Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Standards for Health IT: Meaningful Use and Beyond

 Chairman Wu, Ranking Member Smith, and Members of the Subcommittee, I am Kamie Roberts, Associate Director of the Information Technology Laboratory at the Department of Commerce’s National Institute of Standards and Technology (NIST). Thank you for the opportunity to appear before you today to discuss our role in standards for health information technology (IT).

NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

NIST accelerates the development and deployment of information and communication systems that are reliable, usable, interoperable, and secure; advances measurement science through innovations in mathematics, statistics, and computer science; and conducts research to develop the measurements and standards infrastructure for emerging information technologies and applications.

As health IT has become a top priority around the nation, it is clear that standards and interoperability are key to the fulfillment of the goals of health IT:

  • higher quality and more efficient care;
  • seamless, secure, and private movement of data between healthcare providers without compromise or loss of information;
  • access to medical histories (including diagnoses, diagnostic tests, laboratory tests, and medication lists) at the point of care and in emergency settings;
  • fewer errors and redundant tests;
  • more efficient and effective reporting, including surveillance and quality monitoring; and
  • quick detection of adverse drug reactions and epidemics.

NIST has been successful in applying emerging IT standards in many national priority domains and leveraging collaborations with industry and other federal efforts; health IT is no exception. NIST has been collaborating with industry and others to improve the healthcare information infrastructure since the 1990s. Our IT researchers have an internationally respected reputation for their knowledge, experience, and leadership. As in all NIST endeavors, we are highly recognized and respected for our neutrality. Since 2005, NIST has worked closely with the Department of Health and Human Services’ Office of the National Coordinator for Health IT (HHS/ONC). The role of NIST was further articulated in the 2008‐2012 Federal Health IT strategic plan and the American Recovery and Reinvestment Act (ARRA) to:

Advance healthcare information enterprise integration through standards and testing

  • Consult on updating the Federal Health IT Strategic Plan
  • Consult on voluntary certification programs
  • Consult on health IT implementation
  • Provide pilot testing of standards and implementation specifications, as requested.

The health IT standards development effort is strengthened by the robust, open process in which private‐public sector collaborations are addressing the end goal of interoperable electronic health records and health IT systems, where the various partners participate according to their strengths. At the same time, with health IT as a national priority, many standards development organizations are working to provide the standards‐based solutions needed, which can sometimes lead to overlapping or redundant standards. A further challenge is the need to accelerate standards to track the fast pace of technology advances. NIST recognizes this need and through close collaborations with the health IT community, priority areas are being identified and early use of testing is helping to accelerate the development of complete, unambiguous standards.

NIST Role in Health IT Standards

To accelerate health IT standards, NIST is providing technical expertise and leveraging industry‐led, consensus‐based standards development and harmonization efforts. NIST plays a critical role by participating early in the development process and by helping ensure that the requisite infrastructural standards (such as clinical information exchange, security, and usability) are complete and unambiguous. For example, NIST is collaborating with organizations including, Health Level Seven (HL7), IEEE, International Organization for Standardization (ISO), and Integrating the Healthcare Enterprise, to refine current standards and develop standards that are needed in the future, such as standards for the next stages of meaningful use criteria (in 2013 and 2015). NIST is also engaged with other Federal agencies that have responsibility for health IT standards.

NIST testing activities, including developing test tools and associated testing infrastructure, reduce the cost to develop health IT systems by providing developers with an innovative, flexible and virtual testbed to confirm that their systems can exchange clinical information with other systems. In addition, it is important that vendors test their implementation of standards‐based health systems; without testing it is impossible to know if a standard is implemented correctly.

As a further extension of the NIST testing activities, NIST, in collaboration with HHS/ONC, is helping develop a program for the voluntary certification of health IT systems as being in compliance with applicable certification criteria to meet meaningful use, that is, performing specifically defined functions. This effort is two pronged: (1) develop the test procedures necessary to certify the systems, and (2) define the process by which testing organizations will be authorized to test and certify the Electronic Health Record (EHR) systems. To address the first prong, NIST published, in August 2010, a set of HHS/ONC‐approved procedures for testing EHR systems. During the development of these test procedures, NIST collaborated with HHS/ONC to ensure that the relevant standards and certification criteria were consistent and effectively represented within the test procedures. The approved NIST‐developed test procedures evaluate components of EHR systems such as their encryption, how they plot and display growth charts, and how they control access so that only authorized users can retrieve information.

Under the voluntary health IT certification program, testing organizations authorized by HHS/ONC will use the NIST test procedures to evaluate EHR software and systems so doctor's offices, hospitals and other healthcare providers have confidence in the systems they purchase. As defined in ARRA, the Federal government will provide Medicare and Medicaid incentive payments to healthcare providers who meaningfully use EHR systems which meet HHS/ONC certification standards and criteria.

In addition, NIST is advising HHS/ONC on the process by which testing organizations will be authorized to test and certify the EHR systems. This includes advising on all aspects of developing the temporary and permanent certification programs and collaborating with HHS/ONC during the implementation and operational phases of the certification programs. In addition, HHS/ONC has stated its intention to use NIST’s National Voluntary Laboratory Accreditation Program (NVLAP) to perform the accreditation of testing laboratories under the permanent certification program.

Standards Priorities

Working in collaboration with relevant standards development organizations, Federal agencies, professional societies, and industry, NIST provides technical expertise to enable the acceleration of industry‐led, consensus‐based standards development and harmonization to help ensure a complete, unambiguous set of health IT standards for clinical information exchange functions such as finding patients, discovering patient information, retrieving patient information, sending patient information, and allowing information to be sent, such as lab test results. Current priority areas include security standards, usability standards, and medical device and terminology standards. NIST also advances other high priority health IT standards as appropriate.


