Given the stage of maturity the programs have now reached, it may be appropriate to reconsider CCA to cover end to end processes to ensure requirements are consistent across e-Health program components. Within NEHTA’s CCA team, there are subject matter experts who work across programs to enable cross checking and alignment between conformance points for different, but closely coupled, programs.
The CCA function is one that will need to be resourced on an ongoing basis to manage new versions and enhancements, both from a Healthcare Identifiers system and vendor software testing perspective. The sustainability of this process as demand and utilisation increases will need to be reviewed. There needs to be a clear definition developed of the circumstances when a vendor needs to go through a formal CCA/NOC process, and when it is appropriate for this to be devolved to the vendor to include an agreed set of tests in their own testing/Quality Assurance process prior to release. There needs to be best practice guidelines developed for vendors to clarify and guide this process.
The CCA function is currently limited to (and only resourced for) programs within NEHTA’s control, although it does also support other clinical system functions that require interaction with the HI Service (such as point to point messaging). However it is not clear who owns the responsibility for ensuring that vendors comply with CCA requirements for Secure Message Delivery.