E-Health Compliance and Conformance
Healthcare providers investing in clinical information software systems need confidence that the products they choose are able to safely and reliably operate within Australia’s eHealth network. NEHTA’s Compliance, Conformance and Accreditation (CCA) program is responsible for developing a national framework assuring that systems comply with Australian specifications and demonstrate appropriate standards of interoperability, security and clinical safety in the way they handle and exchange information
National approach
Conformity assessment schemes are being developed by NEHTA, in consultation with clinical and industry stakeholders, for each of the core elements in Australia’s eHealth infrastructure. These are similar to the assurance programs currently operating in many other countries and are used to assist system implementers and purchasers and guide the integration and safety of inter-system transactions. NEHTA is committed to standards-based assessment which reflect key principles outlined in the Industry Consensus Statement signed by leading representatives of government, the medical software industry and compliance assessment community.
Terms explained
Conformity is a new internationally recognised and standardised term (AS/NZ ISO 17000) incorporating the general concepts of compliance and conformance. Australia’s framework is underpinned by these principles of conformity assessment which describe what needs to be assessed, how and by whom.
Compliance relates to the adherence of an organisation and the eHealth systems it operates, to regulatory requirements, standards, and specifications. Compliance is evaluated by different methods depending on the technical assessment required, such as inspection or audit.
Conformance ensures software products and services accurately implement eHealth specifications and standards as determined by objective (pass/fail) testing.
Certification is an independent attestation that a software system meets the requirements of a set of assessment schemes. The result is usually signified by a certification “mark” that makes it easy for purchasers or users to recognise that the all applicable assessment has been successfully performed.
Accreditation is a special and specific form of certification, referring to the certification of conformity assessment bodies.
Conformity assessment schemes identify and assess the various types of risk that can arise when information is shared between IT systems and define the testing, inspection and audit mechanisms used to address and mitigate these risks. The schemes describe requirements for conformity ie what should be tested and how it should be tested. Testing can range from supplier self-assessment to third-party testing by accredited test laboratories depending on the level of risk in each scenario and the most cost-effective process for resolution.
Implementation
Conformity assessment is a requirement for all national implementation programs, including the Federal Government’s eHealth Lead Implementation Sites where assessment schemes and test specifications will be refined and “road tested” during the process of systems deployment.
A software developer’s experience of CCA commences as they develop product to align with national eHealth specifications and associated standards. CCA assessment schemes and conformity requirements tell developers how their products will be evaluated so these requirements can be incorporated into the initial product design. Once a system has been built, the assessment scheme defines the testing method and process the product will need to undertake in order to prove conformity. Generally this involves testing or inspection by conformity assessment bodies accredited for this task according to the assessment scheme. Products that successfully pass these tests will be entitled for recognition and listing in the Australian eHealth Register of Conformity.
NEHTA’s approach to conformity assessment is based on international and Australian standards including the ISO/IEC 17000 series for conformity assessment and other key standards such as IEC 80001 and ISO 31000, ISO/IEC 31010 series (risk management standards); ISO/IEC 27001 and ISO 27799 (information security); and ISO/IEC 20000 (IT service management).
Test Interest Group
Conformance test specifications, test software and other items supporting conformity assessment are available from the Test Interest Group on the eHealth Collaborate portal. The Test Interest Group is used to publish items of interest to eHealth developers and testers that have not yet been made available on a public website. Items published to the group are available by subscription so that members can be notified of any changes to the material.
To register for access the Test Interest Group contact NEHTA at This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Future certification option
Formal certification of eHealth software is being investigated as a possible extension to the developing conformity assessment program. The technical and regulatory issues involved are described in the National eHealth Certification Capability Discussion Paper.
Contact
For more information email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
| Documents | Details | Published Date | Hits |
 Software Conformance Reqs for Use of HI v1.4 | | 15/08/2011 | 482 |
| HI conformance assessment scheme v3.0 | | 15/08/2011 | 382 |
| National E-Health Certification Capability Discussion Paper | | 30/04/2010 | 2245 |
| CCA Consensus Statement | | 04/12/2009 | 2182 |
| Documents | Details | Published Date | Hits |
| SMD roadmap v2 | | 22/10/2010 | 1388 |
| HI roadmap v6 | | 22/10/2010 | 1174 |
| CCA Assessment Concept of Operations December 2009 | | 30/04/2010 | 1637 |