No announcement yet.

Mirth Certification and Meaningful Use

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mirth Certification and Meaningful Use

    Good afternoon all,

    I have had some discussions with representatives from Mirth and they informed me that they won't be certifying Mirth for Meaningful Use. In discussions with legal council, they stated that if the interface engine manipulates your data in any way, it must be certified to meet meaningful use standards.

    So, for example, if you move or copy a value from one segment to another, that is manipulation. If you make any changes whatsoever to the original message, that is manipulation and it must be certified.

    Since MirthCorp is not going to certify this, it is left up us to self-certify or find a new interface engine. So I was wondering what everyone was doing about this. Ideas or comments would be appreciated. Thanks.

  • #2
    Under which section would you feel that Mirth would need to Certify for Meaningful use?

    I do not see any requirements in the Certification testing and outcomes that would require the usage of Mirth for anyone to have "Mirth" Certified.

    A EHR, HIE, solution that is seeking MU 2 Certification that is using Mirth Connect as a part of the products implementation only needs to proof that the product meets the requirements of MU 2 Certification.

    Your question would imply that SQL Server, Visual Studio, the JRE, or any other tools that you would build a EHR or HIE solution would also need to be Certified.

    The question is do you implement the requirements relative to the section that you are certifying, i.e security.



    • #3
      Thanks for the response. I am not sure I fully understand all of your response but I will try to answer the best I can and as I stated, this comes directly from legal council.

      We do not have Mirth Connect built into any of our EHRs. It is a completely separate, standalone installation from our EHRs. If all it did was pass the data along, there wouldn't be an issue and if you have Mirth built into a certified EHR, you should be fine. However, we do some manipulation of the data for specific destinations and that is where the issue lies. We have been told by our attorneys that if a standalone interface engine manipulates the data coming from an EHR, it must be certified as well.

      So your comparison to using SQL Server, Visual Studio, etc., to Mirth in the building process is not the same. Mirth was never built into any of our systems that were certified. If an EHR is using SQL Server as the database, and it gets certified, the product as whole is certified.

      You'll also note if you look at other popular interface engines (not going to name them because I am not trying to advertise for them), that they list themselves as meaningful use certified. Believe me, I would much rather stay with Mirth. We have been using it successfully for over 3 years and I really don't want to do a replacement right now but we may be forced to do this.


      • #4
        I would be interesting to understand what rule Mirth would need to be certified under?


        • #5
          I am not sure of a specific rule and I am not an attorney (***Disclaimer Alert***) - I can only go based upon what our attorneys have told us.

          I was going to list a specific engine but this is the first thing that popped up when i searched google:

          I saw this on that page:

          "Drummond Group’s ONC-ACB certification program certifies that EHRs, and software that interacts with EHRs,meet the Meaningful Use criteria for either eligible provider or hospital technology. In turn, healthcare providers using the products of certified vendors are qualified to receive federal stimulus monies upon demonstrating meaningful use of the technology – a key component of the federal government’s push to improve clinical care delivery through the adoption and effective use of EHRs by U.S. healthcare providers. - See more at:"

          So I am guessing somewhere, something states that if software interacts with an EHR, it must also be certified. This makes sense to me because if a hospital were to self-certify, they have to certify all of modules that made up their EHR and this would be considered a "module"? Don't know.


          • #6
            You and your lawyer should do you homework on what ONC Certification is about. Until you go through it and or have a clue about what it entails you may be spending a bunch of money for no reason.

            ONC Certification has nothing to do with the underlying technologies behind the scenes of and EHR or IHE. To the extent that the product is certified. A security audit may yield differing results but again that is based upon you and your implementation not the product you use. Just as you can install SQL Server and expose the server to the public network with Anonymous access it is on you to know that you are doing that and that YOU are exposing the data, not SQL Server, the SAME goes for Mirth.

            The only rule that stipulates anything related to data integrity is related to transmission of data and again that is based upon your implementation of the data. If you implement to the specification then you should be passing a hash of the data that is transmitted and you should be validating that on the receiving end. Our you must be connecting in some form that ensures the integrity of the data, SSL, VPN.

            There is nothing in the MU 2 certification that has a subset of certification for products used in the Certification of EHR software. This is a marketing ploy. Or a Lawyer that is just in CYA mode and not doing their job.


