier initiative For the market driven approach: by an independent organisation or by an industrial organisation Two Methods: third party assessment versus self-assessment Two main Approaches: system functionality versus “Interoperability” testing National or even Regional Certification versus Cross-Border Quality Labelling Brussels, March 30, 2012 15

16. Actual “National” Certification Brussels, March 30, 2012 16 Existing “national” certification Foreseen within 1-2 years Considered

17. Conditions enabling “national certification” Consortium listed the top 5 enablers for a country wide certification: Stimulate the use of certified EHR systems by creating incentives (€). Create a legal framework enabling to define quality criteria for the EHR. Initiate a cooperative platform involving all stakeholders to define domain / profession specific quality criteria for the different EHR settings (GP, secondary care, …). Stimulate the use of certified EHR systems by offering services (e.g. simplification of administrative procedures). Initiate a cooperative platform involving all stakeholders to define overall quality criteria for the EHR. Brussels, March 30, 2012 17

18. Impact of “national” certification Consortium listed the top 5 good reasons to adopt country wide EHR certification: Assure compliance to national rules and standards. Increase quality of the products through coherent and pre-tested functionality. Leverage exchange of health (care) related data and interoperability of systems. Improve patient safety in care. Have a reliable data source for secondary use. Brussels, March 30, 2012 18

19. Actual “cross border” quality labelling There is no “authority driven” cross- border certification. The three “private” initiatives are indeed border-independent: EuroRec: independent, focus on EHR systems (functional and exchange as function) I.H.E.: industry driven, focus on testing the exchange and the technical interoperability Continua Health Alliance: industry driven, focus on devices content portability Brussels, March 30, 2012 19

20. Quality Requirements applicable to Quality Labelling and Certification Brussels, March 30, 2012 20

21. Stakeholders & Functional Diagram - Applicable standards Brussels, March 30, 2012 21 ISO/IEC 17020 => <= ISO/IEC 17011 ISO/IEC 17025 =>

22. Applicable standards Brussels, March 30, 2012 22 StakeholderApplicable ISO/IEC Standard Accreditation BodyISO/IEC 17011:2004 ISO 9000:2000 ISO/IEC 17000:2004 VIM:1993 Certification BodyISO/IEC Guide 65 Conformity Assessment BodyISO/IEC 17025:2005 [ 1] [ 1] General requirements for accreditation bodies accrediting conformity assessment bodies (ISO/IEC 17011:2004) - Quality management systems – Fundamentals and vocabulary (9000:2000) [2] [2] Conformity assessment – Vocabulary and general principles (ISO/IEC 17000:200) [3] [3] International vocabulary of basic and general terms in metrology (VIM:1993) [4] [4] General requirements for bodies operating product certification systems (ISO/IEC Guide 65) [5] [5] General requirements for the competence of testing and calibration laboratories (ISO/IEC 17025:2005)

23. Recommendations (about the process) Brussels, March 30, 2012 23 Discretion and Confidentiality Impartiality Openness Distinct roles involved organisations Independence Initial Documentation Rules of Evaluation Testing Documentation Documentation of the process

24. Recommendations (about the process) Brussels, March 30, 2012 24 Involvement of all stakeholders Distinguish generic and domain specific Consider national / regional variants Content to be validated / tested Precise unambiguously the version of the SW Limit the validity to intended user group(s) Limit validity to region or country (if applic.) Limitations of Certificate or Label Pay attention to effective use to realise full added value Effective Use

25. Towards more generalised and systematic Quality Labelling and Certification Brussels, March 30, 2012 25

26. Prerequisite “ If quality labelling and certification of EHR systems is to become generalised, then it needs endorsement at the highest competent levels e.g. by the EU Commission, the responsible Member States Ministries, the Healthcare Providers Organisations and the specialised industry.” Brussels, March 30, 2012 26

27. Roll-out approaches Mandatory Easier to implement a long term strategy Only possible when the use of EHR is made mandatory Voluntary Slower take-up Important efforts in consensus building Incentivised The best of two worlds with patient empowerment Incentives are not for free Brussels, March 30, 2012 27

28. Improve the European Dimension Healthcare still a national competence. Dual approach only realistic one: Extend the National Certification (deepening) Incremental upgrade of cross-border initiatives Recognition of national certificates. European “incentives” for using certified systems. Brussels, March 30, 2012 28

29. Recommendations Brussels, March 30, 2012 29

30. Recommendations Legal and regulatory framework Create and harmonise the legal and regulatory framework stimulating national or regional authorities to enforce the use of quality labelled and certified applications. Clarify the role of Directive 2007/47/EC regarding software development aspects, EHR functional aspects and Data-Exchange related issues Involvement of stakeholders Certification bodies should be accredited and compliant to international standards, more precisely ISO 17020. Favour cooperation between all service providers active in different areas of quality labelling and certification of EHR systems: administrative data exchange, clinical data exchange and system functionality. Create an advisory platform involving all stakeholders to agree on content and feasibility of requirements. Brussels, March 30, 2012 30

31. Recommendations (2) Technical Framework It is highly recommended to strengthen the European scale pioneering initiatives (EuroRec / I.H.E) in order to keep certification on the agenda and invest in maintenance and expansion of the actual descriptive statements and profiles. Address the issue of personnel shortage in health informatics in general and more specifically in health informatics quality assessment. Quality labelling and certification process Third party assessment is the most suitable procedure for the still immature market of EHR systems It is strongly recommended to start “small”, to evaluate effectiveness and to increase focus step by step The incentivised model seems the most promising, surely for self-employed healthcare professionals Brussels, March 30, 2012 31

32. Recommendations: cross-border Strengthen national certification in order to improve average quality and to enable in a second step the Trans-European harmonisation, improving comparability and portability of content. Promote equivalence of certificates across Europe by validating at European level both the functional descriptive statements of EuroRec and the IHE profiles. Consider the possibility to create a cross-border “Register of Quality Labelled or Certified Clinical Software”, offering information about the products (complete EHR systems as well a software modules) and documentation about the certification process. Brussels, March 30, 2012 32

33. What could the future bring? Brussels, March 30, 2012 33

34. Certification Authority driven national certification will progress progressively: because quality now becomes an issue because the authorities want to influence the products There is nevertheless a risk that these efforts aren’t coordinated and comparable re-usable outside country of certification Brussels, March 30, 2012 34

35. Conclusions Market driven QL should be supported, independent and freely accessible. Functional certification should be comparable and documented in the same way across borders by using an EHR functional descriptive language. Comparable national certification facilitates interoperability. One-stop shopping regarding both data exchange and functionality quality labelling could boost the quality labelling and certification activities. Brussels, March 30, 2012 35