Kantara hosted API to show what apps or developers meet the requirements
Supports due diligence
Jeff: Will there be testing of assertions? (not at the moment)
Rule only states app must be made by certified app developer, so the app needs a cert mark for the user to know if it used a certified developer
Self-assertion is US centric, outside third party assertion is normally required, can evolve to a third party process (precedents: CCHIT.org, DEA/NIST rules forbidding electronically prescribing controlled substances, Surescripts); Pete: CCHIT provided test suites
Healthcare record providers key grant beneficiary
ONC allows (in the commentary, not the rule) EHR to insist that the app used to access and transfer records is developed by a certified developer; Catherine will look at the rule
Sites are being sued for damages for releasing consumers private information. Expect CIOs to enforce requirement certified developer.
EHR creates “tethered patient portals” which are hard for patients or their proxies to access. Creates a conflict of interest.