web stats
Mirth Certification and Meaningful Use - Mirth Community

Go Back   Mirth Community > Mirth Connect > General Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 05-02-2013, 02:04 PM
wit-man wit-man is offline
OBX.2 Kenobi
 
Join Date: Apr 2012
Posts: 76
wit-man is on a distinguished road
Default Mirth Certification and Meaningful Use

Good afternoon all,

I have had some discussions with representatives from Mirth and they informed me that they won't be certifying Mirth for Meaningful Use. In discussions with legal council, they stated that if the interface engine manipulates your data in any way, it must be certified to meet meaningful use standards.

So, for example, if you move or copy a value from one segment to another, that is manipulation. If you make any changes whatsoever to the original message, that is manipulation and it must be certified.

Since MirthCorp is not going to certify this, it is left up us to self-certify or find a new interface engine. So I was wondering what everyone was doing about this. Ideas or comments would be appreciated. Thanks.
Reply With Quote
  #2  
Old 05-04-2013, 08:11 AM
rwilson@ClaimTrak.com rwilson@ClaimTrak.com is offline
OBX.2 Kenobi
 
Join Date: May 2012
Posts: 74
rwilson@ClaimTrak.com is on a distinguished road
Default

Under which section would you feel that Mirth would need to Certify for Meaningful use?

I do not see any requirements in the Certification testing and outcomes that would require the usage of Mirth for anyone to have "Mirth" Certified.

A EHR, HIE, solution that is seeking MU 2 Certification that is using Mirth Connect as a part of the products implementation only needs to proof that the product meets the requirements of MU 2 Certification.

Your question would imply that SQL Server, Visual Studio, the JRE, or any other tools that you would build a EHR or HIE solution would also need to be Certified.

The question is do you implement the requirements relative to the section that you are certifying, i.e security.

Thanks,
Ron
Reply With Quote
  #3  
Old 05-04-2013, 09:08 AM
wit-man wit-man is offline
OBX.2 Kenobi
 
Join Date: Apr 2012
Posts: 76
wit-man is on a distinguished road
Default

Thanks for the response. I am not sure I fully understand all of your response but I will try to answer the best I can and as I stated, this comes directly from legal council.

We do not have Mirth Connect built into any of our EHRs. It is a completely separate, standalone installation from our EHRs. If all it did was pass the data along, there wouldn't be an issue and if you have Mirth built into a certified EHR, you should be fine. However, we do some manipulation of the data for specific destinations and that is where the issue lies. We have been told by our attorneys that if a standalone interface engine manipulates the data coming from an EHR, it must be certified as well.

So your comparison to using SQL Server, Visual Studio, etc., to Mirth in the building process is not the same. Mirth was never built into any of our systems that were certified. If an EHR is using SQL Server as the database, and it gets certified, the product as whole is certified.

You'll also note if you look at other popular interface engines (not going to name them because I am not trying to advertise for them), that they list themselves as meaningful use certified. Believe me, I would much rather stay with Mirth. We have been using it successfully for over 3 years and I really don't want to do a replacement right now but we may be forced to do this.
Reply With Quote
  #4  
Old 05-04-2013, 11:19 AM
rwilson@ClaimTrak.com rwilson@ClaimTrak.com is offline
OBX.2 Kenobi
 
Join Date: May 2012
Posts: 74
rwilson@ClaimTrak.com is on a distinguished road
Default

I would be interesting to understand what rule Mirth would need to be certified under?
Reply With Quote
  #5  
Old 05-04-2013, 12:00 PM
wit-man wit-man is offline
OBX.2 Kenobi
 
Join Date: Apr 2012
Posts: 76
wit-man is on a distinguished road
Default

I am not sure of a specific rule and I am not an attorney (***Disclaimer Alert***) - I can only go based upon what our attorneys have told us.

I was going to list a specific engine but this is the first thing that popped up when i searched google:

http://www.corepointhealth.com/onc-certified

I saw this on that page:

"Drummond Group’s ONC-ACB certification program certifies that EHRs, and software that interacts with EHRs,meet the Meaningful Use criteria for either eligible provider or hospital technology. In turn, healthcare providers using the products of certified vendors are qualified to receive federal stimulus monies upon demonstrating meaningful use of the technology – a key component of the federal government’s push to improve clinical care delivery through the adoption and effective use of EHRs by U.S. healthcare providers. - See more at: http://www.corepointhealth.com/onc-certified#sthash.9zG87E3Y.dpuf"

So I am guessing somewhere, something states that if software interacts with an EHR, it must also be certified. This makes sense to me because if a hospital were to self-certify, they have to certify all of modules that made up their EHR and this would be considered a "module"? Don't know.
Reply With Quote
  #6  
Old 05-04-2013, 12:11 PM
rwilson@ClaimTrak.com rwilson@ClaimTrak.com is offline
OBX.2 Kenobi
 
Join Date: May 2012
Posts: 74
rwilson@ClaimTrak.com is on a distinguished road
Default

You and your lawyer should do you homework on what ONC Certification is about. Until you go through it and or have a clue about what it entails you may be spending a bunch of money for no reason.

