The American Hospital Association (AHA) weighed in with a 16-page comment letter requesting changes and delays in the standards for certification and implementation of electronic health records published by the Office of the National Coordinator for Health Information Technology on December 30, 2009. 

In the comment letter, AHA asked ONC to

  • clarify the allocation of responsibilities of providers and IT vendors;
  • provide a lead time of one year between finalization of the certification criteria and certification of vendor systems and an additional two years between the time when certified products are available in the market and when providers nationwide are expected to implement and begin using them;
  • streamline the certification process;
  • recognize that hospitals may customize and make modifications to EHR technology that was certified by a vendor without needing additional certifications; and
  • delay  the certification criteria and standard for the accounting of disclosures at least until the updated rule for accounting of disclosures is issued by the HHS Secretary.

They also asked ONC to expressly clarify that the encryption and hashing standards contained within the IFR do not impose any obligations upon HIPAA-covered entities beyond that which is already required by the HIPAA Security Rule, and asked that the audit alerting criterion be eliminated from the final rule.