After more than a year of review and extensive stakeholder consultations, Canada Health Infoway has announced enhancements to its Certification Services with the release of the 2017 edition of privacy and security certification criteria. These harmonized requirements will reduce testing redundancy and can be adopted from coast-to-coast-to-coast. Certification provides assurance that digital health software complies with specified requirements in standards and other normative documents, which helps ensure the protection of personal health information.
The 2017 Edition builds on Infoway’s original certification requirements to increase alignment between Infoway, provincial requirements and international standards. It will be available for testing in February 2017.
Infoway’s interoperability certification requirements will continue to be offered to the marketplace enabling vendors to demonstrate their solution’s ability to meet functional specifications.
“The updated privacy and security certification criteria are a result of industry-wide input and collaboration,” explained Dennis Giokas (pictured), chief technology officer, Canada Health Infoway. “Ultimately, the new requirements were designed to better meet the needs of Canada’s digital health community and Canadians, and will help deliver real value to vendors by reducing the costs and redundancy of testing digital health software.”
Changes included in the 2017 Edition are:
Certification term – a solution certified under the 2017 Edition criteria will not expire unless a certified product changes substantially enough to warrant re-assessment or Infoway introduces a new edition of the criteria. If either scenario occurs, it may only be necessary to complete a gap assessment to maintain certification status.
Annual renewal and recertification – these processes have been eliminated.
Certification cost – remains unchanged or is lower for some product classes.
Modular approach – privacy and security certification is mandatory for every product class while certification modules, such as those for interoperability, become optional.
Updated certification mark – the 2017 edition certification mark will indicate the requirements version (e.g., 2017 Edition), product class, and optional modules as applicable.
How the 2017 Edition was created
The 2017 Edition requirements are the result of a project that was launched to address one of seven recommendations presented in the 2014 Infoway and Information Technology Association of Canada (ITAC) joint review that evaluated digital health certification services in Canada.
An analysis of Infoway’s original privacy and security certification criteria, jurisdictional requirements and international standards was conducted. Criteria enhancements were then validated through consultations with ITAC, the vendor community and jurisdictions.