Quandary Peak is among the nation’s leading expert consultant firms assisting both private industry and the federal government in complex matters related to compliance with ONC, CMS, and HHS regulations covering digital health.

We help private companies – including EHRs, digital health vendors, and all newly-defined “actors” under the Cures Act – communicate with regulators and government agencies, including assistance with responding to Civil Investigation Demands (CIDs) and false claims or fraud allegations related to ONC Certified Health IT testing, attestations and Meaningful Use payments.

We specialize in confidential regulatory matters, working on behalf of Health IT and EHR vendors, often through legal counsel. Contact us today regarding a confidential consultation.

EHR Software Quality and Patient Safety Oversight

Quandary Peak is the nation’s leading expert firm in 3rd party quality and patient safety oversight for Health IT software vendors under Corporate Integrity Agreements (CIAs), serving the past 4 years as the designated 3rd party Software Quality Oversight Organization (SQOO) for eClinicalWorks, LLC under their Corporate Integrity Agreement with HHS-OIG. We also work directly for health IT vendors under CIAs as expert software quality, compliance and patient safety consultants.

In addition, Quandary Peak provides IV&V (Independent Verification and Validation) and ICE (Independent Consultative Expert) services related to Health IT software.

Quandary Peak serves all participants in the Health IT ecosystem, from software vendors, to the federal government, as well as providers, patients, insurers, non-profits, and research institutions.

What We Do:
  • Assist Health IT vendors in responding to legal or regulatory inquiries regarding Health IT regulations.
  • Assist Health IT companies, including compliance officers, patient safety officers, CMOs, CTOs, QA directors and others build out patient safety and compliance programs.
  • Review source code, databases, logs, and other artifacts to assess historic compliance with federal regulations for Certified Health IT.
  • Serve as monitors or quality oversight organization under CIAs or other probationary conditions.
  • Perform IV&V services for government and Health IT contracts.
  • Help companies meet new Information Blocking and CMS Patient Access regulations.
  • Assist in qui tam proceedings.

What We Know:
  • ONC-ACB Testing, Surveillance and Attestation procedures, including new Conditions & Maintenance of Certification and Real World Testing Plans.
  • CEHRT program requirements, including RxNorm, SNOMED, NCPDP, CCDA and FHIR requirements.
  • Software safety and quality management standards, including medical device safety and SDLC standards, ISO 14971, ISO 62304 and ISO 13485.
  • Auditing standards, including standards for objectivity, independence and lack of bias in auditing.
  • Safety-Based Design and Health IT Safety and Compliance Program Mgmt.
  • RCA and CAPA processes for quality improvement.
  • HIPAA, cybersecurity and audit log requirements and best practices.


Speak with an Expert Today