Home > Custom Software Development > Healthcare Software Development > 60 EHR Certification Requirements in 2020

60 ONC's EHR Certification Requirements for the USA in 2020

Would you like to be listed in the Certified Health IT Product List (CHPL)? Do you need to get assistance in certifying your EHR software by ONC? This guide from the EHR technology developer Belitsoft International LLC would be the best place for start.

Beginning in 2019, all eligible professionals and hospitals in the USA are required to use 2015 edition certified electronic health record technology (CEHRT) to meet the requirements of the Promoting Interoperability Program (the requirements were updated in the 2019). The certified EHR technology also may help with all your MIPS reporting, but for Advancing Care Information category, it’s necessary. The Advanced Alternate Payment Models (Advanced APMs) also require use of certified EHR technology.

There are sixty 2015 Edition health IT certification criteria, which are organized into eight categories. ONC-Authorized Certification Bodies (ONC-ACBs) certify health IT products that have been successfully tested by an ONC-Authorized Testing Laboratory (ONC-ATL) to theses certification criteria.

In order to qualify for these criteria, the EHR technology developer is required to conduct their own testing and submit a form to the test lab. The following test labs have been authorized by ONC: Drummond Group; ICSA Labs; UL LLCWeb; SLI Compliance, a Division of Gaming Laboratories International, LLC.

Send us your request for information to get a quote. Contact us to know how our EHR/EMR experts could help you with EHR certification

1. Clinical Processes

Criteria 1-3. Computerized Provider Order Entry (CPOE)

The CPOE certification criterion splits into three separate categories with each criterion focused on one of three order types: medications, laboratory, and diagnostic imaging. This supports health IT developers to develop order-specific CPOE adaptations and provide more implementation flexibility.

To meet the 2015 Edition Base EHR definition, providers must possess technology that has been certified to at least one of the following: 

  • CPOE-Medication;
  • CPOE-Laboratory;
  • CPOE-Diagnostic Imaging

CPOE-Medications allows clinicians to place orders electronically for transmission to the intended recipient such as a pharmacy. CPOE for medication ordering can reduce errors related to poor handwriting or the transcription of medication orders. CPOE can also enable automated drug-drug and drug-allergy interaction checks. In addition, medication information is updated in the patient’s medical record and becomes easily available for follow-up visits.

Regulation Text

§170.315 (a)(1) Computerized provider order entry—medications

  1. Enable a user to record, change, and access medication orders.
  2. Optional. Include a “reason for order” field.

CPOE-Laboratory allows clinicians to place orders electronically for transmission to the intended recipient such as a laboratory. In using CPOE for laboratory orders, orders are incorporated with patient information, which can then be transmitted quickly to the laboratory.

Regulation Text

§170.315 (a)(2) Computerized provider order entry—laboratory— 

  1. Enable a user to record, change, and access laboratory orders.
  2. Optional. Include a “reason for order” field.

CPOE-Diagnostic Imaging allows clinicians to place orders electronically for transmission to the intended recipient such as a radiology department. In using CPOE for diagnostic imaging, orders are incorporated with patient information, which can then be transmitted quickly to the radiology department. This also enables computerized decision support to aid clinicians in choosing the best imaging to order.

Regulation Text

§170.315 (a)(3) Computerized provider order entry—diagnostic imaging—

  1. Enable a user to record, change, and access diagnostic imaging orders.
  2. Optional. Include a “reason for order” field.

Criteria 4. Drug-drug, Drug-allergy Interaction Checks for CPOE.

CPOE drug interaction capabilities gives real-time information on contraindications and/ or possible medication interactions at the time of ordering, minimizing the potential for adverse events or pharmacy call-backs. This capability can provide clinical decision support by displaying multiple types of information, including: drug-disease interactions, drug-allergy interactions, drug-frequency ranges, drug-dosage ranges, drug-drug interactions, drug-renal function dose adjustment, drug-laboratory monitoring requirements, and drug-age dosage adjustments, which can improve medication safety and effectiveness.

Regulation Text

§170.315 (a)(4) Drug-drug, drug-allergy interaction checks for CPOE—

  1. Interventions. Before a medication order is completed and acted upon during computerized provider order entry (CPOE), interventions must automatically indicate to a user drug-drug and drug-allergy contraindications based on a patient's medication list and medication allergy list.
  2. Adjustments. 
    1. Enable the severity level of interventions provided for drug-drug interaction checks to be adjusted.
    2. Limit the ability to adjust severity levels in at least one of these two ways:
      1. To a specific set of identified users.
      2. As a system administrative function.

