We thought we would take the time to run some background on the latest electronic medical record software certifying organization to appear on the ONC-CHPL, InfoGard. We wanted to figure out why they aren’t as prominent on the ONC-CHPL as Drummond and CCHIT. It was found that there is in fact good reason. Apparently, they are “kind of a big deal” in development of Meaningful Use guidelines…
History of InfoGard Labs
InfoGard has been operating in HIT devices and data since its inception 1993 as the first FIPS 140 standards development and testing lab. What is FIPS 140 you ask? Well it is a certification standard co- developed by InfoGard and the NIST for creation and implementation of cryptographic modules; specifically for non-defense government agencies (think Social Security and of course HHS). InfoGard still conducts these testing measures and is improving on them. It is the standard used to modularly protect confidential information transmission. It covers both software modularity and any hardware based security measures as well. FIPS-140.
A specific example of some of the work they are doing within HIT is smartcards. They are currently testing the various smartcard technologies for identification purposes of those users accessing NHIN and other EHR technology for electronic medical records regulation. Biometric security is also of note in their product lines, as they are currently testing various applications to be implemented in HIT workspace; not to mention the lab’s involvement in medical wireless device crypto modules. All in all, InfoGard Labs are very involved in Health Information Technology, at fundamental and infrastructural levels.
InfoGard as an ONC-ATCB
This legacy of medical device standards testing made InfoGard a natural choice to become an authorized Meaningful Use testing and certification body. InfoGard recognizes the importance of the ONC requirements for security of “data in-motion” and “data at rest.” And with its involvement in the aforementioned NIST standards development, their influence is ingrained in Meaningful Use. The issues involved in updating disparate software systems while maintaining interoperability are quite extensive. Thus, the importance of NIST standards when operating in a national health network cannot be understated. That is really what the ATCBs are performing; they are making sure the vendor software doesn’t stray too far of a path of development toward security, interoperability and common adoption.
Now one of the reasons they haven’t been as active in ONC EHR certification is their current project working with the Department of Veterans affairs. They are tasked with implementing even more stringent security standards and testing for the records and technology at the Veteran’s Hospital; again with the core of FIPS standards they helped establish. Those are just the HIT clients. I haven’t even mentioned their involvement with the financial industry through credit card security issues (recent testing for MasterCard) or their work in developing thoughts and processes to secure the ARRA SmartGrid developments.
So they have four EHRs slated to be listed for certification in the CHPL over the next week or so, and a full schedule beyond that. They are also offering an additional testing service in the areas of patient data security, which is going to be available around the first of the next month. It is called Breech Safe Harbor Gap Analysis. This new service will look at the EHR and describe where vendors need to improve to meet the data at rest and data in motion requirements laid out by the ONC, so the EHR could meet criteria to come in the future.
(EHR Scope would like to thank Douglas Biggs and Mac Brinton)
About InfoGard Laboratories
InfoGard has been instrumental in developing a number of government and private sector test and certification programs, including NIST’s Cryptographic Module Validation Program, programs for postage metering systems in five western countries, and two programs for the payment card industry. InfoGard is also an accredited Common Criteria laboratory. This experience has provided InfoGard the ability to collaborate successfully with many different organizations in the development of IT testing and certification programs. InfoGard is independent, self-funded and employee owned. For further information, please visit www.infogard.com.
About EHR Scope, LLC
EHR Scope is a leader in EHR consulting and education. They offer a variety of valuable resources to help physicians and practices navigate their way through the EMR implementation process. EHR Scope includes a network of resources for EHR comparison, multimedia industry news and information vital to operating within current Healthcare legislation and guidelines for ARRA stimulus HITECH act. Check out www.ehrscope.com and www.ehrtv.com for more information.