Healthcare Informatics: There remains a great deal of confusion around the vendor certification and attestation issue right now.David Muntz: Yes. The thing that I see is that there is still grave confusion in the marketplace. And the thing that concerns me the most, and I’ve expressed this in a variety of forums, is that when you make a mistake in some contexts, such as Medicare billing, it’s considered fraud. So I’m pushing for clarification so that well-intentioned people can do the right thing. And when they set up the ATCBs, the temporary certification bodies—they described the process for repeal. And even in the HIPAA regulations, they talk about the difference between negligence, willful intent, and mistakes. So absence guidance in this area, I’m very concerned, particularly for hospitals that don’t have the staff we do, or physicians, who have no staffs, and their potentially making mistakes, which might be called fraud.So what we’re doing at CHIME is putting together a set of questions to send to ONC, very soon. And one of the questions we’ve raised is for a clarification on vendors. And here’s the example we used: you buy a complete, certified EHR from vendor A; but you don’t install their ED system. You buy an ED system from vendor B, and install it, a certified EHR module. And you use those in combination, do you have to do self-certification? My answer would be, no, we shouldn’t have to; otherwise, we’ll all have to do it. Now, Eclipsys [Baylor’s core EHR vendor] has done a modular certification of their ED system, as well as their comprehensive system. So you can do it with the ED, or without the ED. So if you only bought the Eclipsys package without the ED, and you buy someone else’s certified ED, is that then a complete system. Of course, the big challenge is, how do you handle data that you have to derive out of those diverse systems? And how do you handle interface engines, and does that affect my certification?HCI: I think people are realizing, including ONC, that this is far more complex than anyone realized. Is there anything else at that level of confusion and magnitude as an issue?Muntz: I think that’s the thorniest set of issues, but the other has to do with just the timing, as the state and federal certification processes are not in sync, as some of the states are behind.HCI: What would you advise people to do while we await clarification?Muntz: Go to your professional organizations, and read as much material as possible. The press and professional organizations are trying to put clarifications out. The problem is, how do you deal with conflicting information? So I would suggest that you read the regs first; then go to the ONC and CMS websites, because they’ve done a pretty good job of explaining the rationale and preambles, and the FAQs are very helpful. So I’d start with ONC and CMS, then go to the professional organizations, then to the press.To emphasize, it’s important to actually read the regs; and the preamble, I’ve found, is the most interesting piece of information, because it’s the explication of the thought process. And I know this is a lot of reading, but this doesn’t happen often to us. You really have a responsibility as a CIO to do that.