Criteria 5. Demographics

Proper patient identification, patient safety, and efficient practice management require capturing accurate demographic information. Maintaining these data is essential for these purposes and supports population health activities. The demographic certification criterion supports the capture of patient health information with the granularity necessary to help clinicians identify opportunities for care improvement. This criterion confirms that a user can record, change, and access patient demographic data such as race and/or races, ethnicity and/or ethnicities, preferred language, sex, sexual orientation, gender identity, and date of birth.

Regulation Text

§170.315 (a)(5) Demographics

  1. Enable a user to record, change, and access patient demographic data including race, ethnicity, preferred language, sex, sexual orientation, gender identity, and date of birth.
    1. Race and ethnicity. 
      1. Enable each one of a patient's races to be recorded in accordance with, at a minimum, the standard specified in § 170.207(f)(2) and whether a patient declines to specify race.
      2. Enable each one of a patient's ethnicities to be recorded in accordance with, at a minimum, the standard specified in § 170.207(f)(2) and whether a patient declines to specify ethnicity.
      3. Aggregate each one of the patient's races and ethnicities recorded in accordance with paragraphs (a)(5)(i)(A)(1) and (2) of this section to the categories in the standard specified in § 170.207(f)(1).
    2. Preferred language. Enable preferred language to be recorded in accordance with the standard specified in § 170.207(g)(2) and whether a patient declines to specify a preferred language.
    3. Sex. Enable sex to be recorded in accordance with the standard specified in § 170.207(n)(1).
    4. Sexual orientation. Enable sexual orientation to be recorded in accordance with the standard specified in § 170.207(o)(1) and whether a patient declines to specify sexual orientation.
    5. Gender identity. Enable gender identity to be recorded in accordance with the standard specified in § 170.207(o)(2) and whether a patient declines to specify gender identity.
  2. Inpatient setting only. Enable a user to record, change, and access the preliminary cause of death and date of death in the event of mortality.

Criteria 6. Problem List

The problem list contains the patient’s current health problems, injuries, chronic conditions, and other factors that affect the overall health and well-being of the patient. The problem list may also contain other information such as when an illness or injury occurred, as well as when or if it resolved. Accurate active problem lists have been a pillar of efficient and effective primary care for years, providing a snapshot of a patient’s current health issues.

Regulation Text

§170.315 (a)(6) Problem list

Enable a user to record, change, and access a patient's active problem list:

  1. Ambulatory setting only. Over multiple encounters in accordance with, at a minimum, the version of the standard specified in §170.207(a)(4).
  2. Inpatient setting only. For the duration of an entire hospitalization in accordance with, at a minimum, the version of the standard specified in §170.207(a)(4).

Criteria 7. Medication List 

Along with an active problem list, having the electronic list of active and historical medications helps streamline visits, allows for the most efficient use of clinical staff, and makes on-call coverage safer and easier. Many practices develop a more comprehensive medication list by including over the counter drugs (OTCs), vitamins, and herbal or other types of nutritional supplements. In addition, having a current medication list for patient review at each patient visit helps patients to engage more fully with their care.

Regulation Text

§170.315 (a)(7) Medication list

Enable a user to record, change, and access a patient's active medication list as well as medication history:

  1. Ambulatory setting only. Over multiple encounters.
  2. Inpatient setting only. For the duration of an entire hospitalization.

Criteria 8. Medication Allergy List 

Maintaining a list of known medication allergies for each patient is essential for safe patient care. Having this information available electronically allows for easy review when prescribing new medications to a patient.

Regulation Text

§170.315 (a)(8) Medication allergy list

Enable a user to record, change, and access a patient's active medication allergy list as well as medication allergy history:

  1. Ambulatory setting only. Over multiple encounters.
  2. Inpatient setting only. For the duration of an entire hospitalization.

Criteria 9. Clinical Decision Support (CDS) 

Clinical decision support provides relevant knowledge and person-specific information, intelligently filtered or presented at appropriate times, to increase quality of care and enhance health outcomes. CDS can be developed for multiple users, including clinicians, staff, and patients. CDS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include contextually relevant reference information, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support including drug-disease interaction checking, alerts, and reminders, among other tools.

