However, there may be a case where compliance cannot be achieved for a variety of reasons.
Cal Poly Information Technology Responsible Use PolicyĪll information technology resources connected to the university network are expected to comply with campus information technology security policies and standards which are designed to establish the controls necessary to protect university information assets.Ī control deficiency in one business process or IT resource can jeopardize other processes or resources because erroneous data may be inherited, privacy can be compromised or because a conduit for an intrusion into Cal Poly systems may be created. Cal Poly Information Security Program (ISP). If neither step successfully addresses the concerns, customers and users of c ertified h ealth IT can submit a complaint directly to ONC through the Health IT Feedback and Inquiry Portal.Provides a method for documenting an exception to compliance with established information technology and information security policies, standards, and practices Related Policy: The appropriate ONC-ACB and its contact information can be found under the c ertified h ealth IT product’s listing on the CHPL. If efforts between a user and the Certified Health IT Developer fail to resolve the concern, the ONC-ACB that certified the health IT may be able to provide further assistance. As a first step, ONC urges users to work directly with the Certified Health IT Developer to resolve any issues, as this will likely be the quickest and most efficient means of having concerns recognized, addressed, and resolved. If there are concerns regarding compliance with Certification Program requirements, there is a complaint process to reach an appropriate resolution. ONC and ONC-ACBs will work with Certified Health IT Developers to remedy any non-conformities in a timely manner and across all customers. The goal of ONC-ACB surveillance and Direct Review is to help developers identify and address non-compliance to Conditions and Maintenance of Certification requirements and non-conformities in certified health IT that providers use to support patient care. Certified Health IT Developer ResponsibilitiesĬertified Health IT Developers have a responsibility to cooperate with ONC-ACB surveillance and ONC Direct Review. ONC’s Direct Review process complements ONC-ACB surveillance and is aimed at promoting developer accountability for the performance, reliability, and safety of health IT. ONC may also initiate Direct Review if it has a reasonable belief that a Certified Health IT Developer has not complied with a Condition or Maintenance of Certification requirement.
In certain situations where a Certified Health IT Module has a potential or known non-conformity (i.e., does not meet the Certification Program requirements) that may present a serious risk to public health or safety or may pose special challenges for ONC-ACBs’ surveillance, ONC may choose to directly review the product’s conformity to Certification Program requirements this process is called Direct Review. The purpose of surveillance is to ensure that certified products and capabilities meet certification requirements, not just in a controlled testing environment, but also when they are used “in the field” (for example, in a clinician’s office or a hospital).ĪN ONC-Authorized Certification Body (ONC-ACB) must conduct surveillance to determine if a Health IT Module it certified continues to function as required by its certification. Surveillance and oversight activities have a significant role in the ONC Health IT Certification Program (Certification Program) as they are critical to providing assurance that Certified Health IT Modules function as intended in a production environment and do not present safety and/or public health risks. As a requirement of certification, Certified Health IT Modules are subject to surveillance activities.