            • #7
              Are you an attorney? Someone qualified to provide legal advice? If not, then I must take his advice.

              Since you obviously just want to insult me, thanks, but I don't need that type of "contribution". I am simply asking for advice on self-certification or alternatives, which you apparently don't want to provide.

              Anyone else that has experience with self-certification, please comment. Thanks.


              • #8
                I was not trying to insult you but I have been through it and am currently preparing to go through it a second time.

                Below are links to the scripts for the process. You may want to forward them to your Lawyer. I would love to hear what section would require that Mirth needs to be Certified exclusive of a overall solution that is Certified.


                You may have to register.


                Anyway, this has been a common narrative of late with some vendors around the country. They are not able to market thier products on the merits so they resort to things like this and statements like "Direct Compliant" if you are not Direct Compliant it won't work!!

                Good luck with your new product.


                • #9
                  Sorry if I was a bit snippy. I didn't mean to be, especially since you were good enough to take time to comment. I am just getting extremely frustrated with the whole process and can't seem to get a straight answer. I look at one website - it says my engine must be certified. I look at another one, it says it doesn't have to be.

                  We have consulted attorneys. I have emailed vendors asking what the requirements are and for documentation. I have emailed the government asking and got no response.

                  Short of the HHS Secretary sending a certified letter, I just don't know what to believe. So for right now, when I am asked by our Administration, I am telling them to prepare to move to a different interface engine. I am going to continue looking into it but it aggravates me because it is yet one more that our IT department (like everyone else) has to deal with and we are already overloaded as it is.

                  I am asking for a specific rule that it applies to but have no idea if or when I will get answer. If I do, I'll post it.


                  • #10
                    Wit-man..Are you a vendor certifying your product or a provider attesting for MU?

                    If you are a provider, in what context are you using Mirth with your Certified EHR to attest?

                    I have also successfully complete Stage I certification as a vendor using Mirth for many of the interoperability requirements. I'm not a lawyer either, but as rwilson stated, this line of thinking would require that all underlying technologies like your database engines, application servers, etc would require certification. In my opinion, this is not the intent of the rule.

                    On the vendor side, you need to state if you used any other products for your certification. For example, you use Microsoft Excel to or Business Object to produce reports. The vendors are required to state when they receive their certification. I believe Mirth would be in the same category.


                    • #11
                      Provider attesting for MU. We are a hospital with multiple physician practices. We have two different EHRs, one for the hospital side and one for the practice side. We use Mirth independently of any of our systems and send information from our hospital EHR to the practice EHR.

                      Sometimes we have to change the message that is sent and that is where we have been told it has to be certified. If it was just passing the data along, no issue, but once you manipulate it, that additional component has to be certified. This is what we were told by our attorney.

                      Since you are a vendor and included Mirth in your certification, I believe you should be fine because it was included as a component in your certification. However, that is not our case. Our two EHR vendors never had anything to do with Mirth so it is a separate entity.


                      • #12
                        So what MU objectives will you be using mirth to attest with for both the eligible professional and eligible hospital?


                        • #13
                          Transmission of data to other entities. For example, transmission of immunization data.


                          • #14
                            wit-man, I would spend some time in the testing procedures and rules from the links that I posted.

                            Here are a few points to think about.

                            What are the changes that you are making to the messages from one system to another?
                            Do these changes affect the Results of a message or outcomes?
                            Is your usage of Mirth Connect contained within your company network?

                            There is only one case where I could see a potential issue and that would be if you are manipulating Direct Messages prior to endpoint delivery.

                            Outside of that I do not see anything in the requirements related to HL7 or CDA messaging that would preclude you from altering a message prior to final delivery that would affect the status MU Certification testing. The EHR that you have would still function as tested with the data provided.

                            There is nothing in the requirements that provides for endpoint to endpoint validation for HL7 or CDA messaging.

                            It sounds like you are using Mirth Connect of the exact purpose that the interoperability rule was intended for. You receive a message at the Hospital for lab results and you match the PCP for the patient and forward the message to the practice EHR. Neither of these actions would alter the functionality of the MU requirements at either EHR in my opinion.


                            • #15
                              We use this both to send to internal systems and external systems (health information exchange).

                              I looked at several of the destinations and as an example, in at least two of them to an HIE we move or manipulate several of the fields, including OBX and OBR fields.