Regulation Text

§170.315 (a)(9) Clinical decision support (CDS)

  1. CDS intervention interaction. Interventions provided to a user must occur when a user is interacting with technology.
  2. CDS configuration.
    1. Enable interventions and reference resources specified in paragraphs (a)(9)(iii) and (iv) of this section to be configured by a limited set of identified users (e.g., system administrator) based on a user's role.
    2. Enable interventions:
      1. Based on the following data:
        1. Problem list;
        2. Medication list;
        3. Medication allergy list;
        4. At least one demographic specified in paragraph (a)(5)(i) of this section;
        5. Laboratory tests; and
        6. Vital signs.
      2. When a patient's medications, medication allergies, and problems are incorporated from a transition of care/referral summary received and pursuant to paragraph (b)(2)(iii)(D) of this section.
  3. Evidence-based decision support interventions. Enable a limited set of identified users to select (i.e., activate) electronic CDS interventions (in addition to drug-drug and drug-allergy contraindication checking) based on each one and at least one combination of the data referenced in paragraphs (a)(9)(ii)(B)(1)(i) through (vi) of this section.
  4. Linked referential CDS.
    1. Identify for a user diagnostic and therapeutic reference information in accordance at least one of the following standards and implementation specifications:
      1. The standard and implementation specifications specified in §170.204(b)(3).
      2. The standard and implementation specifications specified in §170.204(b)(4).
    2. For paragraph (a)(9)(iv)(A) of this section, technology must be able to identify for a user diagnostic or therapeutic reference information based on each one and at least one combination of the data referenced in paragraphs (a)(9)(ii)(B)(1)(i), (ii), and (iv) of this section.
  5. Source attributes. Enable a user to review the attributes as indicated for all CDS resources:
    1. For evidence-based decision support interventions under paragraph (a)(9)(iii) of this section:
      1. Bibliographic citation of the intervention (clinical research/guideline);
      2. Developer of the intervention (translation from clinical research/guideline);
      3. Funding source of the intervention development technical implementation; and
      4. Release and, if applicable, revision date(s) of the intervention or reference source.
    2. For linked referential CDS in paragraph (a)(9)(iv) of this section and drug-drug, drug-allergy interaction checks in paragraph (a)(4) of this section, the developer of the intervention, and where clinically indicated, the bibliographic citation of the intervention (clinical research/guideline).

Criteria 10. Drug-formulary and Preferred Drug List Checks 

An automated drug-formulary and preferred drug list enables a clinician to more easily and effectively identify medications approved (or preferred) to be prescribed for a patient based on the patient’s health insurance or health system/hospital policy. This can help reduce unforeseen medication costs when the patient picks up their prescriptions and inform discussions between the patient and clinician at the point of prescribing.

Regulation Text

§170.315 (a)(10) Drug-formulary and preferred drug list checks

The requirements specified in one of the following paragraphs (that is, paragraphs (a)(10)(i) and (a)(10)(ii) of this section) must be met to satisfy this certification criterion:

  1. Drug formulary checks. Automatically check whether a drug formulary exists for a given patient and medication.
  2. Preferred drug list checks. Automatically check whether a preferred drug list exists for a given patient and medication.

Criteria 11. Smoking Status 

Tobacco use and tobacco-related illness represents the single greatest preventable health risk to patients in the United States. There is clear and compelling evidence that clinician interest in a patient’s tobacco use can be an important first step in durable cessation, and the simple act of asking and recording a patient’s use of tobacco can have a profound benefit. Clinicians can also use this information to tailor discussions and specific care plans with a patient. 

Regulation Text

§170.315 (a)(11) Smoking status

Enable a user to record, change, and access the smoking status of a patient.

Criteria 12. Family Health History 

Capturing family health history electronically can help to inform clinical decision support (CDS) for screening and prevention of illnesses or conditions that a patient may be at increased risk for due to their family health history. In addition to potentially reducing costs and improving population health, capturing this information once can improve efficiencies by minimizing the collection of duplicate information across settings. 

Regulation Text

§170.315 (a)(12) Family health history

Enable a user to record, change, and access a patient's family health history in accordance with the familial concepts or expressions included in, at a minimum, the version of the standard in §170.207(a)(4).

Criteria 13. Patient-specific Education Resources 

Patient-specific education is designed to help patients both understand and make better decisions about their health. These resources may come in the form of articles, videos, and images, all of which allow the patient to better understand their health and make informed health decisions. 

Regulation Text

§170.315 (a)(13) Patient-specific education resources

  1. Identify patient-specific education resources based on data included in the patient's problem list and medication list in accordance with at least one of the following standards and implementation specifications:
    1. The standard and implementation specifications specified in §170.204(b)(3).
    2. The standard and implementation specifications specified in §170.204(b)(4).
  2. Optional. Request that patient-specific education resources be identified in accordance with the standard in §170.207(g)(2).

