A.: All of the assessment criteria against which your product will be assessed are available for review prior to any commitments being required. Infoway will provide guidance to help you understand the assessment criteria and respond to any of your questions. We encourage you to submit the application package, along with the non-refundable certification fee, only once you are confident that your product complies with all of the stated criteria. 100 per cent compliance is required for certification.
A.: The standards used in the Certification Service include:
- Privacy: Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; The Canadian Standards Association's Model Code for the Protection of Personal Information (CAN-CSA-Q830-03).
- Security: Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; The International Organization for Standardization's Code of Practice for Information Security Management - ISO 17799:2005; ISO 27001 - Information Security Management Systems Requirements; ISO 27002 - Code of Practice for Information Security Management; ISO 27799:2008 - Information Security Management In Health .
- Interoperability: Health Level Seven International's - HL7v3, HL7v2, HL7 Clinical Document Architecture, Release 2, Canada Health Infoway pan-Canadian Standards and Conformance Profile Definitions for laboratory, drug, shared health record, and demographic information.
- Management: The Canadian Standards Association's Risk Management: Guideline for Decision Makers - CAN-CSA-Q850-97; The Information Systems Audit and Control Association's Control Objectives for Information and Related Technology (COBIT).
A.: The assessment consists of two parts:
- Document Review: an expert review of your self-assessment, attestation and supporting documentation.
- Demonstration: You must use scripted test scenarios (and test data) to demonstrate your product to the assessment team in a non-production environment. This is typically done via a web conference.
A.: Yes. Fees are applicable for certification, recertification and reassessment. Fees are dependent on the technology class that is being certified.
A.: Names of products and/or vendors are not published or otherwise made available by Infoway at any time during the process. The Infoway assessment team is bound by strict non-disclosure agreements. In the case of pre-implementation certification for electronic medical records (EMR), vendors whose product is eligible for physician office system funding should anticipate that an application for certification will be shared with necessary jurisdiction representatives. Once a product has been certified, it is listed on Infoway's website.
A.: You may make changes to address the non-conformant areas and re-initiate the process. You are also entitled to challenge the decision, which will initiate a formal review.
A.: All certified products receive a certification mark which bears the Infoway logo. You can use this mark in your marketing and promotional material.
A.: Certifications expire either on June 30 or December 31 of each calendar year, depending on the date certification is issued. You may apply to have your certification extended for two additional one-year terms. If your solution has been materially modified, enhanced or updated since the previous assessment, you may be required to undergo a reassessment.
A.: To maintain your certification, you are required to notify Infoway of adverse events as well as any product changes that may affect compliance against assessment criteria.
A.: Infoway's pre-implementation certification service complements other regulatory and procurement processes such as licensing by Health Canada's Medical Devices Bureau and conformance testing by the provincial and territorial physician office system programs. Infoway coordinates its certification activities with other organizations to provide a seamless process to reduce the number of times a vendor is required to demonstrate its product.
For more information about Certification Services, please contact Infoway Certification Services.