With the recent passage of the HITECH provisions of the stimulus package, attention has rightly focused on certification standards for electronic health records.  According to CCHIT, there are currently 75 fully certified ambulatory electronic health records (2007 and 2008), and another 14 certified inpatient electronic health records.  Given the requirement in the HITECH provisions that only certified EHRs would qualify clinicians for the available incentives, that number will likely increase quickly. 

However in addition to certification of electronic health records, CCHIT recently offered a certification program for health information exchange (HIE).  The basic features are:

• HIE certification is focused on entities legally responsible for the oversight, management and delivery of services for the exchange of health information.   Currently it is not for product vendors.  This is a key difference compared to EHR certification which is designed for vendors.  Like EHR certification, the HIE certification lasts two years.
• Organizations legally responsible for information exchange may contract with third parties to provide software, hardware, network and actual exchange services, but the applicant organization is responsible for demonstrating compliance with the certification criteria.
• The HIE certification program focuses on operational HIEs, rather than testing in a development environment.  This is a significant difference compared to most other CCHIT certification programs, such as EHRs.
• Testing covers both security and interoperability.  According to CCHIT, to achieve certification an HIE must meet all security requirements and must also demonstrate the ability to receive and send one type of message, including lab results, lab reports or CCD summary documents.
• As would be expected, HIE certification relies first and foremost on accurate patient identity matching, protection of protected health information (PHI), data integrity and non-repudiation checking, and audit logging/error tracking.

Of note, HIE certification is available for both community health information exchanges and “proprietary” HIEs.   The value to a proprietary organization would lie in an organization’s ability to provide an exchange for providers with certified interoperable EHRs, and in demonstrating evidence of a trusted, secure connection. This could also mean HIE certified hospitals and IDNs could potentially use HIE certification to comply with the “meaningful use” criteria for incentive qualifications as they are developed by CMS.  Second, the certification’s expectation that an HIE can exchange either lab results or patient summary information is very consistent with a hospital being the primary “sender” of information to community physicians.    While CCHIT does not currently have vendor-specific HIE certification standards, it is certainly something that may be on the horizon.