Criteria 14. Implantable Device List

Integrating unique device identifiers (UDIs) into certified health IT supports clinicians to better track the safety and performance of devices used by their patients regardless of setting or specialty. In the event of a product recall this information can help clinicians to identify all potentially affected patients. It can also allow clinicians to identify trends in outcomes related to a particular device. Having implantable device information available across the patient’s care continuum can help clinicians to make the best care decisions.  

Regulation Text

§170.315 (a)(14) Implantable device list

  1. Record Unique Device Identifiers associated with a patient's Implantable Devices.
  2. Parse the following identifiers from a Unique Device Identifier:
    1. Device Identifier; and
    2. The following identifiers that compose the Production Identifier:
      1. The lot or batch within which a device was manufactured;
      2. The serial number of a specific device;
      3. The expiration date of a specific device;
      4. The date a specific device was manufactured; and
      5. For an HCT/P regulated as a device, the distinct identification code required by 21 CFR 1271.290(c).
  3. Obtain and associate with each Unique Device Identifier:
    1. A description of the implantable device referenced by at least one of the following:
      1. The “GMDN PT Name” attribute associated with the Device Identifier in the Global Unique Device Identification Database.
      2. The “SNOMED CT® Description” mapped to the attribute referenced in in paragraph (a)(14)(iii)(A)(1) of this section.
    2. The following Global Unique Device Identification Database attributes:
      1. “Brand Name”;
      2. “Version or Model”;
      3. “Company Name”;
      4. “What MRI safety information does the labeling contain?”; and
      5. “Device required to be labeled as containing natural rubber latex or dry natural rubber (21 CFR 801.437).”
  4. Display to a user an implantable device list consisting of:
    1. The active Unique Device Identifiers recorded for the patient;
    2. For each active Unique Device Identifier recorded for a patient, the description of the implantable device specified by paragraph (a)(14)(iii)(A) of this section; and
    3. A method to access all Unique Device Identifiers recorded for a patient.
  5. For each Unique Device Identifier recorded for a patient, enable a user to access:
    1. The Unique Device Identifier;
    2. The description of the implantable device specified by paragraph (a)(14)(iii)(A) of this section;
    3. The identifiers associated with the Unique Device Identifier, as specified by paragraph (a)(14)(ii) of this section; and
    4. The attributes associated with the Unique Device Identifier, as specified by paragraph (a)(14)(iii)(B) of this section.
  6. Enable a user to change the status of a Unique Device Identifier recorded for a patient.

Criteria 15. Social, Psychological, and Behavioral Data 

The capture of social, psychological, and behavioral data (also known as social determinants of health) can help to provide a more complete view of a patient’s overall health status. This in turn can help the clinician make more appropriate decisions, enhancing patient care and outcomes. This information can also help the health care team to identify patients with elevated risk factors and reduce health disparities. Examples of this type of information include financial resource strain, education level, amount of stress, depression, physical activity level, alcohol use, recreational drug use, social connection and isolation, and exposure to violence (i.e., intimate partner violence). This data can improve care coordination and lead to the identification of appropriate social supports and community resources.

Regulation Text

§170.315 (a)(15) Social, psychological, and behavioral data

Enable a user to record, change, and access the following patient social, psychological, and behavioral data:

  1. Financial resource strain. Enable financial resource strain to be recorded in accordance with the standard specified in §170.207(p)(1) and whether a patient declines to specify financial resource strain.
  2. Education. Enable education to be recorded in accordance with the standard specified in §170.207(p)(2) and whether a patient declines to specify education.
  3. Stress. Enable stress to be recorded in accordance with the standard specified in §170.207(p)(3) and whether a patient declines to specify stress.
  4. Depression. Enable depression to be recorded in accordance with the standard specified in §170.207(p)(4) and whether a patient declines to specify depression.
  5. Physical activity. Enable physical activity to be recorded in accordance with the standard specified in §170.207(p)(5) and whether a patient declines to specify physical activity.
  6. Alcohol use. Enable alcohol use to be recorded in accordance with the standard specified in §170.207(p)(6) and whether a patient declines to specify alcohol use.
  7. Social connection and isolation. Enable social connection and isolation to be recorded in accordance the standard specified in §170.207(p)(7) and whether a patient declines to specify social connection and isolation.
  8. Exposure to violence (intimate partner violence). Enable exposure to violence (intimate partner violence) to be recorded in accordance with the standard specified in §170.207(p)(8) and whether a patient declines to specify exposure to violence (intimate partner violence).