To help safeguard health information, NIST is developing a harmonized set of security principles and guidelines for use in emerging secure health information exchanges. NIST developed a systematic approach that organizations can use to design the technical security architecture necessary for the secure exchange of health information. This approach applies common government and commercial practices to the health information exchange domain. Utilizing this approach will assist organizations in ensuring protection of health data is addressed throughout the system development life cycle, and that organizations apply these protection mechanisms in technologies to enable the exchange of health information. Other key activities in health IT security include:

  • Using security automation specifications, NIST is working with HHS’s Office of Civil Rights to develop baseline security configuration checklists and toolkits that will help implement and assess the effectiveness of technical and non‐technical safeguards in the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
  • Conducting outreach and awareness on security challenges, threats, and safeguards including presentations at industry conferences, workshops, Federal Advisory Committee meetings, and other Federal agencies on the application of security standards and guidelines to support health IT implementations.


Usability is a critical factor in health IT systems and must be considered in future meaningful use criteria. Usability enables health IT systems that are safe, effective, and efficient. Building upon our foundational work in usability, NIST is performing cutting‐ edge research for usability standards within the healthcare domain. NIST is collaborating closely with industry, academia, and other government agencies, including HHS/ONC, , the Agency for Healthcare Research and Quality (AHRQ), the Food and Drug Administration (FDA), and the National Institutes of Health (NIH) to provide guidance in the development of health IT usability standards and measurements. To pursue these goals, in November 2009, NIST released a usability roadmap, designed to deliver specific, objective health IT usability standards and define rigorous testing methods to assess compliance. This summer, to further refine the roadmap, NIST co‐sponsored a health IT usability workshop with HHS/ONC and AHRQ to prioritize, align, and coordinate short, medium, and long‐term strategies to improve usability of EHR systems. To help carry out the work defined in the roadmap, a public‐private multi‐year program of research will develop a principled framework for measuring the usability of health IT systems, resulting in established usability and accessibility standards for systems to prevent critical errors and promote effective and efficient use by all end users (doctors, nurses, administrators, patients, and others). Closely related to usability, accessibility, if implemented in a well‐defined way, has the potential to remove the barriers to using health IT systems for the 20% of our population who experience some form of disability. Promoting the use of accessibility standards on a voluntary basis will achieve a nationwide impact that is truly “welcoming” to all people.

Medical Device Interoperability Standards

Medical devices have the ability to communicate with many other devices of various makes, models, and modalities. Acute point‐of‐care settings, such as a patient's bedside, require each class of medical device to use the same terminology to seamlessly and reliably communicate physiological data. As EHR systems are adopted, it is important that data from medical devices be easily and fully integrated into a patient’s EHR. NIST researchers are collaborating with medical device and EHR experts to develop point of care medical device and EHR standards that meet this need.

In addition, terminology standards are an important area of focus needed to facilitate device interoperability. Terminology standards provide the necessary means to enable interoperability of data. For example, different device manufacturers sometimes utilize different terminology within their devices. Based on this, interoperability between these devices or between a device and an EHR is impossible. NIST, in collaboration with ISO and IEEE, developed a system to enhance medical device interoperability through standard terminology mapping; this system is being used across the health IT enterprise.

Beyond Meaningful Use

NIST is actively engaged with private industry, academia, and other Federal agencies, including those in the Networking and Information Technology Research and Development (NITRD) community, in coordination of longer‐term health IT standards development, research, and outreach activities. For example:

  • There is an ever‐growing need to provide remote and home healthcare for aging, underserved (e.g., rural), and chronically ill populations, which can be facilitated by leveraging existing and emerging health IT standards and testing. Telemedicine includes capabilities where wellness checkups and monitoring, diagnoses, and treatment can occur any place and any time.
  • Pervasive healthcare explores the use of emerging technologies such as body sensors, implants, and medical equipment for routine monitoring of chronic conditions. Current research includes analyzing the impact of interference from such devices and exploring the potential of applying energy from human movement to power the devices.
  • Standards and guidelines are required so that medical records can be retrieved regardless of the format and medium in which they were first created or stored. This preservation will allow doctors to create the medical records of children today, and enable access to those same medical records when those children are adults.
  • Standards and terminologies need to be extended to accommodate changing technologies and advances in biomedical knowledge.
  • Information needs to be retrieved from notes in EHRs where data is not formatted or structured. EHR systems contain a wealth of information in the notes on a patient’s history, symptoms, reactions, etc. Research into the retrieval and analysis of this textual information based on specific search criteria will enable use of key data by the practitioner.
  • Advances are needed in image quality for healthcare applications to help ensure, for example, that the colors viewed on a digital image by a medical practitioner are representative of the actual colors when viewed in person.

NIST activities and collaboration in areas such as these will ensure that future technologies can be integrated into the nationwide healthcare infrastructure. NIST’s pilot projects and/or programs doing basic research in these emerging technologies have potential for immediate and big impact applications in healthcare. Using NIST core competencies to expand research in these areas is in direct support of the goals of health IT.

NIST has a diverse portfolio of activities supporting our nation’s health IT effort. With NIST’s extensive experience and broad array of expertise both in its laboratories and in successful collaborations with the private sector and other government agencies, NIST is actively pursuing the standards and measurement research necessary to achieving the goal of improving healthcare delivery through information technology.

Thank you for the opportunity to testify today on NIST’s activities in health IT. I would be happy to answer any questions that you may have.

Created December 13, 2016, Updated April 9, 2019