Another CCHIT Question

openemrhq wrote on Saturday, April 11, 2009:

Hello Everyone,

Like many of you, it is in our best interests to get OpenEMR CCHIT certified in order to allow it to be competitive in the disbursement of stimulus funds.  We’re looking at several ways to achieve this (mostly on the fund raising side) but came across an interesting discussion that I’m curious about.

During the FOSS/CCHIT discussion at HIMMS this year, Fred Trotter mentioned what I call the 'right of the certifier". To explain it as I understand it, let’s say that our company, OpenEMR HQ, went through all the process and got OpenEMR certified. If I understood what Fred was saying, ONLY we would have the benefit of such certification.  The original project wouldn’t.  Am I correct in my understanding and, if so, why is this and how could it be fixed?

I’m suspecting that the issue probably has to do with the codebase. If OpenEMR HQ modified OpenEMR to meet CCHIT requirements our “version” would be certified and, since the “official” version here on Sourcefourge might contain none of those modifications, it would not be certified.  Is that correct?

If it is correct, could that issue be addressed by simply merging the CCHIT and on-site versions of the code, thereby using the exact same code or am I missing something here?

Thanks!
David Kennerson
OpenEMR HQ, Inc.

tmccormi wrote on Saturday, April 11, 2009:

That is my understanding as well. Which is why we need to do this through the OSMS organization and keep a "rigidly" controlled CCHIT cerified version of the OpenEMR system alongside the other versions that can have ad-hoc enhancements.

A very clear understanding of what the word Version means to the CCHIT is required.  For example. 

Is Version 3.0.1 different in their eyes than Version 3.0.2 which would be minor bug fixes, …or… do they draw the line at Version 3.0 versus 3.1 for a minor enhancement release…?

It would be even better if it was at the major Release # level.

All of that will require a serious focus on release management.

–Tony

drbowen wrote on Monday, April 13, 2009:

The real problem is that CCHIT was created by proprietary organizations to "certify" proprietary software.  They think in terms of proprietary solutions clearly do not understand how Open Source operates.  All of there efforts to force a round peg into a square hole simply damages the Open Source project trying to achieve certification.

There are several hurdles that need administrative action from the Congressional level.

1) The cost of certification is prohibitive.

Only the top 6% of proprietary EHR/EMR companies have the resources to get certified at this time.  While the certification fee for an ambulatory EHR through CCHIT is only $29,000 with a $6,000 first year maintenance fee (then $6,000 dollars per year after that) the real, average cost of certification runs $200,000.  This is primarily because of the software changes and time involved necessary to achieve certification.Open Source projects by the nature of being open source are generally loose collections of developers with a common interest.   Most open source projects have a legal structure.  Most of the open source projects that do have a legal structure are organized as tax-exempt 501(c)(3) not-for-profits .   None of the these projects have the resource to come up with $200,000 to jump the hurdle of certification.  Even the $6,000 annual maintenance fee is a prohibitively large drag on the performance of open source projects.

Recommendation:  Have a sliding fee scheduled based on the revenues of the company. Very large companies like Allscripts, Henry Schein Medical Systems, McKesson Provider Technologies, NextGen Healthcare Information Systems, Inc., can afford much larger fees.  The 94 percent of EHR/EMR companies that have much smaller revenues should have a lower fee for certification and maintenance.  Open Source Companies with zero revenues depending on public donations and grants to survive should be able to be certified for free.  CCHIT needs to bear in mind that much larger cost to all of these companies is making the modifications necessary to pass certification.

2) Open Source Companies are different

Open Source organizations are by their nature different from proprietary companies.  Open Source uses a process of Total Quality Improvement.  The developers are continuously taking in recommendations from users, physicians and practitioners, and modifying the program in a myriad of small steps.  The larger group that is developing the software the more true this is.   This is one one of the major advantages of open source development.  Bugs are continuously being discovered and fixed.  New ideas of physician-users are incorporated to make the programs function better and more efficiently.   Version numbers are useful milestones that we use to say "this is what was accomplished in the last 6-12 months".   The end result is a high quality, bug free software which is developed entirely off of donated time and donated software.  We get the software for free and we give it away for free,  because we want to benefit mankind.

The idea that a only a specific version with an exact subversion can be licensed is very counter productive to the Open Source process.  This forces our main testers, actively practicing physicians, to use a "non-certified" thereby subjecting these physicians to monetary and potentially legal penalties.  This would effectively cut off our most important testers.

