Drug Information Systems Pre-Implementation Certification

Drug Information Systems
Pre-Implementation Certification

A Drug Information System (DIS) is a component of an electronic health record (EHR) system, which supports the centralized storage and retrieval of patient medication and related information, and provides application services supporting prescribing and dispensing activities such as drug-usage evaluation.

This is one of seven offerings to vendors from Canada Health Infoway (Infoway) pre-implementation Certification Services. Health information technology vendors have the opportunity to receive certification for client registries, consumer health applications, consumer health platforms, Diagnostic Imaging (DI), Drug Information Systems (DIS), provider registries and immunization registries.

Scope

Infoway pre-implementation DIS certification is relevant to health information technology solutions for drug information services. It is expected that implementers will provide drug information services to point-of-service systems by integrating a DIS component into their EHR system.

There is an important scope qualification to the DIS Pre-Implementation Certification. It does not contain criteria which would apply to a stand-alone, complete DIS application, because some application requirements are expected to be met by other parts of the EHR infostructure. An example of such an absent criterion would be the requirement to log all access to patient data.

The DIS pre-implementation certification allows for assessment of these component applications alone, or as application-based service offerings.

Certification criteria

The pre-implementation assessment criteria include:

Generic Criteria, applying to all classes of health information technology application or service (for example, requirements having to do with privacy and security)
Functionality and Interoperability Criteria, which specifically apply to a DIS.

The criteria have been developed in consideration of a client registry being available in one of two ways:

As an application component to be integrated into an EHR system, and operated by the implementing jurisdiction; or
As an application-based service hosted by a vendor, integrated with a jurisdiction’s EHR systems.

When the criterion states: “Organizations providing applications or services must…” or “applications or services must…” then the criterion applies whether the application is hosted (ASP model) or operated by the end-user.

When the criterion states: “Organizations providing services must…” then the criterion only applies when the organization is providing an ASP model service, and the criterion applies to the organization itself, rather than the application.

The key factor, which in most cases determines the applicability of a criterion, is whether or not the organization seeking certification will become a custodian of personal information. If not, then many of the organization-related generic criteria are not applicable.

These criteria use the phrase “personal information” to mean any personal information maintained by the application or service about the subjects of health care. Therefore even basic demographic information falls into the category of “personal information” and is therefore subject to the requirements of these criteria.

The framework for the assessment criteria is shown in the table below. It consists of two classes of criteria:

Solution – Refers to the aspects of functionality, privacy, security and interoperability that need to be assessed.

Management – Refers to how the organization providing the product manages risk, data, system security, as well as third party solutions and services.

Drug Information Systems Assessment Criteria
Solution	Management
Functionality ^* Identification Data accuracy ^* A limited number of additional functional criteria may need to be added based on class requirements of each technology solution. ^** This criterion applies for consumer health solutions.	Privacy Accountability Transparency Data safeguards Identifying Purposes & Limiting Collection Limiting Use, Disclosure & Retention Compliance Consent ^**	Security User identity management Access control Data integrity Data availability Data confidentiality Logging Audit	Interoperability Dispense Prescription Medication Contraindication Allergies / Intolerances Adverse Reactions	Control Risk management Data management System security Solution accreditation Third party services

Drug Information Systems Assessment Criteria

Solution

Management

Functionality ^*

Identification

Data accuracy

^* A limited number of additional functional criteria may need to be added based on class requirements of each technology solution.

^** This criterion applies for consumer health solutions.

Privacy

Accountability

Transparency

Data safeguards

Identifying Purposes & Limiting Collection

Limiting Use, Disclosure & Retention

Compliance

Consent ^**

Security

User identity management

Access control

Data integrity

Data availability

Data confidentiality

Logging

Audit

Interoperability

Dispense

Prescription

Medication

Contraindication

Allergies / Intolerances

Adverse Reactions

Control

Risk management

Data management

System security

Solution accreditation

Third party services

Infoway offers pre-implementation certification for the following technology classes:

Get answers to Frequently Asked Questions.

Register with Infoway to receive more information about the application process for certification or stay informed of future service announcements.

Canada Health InfowayInforoute Santé du Canada