ONC Certification has nothing to do with the underlying technologies behind the scenes of and EHR or IHE. To the extent that the product is certified. A security audit may yield differing results but again that is based upon you and your implementation not the product you use. Just as you can install SQL Server and expose the server to the public network with Anonymous access it is on you to know that you are doing that and that YOU are exposing the data, not SQL Server, the SAME goes for Mirth.

The only rule that stipulates anything related to data integrity is related to transmission of data and again that is based upon your implementation of the data. If you implement to the specification then you should be passing a hash of the data that is transmitted and you should be validating that on the receiving end. Our you must be connecting in some form that ensures the integrity of the data, SSL, VPN.

There is nothing in the MU 2 certification that has a subset of certification for products used in the Certification of EHR software. This is a marketing ploy. Or a Lawyer that is just in CYA mode and not doing their job.
Reply With Quote
  #7  
Old 05-04-2013, 03:02 PM
wit-man wit-man is offline
OBX.2 Kenobi
 
Join Date: Apr 2012
Posts: 76
wit-man is on a distinguished road
Default

Are you an attorney? Someone qualified to provide legal advice? If not, then I must take his advice.

Since you obviously just want to insult me, thanks, but I don't need that type of "contribution". I am simply asking for advice on self-certification or alternatives, which you apparently don't want to provide.

Anyone else that has experience with self-certification, please comment. Thanks.
Reply With Quote
  #8  
Old 05-04-2013, 03:24 PM
rwilson@ClaimTrak.com rwilson@ClaimTrak.com is offline
OBX.2 Kenobi
 
Join Date: May 2012
Posts: 74
rwilson@ClaimTrak.com is on a distinguished road
Default

I was not trying to insult you but I have been through it and am currently preparing to go through it a second time.

Below are links to the scripts for the process. You may want to forward them to your Lawyer. I would love to hear what section would require that Mirth needs to be Certified exclusive of a overall solution that is Certified.

https://www.cchit.org/certification

You may have to register.

http://healthcare.nist.gov/use_testing/index.html

Anyway, this has been a common narrative of late with some vendors around the country. They are not able to market thier products on the merits so they resort to things like this and statements like "Direct Compliant" if you are not Direct Compliant it won't work!!

Good luck with your new product.
Reply With Quote
  #9  
Old 05-04-2013, 05:28 PM
wit-man wit-man is offline
OBX.2 Kenobi
 
Join Date: Apr 2012
Posts: 76
wit-man is on a distinguished road
Default

Sorry if I was a bit snippy. I didn't mean to be, especially since you were good enough to take time to comment. I am just getting extremely frustrated with the whole process and can't seem to get a straight answer. I look at one website - it says my engine must be certified. I look at another one, it says it doesn't have to be.

We have consulted attorneys. I have emailed vendors asking what the requirements are and for documentation. I have emailed the government asking and got no response.

Short of the HHS Secretary sending a certified letter, I just don't know what to believe. So for right now, when I am asked by our Administration, I am telling them to prepare to move to a different interface engine. I am going to continue looking into it but it aggravates me because it is yet one more that our IT department (like everyone else) has to deal with and we are already overloaded as it is.

I am asking for a specific rule that it applies to but have no idea if or when I will get answer. If I do, I'll post it.
Reply With Quote
  #10  
Old 05-06-2013, 06:05 AM
ironbridge ironbridge is offline
OBX.1 Kenobi
 
Join Date: Jul 2011
Location: Pittsburgh, Pa
Posts: 33
ironbridge is on a distinguished road
Default

Wit-man..Are you a vendor certifying your product or a provider attesting for MU?

If you are a provider, in what context are you using Mirth with your Certified EHR to attest?

I have also successfully complete Stage I certification as a vendor using Mirth for many of the interoperability requirements. I'm not a lawyer either, but as rwilson stated, this line of thinking would require that all underlying technologies like your database engines, application servers, etc would require certification. In my opinion, this is not the intent of the rule.

On the vendor side, you need to state if you used any other products for your certification. For example, you use Microsoft Excel to or Business Object to produce reports. The vendors are required to state when they receive their certification. I believe Mirth would be in the same category.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 07:25 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Mirth Corporation