September 20, 2010, San Luis Obispo, California. InfoGard Laboratories, the nation’s first accredited IT security testing laboratory, is approved by the Health and Human Services, Office of the National Coordinator for Health IT as an ONC-Authorized Testing and Certification Body (ONC-ATCB) for the certification of Complete EHRs and EHR Modules for both ambulatory and inpatient settings. Eligible professionals and hospitals may collect incentive payments through meaningful use of EHR technology capable of meeting the criteria to support meaningful use under the American Recovery and Reinvestment Act (ARRA).
“We are pleased to be among the first IT laboratories to be authorized by ONC to certify EHRs” said Maclynn Brinton, President of InfoGard Laboratories. “Subsequent to accreditation by NIST in 1995 as the nation’s first IT security testing laboratory, InfoGard has developed and participated in numerous government and private sector certification testing programs. We have successfully adapted our processes to support the ONC meaningful use EHR certification requirements for stage one and we will work with both ONC and NIST as requirements are developed for the stage two program. InfoGard will be the source of many healthcare IT compliance services, including HIT certification to current and future regulatory requirements.
Recent polls confirm that preventing healthcare breaches is the number one concern of health IT decision-makers (http://www.healthcareitnews.com/news/survey-data-breach-prevention-top-mind-it-decision-makers). In addition, surveys indicate that providers will not fully embrace e-prescriptions until applications can accommodate controlled substances. Both breach safe harbor and e-prescription of controlled substances require the implementation of NIST privacy and security standards. InfoGard is the only ATCB that is also NIST accredited to assist EHR vendors with achieving compliance with these NIST standards.
About InfoGard Laboratories
InfoGard has been instrumental in developing a number of government and private sector test and certification programs, including NIST’s Cryptographic Module Validation Program, programs for postage metering systems in five western countries, and two programs for the payment card industry. InfoGard is also an accredited Common Criteria laboratory. This experienced has provided InfoGard the ability to collaborate successfully with many different organizations in the development of testing and certification programs. InfoGard is independent, self-funded, and employee owned. We offer no hardware, software, or system products and we do not provide contract hardware or software design services.
In the early 1990s, InfoGard’s founders collaborated with NIST on FIPS 140-1 using a worked example to develop testing requirements. Then, when the USPS was experiencing $350 million per year of postal meter fraud, InfoGard developed validation testing requirements for the first cryptographically secure postage meters. In the late 1990s, InfoGard collaborated with Visa to develop and implement the first testing program for PIN Entry Devices (point-of-sale terminals and ATMs). More recently, InfoGard collaborated with the Payment Card Industry Council (a corporation owned by VISA, MasterCard, American Express, Discover Card, and JCB) to develop and implement a certification process for approving vendors that scan merchant networks for security flaws.
InfoGard’s consistent success with these programs demonstrates our ability to apply IT security knowledge, project management, and most importantly, collaborative skills. This has enriched our interactions with key constituencies and propagated successful new testing and certification programs.