The intellectual property rights are mostly owned by OSMS a not-for-profit North Carolina company or ownership has been retained by the individual developer.  Our project has been hijacked before and the developers who have around awhile remember this with some bitterness.  The former maintainer insisted that the developers turn the intellectual property rights to that company.  He then turned around and sold his rights to the software to a third party without the permission of the developers.   This caused a fork that uses the name "openEMR" and causes confusion to this day.  The current developers retain ownership of the software that they developed.  They have the right to change the licensing on the software at any time.   If a for-profit company certifies the existing software in the manner described above I am pretty sure it would not be well received in this group.

The OpenEMR users group, developers and the Board of Open Source Medical Software have made this project as open as possible.   Our meetings are open to anyone.  Our minutes are published in the open.  We argue in the open.  We air dirty laundry in the open.

President Obama in his campaign speeches says he wants to use Open Source Software.  The Economic Recovery an Stimulus Act of 2009 has specific language requiring HHS to look for Open Source Software Solutions.  Every action by CMS seeking to require the use of "Certified" software almost guarantees that they use "Certified Proprietary Most Expensive Software".  The reason CMS wants this so badly is to be able to remotely audit physician charts and Medicare/Medicaid medical records remotely in order to reduce their costs.  This is to facilitate the "Recovery of physician overpayments" for amounts to inadequately documented care.  The CMS has already set up five Regional Recovery Center and hired firms to start conducting these audits to "Recover" fees from physicians.

President Obama, HHS and CMS say “they understand and want Open Source”.  But “they” just don’t get it.   “They” have allowed proprietary companies set up a proprietary commision to use proprietary rules to force the use of “Certified Proprietary Most Expensive Software”.  The Economic Recovery an Stimulus Act of 2009  then allows $9 Billion in tax incentives for medical practices to but this most expensive software.   This includes allowing the physicain testers thatt we depend on so heavily to use non-certified “beta versions” of our software.  The Open Source development method provides high quality, bug free software for  very low development cost and results in a very large benefit to cost ratio.  The potential benefit to our society is huge.

Recommendation:

We should push CMS, our Congress and CCHIT to allow the Open Source way of doing things.   We do this because we believe in "Ubuntu".  We give of our time to benefit others because it is right to do so.  That is why were are here and why we have put in so much work to this project.

Sam Bowen, MD
President
Open Source Medical Software

mbrody wrote on Monday, April 13, 2009:

I have sent the ‘version’ management question to CCHIT and am expecting a response shortly.

I agree the codebase for the CCHIT version would have to be ‘tightly controlled’  and that we would need to create a seperate download for the ‘Certified’ version of OpenEMR.

CCHIT is committee run and approximately 40% of committee members are from ‘for profit’ software vendors.  As much as the leadershop of CCHIT may want to be able to address our needs.   CCHIT is very strongly structured around the needs of Propriatary Software Vendors. 

As far as pushing Congress, there is already a mechanism in place.  HHS can ‘certify’ organizations to provide Certification.   Therefore the appropriate response by congress will be that we should apply to HHS to be a certification body.  That way Cogress will be able to address this issue while doing nothing.  To expect anything else is not realistic.

I think that we will need to meet in July in Houston and come together with other OpenSource EHR projects to form our own certification body.  It should be structured to provide Certification,  for any HIT project not just FOSS.  That way we could get support from small vendors who are also have issues with CCHIT and the costs involved.

If we develop a certification body we want it to be inclusive, and take into account the needs of commercial vendors.

I strongly believe that in a few years CCHIT will set the certification standards and other organizations will test for those standards. 

In order to earn FULL benefits for implementing CERTIFIED EHR, we need to have ‘meaningful use’ of EHR by 2012.  Remember HHS has not yet defined ‘meaningful use’  and the standards for this have not yet been published. 

The standards will not be flexible, they are intended to foster interoperability.  We will not be able to negotiate those from the outside, only from the inside by having people who support OSS in the process at both HITSP and CCHIT.   That is why I volunteered to sit on HITSP committees, and have become active in many organizations in this process.  The process is currently dominated by Industry Vendors, Insurance Companies, and Large Medical Organizations.  There is little to no representation for the ‘little guy’.  Just today I got into a disagreement on how laboratory results are to be put in ‘global repositories’  Where I said the labs should be responsible for that, and a rep from the lab company wants the EHR of the ordering physician to do that.  He was quite adamant and we agreed to disagree and the discussion was ‘tabled’ for now because that standard is not scheduled to be published until 2010 or 2011.

We need to become a part of the process to protect our interests, while developing a certification authority that is less costly than CCHIT.

I look forward to produtive discussions about this in Houston in early August.

Michael