2. Care Coordination

Criteria 16. Transitions of Care 

A transition of care summary and referral summaries provide essential clinical information for the receiving care team and helps organize final clinical and administrative activities for the transferring care team. This summary helps ensure the coordination and continuity of health care as patients transfer between different clinicians at different health organizations or different levels of care within the same health organization. This document improves admissions, discharges and other transition processes, communication among clinicians, and cross-setting relationships which can improve care quality and safety. This certification criterion will rigorously assess a product’s ability to create, receive, and properly consume interoperable documents using a common content and transport standard (e.g., Consolidated Clinical Document Architecture (C-CDA) and Direct Edge Protocol, respectively) that include key health data (e.g., name, date of birth, medications) that should be accessible and available for exchange.

Regulation Text

§170.315 (b)(1) Transitions of care

  1. Send and receive via edge protocol
    1. Send transition of care/referral summaries through a method that conforms to the standard specified in § 170.202(d) and that leads to such summaries being processed by a service that has implemented the standard specified in § 170.202(a); and
    2. Receive transition of care/referral summaries through a method that conforms to the standard specified in § 170.202(d) from a service that has implemented the standard specified in § 170.202(a)(2).
    3. XDM processing. Receive and make available the contents of a XDM package formatted in accordance with the standard adopted in § 170.205(p)(1) when the technology is also being certified using an SMTP-based edge protocol.
  2. Validate and display
    1. Validate C-CDA conformance – system performance. Demonstrate the ability to detect valid and invalid transition of care/referral summaries received and formatted in accordance with the standards specified in § 170.205(a)(3) and § 170.205(a)(4) for the Continuity of Care Document, Referral Note, and (inpatient setting only) Discharge Summary document templates. This includes the ability to:
      1. Parse each of the document types.
      2. Detect errors in corresponding “document-templates,” “section-templates,” and “entry-templates,” including invalid vocabulary standards and codes not specified in the standards adopted in § 170.205(a)(3) and § 170.205(a)(4).
      3. Identify valid document-templates and process the data elements required in the corresponding section-templates and entry-templates from the standards adopted in § 170.205(a)(3) and § 170.205(a)(4).
      4. Correctly interpret empty sections and null combinations.
      5. Record errors encountered and allow a user through at least one of the following ways to:
        1. Be notified of the errors produced.
        2. Review the errors produced.
    2. Display. Display in human readable format the data included in transition of care/referral summaries received and formatted according to the standards specified in § 170.205(a)(3) and § 170.205(a)(4).
    3. Display section views. Allow for the individual display of each section (and the accompanying document header information) that is included in a transition of care/referral summary received and formatted in accordance with the standards adopted in § 170.205(a)(3) and § 170.205(a)(4) in a manner that enables the user to:
      1. Directly display only the data within a particular section;
      2. Set a preference for the display order of specific sections; and
      3. Set the initial quantity of sections to be displayed.
  3. Create. Enable a user to create a transition of care/referral summary formatted in accordance with the standard specified in § 170.205(a)(4) using the Continuity of Care Document, Referral Note, and (inpatient setting only) Discharge Summary document templates that includes, at a minimum:
    1. The Common Clinical Data Set.
    2. Encounter diagnoses. Formatted according to at least one of the following standards:
      1. The standard specified in § 170.207(i).
      2. At a minimum, the version of the standard specified in § 170.207(a)(4).
    3. Cognitive status.
    4. Functional status.
    5. Ambulatory setting only. The reason for referral; and referring or transitioning provider's name and office contact information.
    6. Inpatient setting only. Discharge instructions.
    7. Patient matching data. First name, last name, previous name, middle name (including middle initial), suffix, date of birth, address, phone number, and sex. The following constraints apply:
      1. Date of birth constraint.
        1. The year, month and day of birth must be present for a date of birth. The technology must include a null value when the date of birth is unknown.
        2. Optional. When the hour, minute, and second are associated with a date of birth the technology must demonstrate that the correct time zone offset is included.
      2. Phone number constraint. Represent phone number (home, business, cell) in accordance with the standards adopted in § 170.207(q)(1). All phone numbers must be included when multiple phone numbers are present.
      3. Sex constraint. Represent sex in accordance with the standard adopted in § 170.207(n)(1).

Criteria 17. Clinical Information Reconciliation and Incorporation (CIRI) 

CIRI allows clinicians to reconcile and incorporate patient health information sent in from external sources to maintain a more accurate and up-to-date patient record. This process can help reduce errors that are especially common among patients who use multiple pharmacies, have co-morbidity factors, and multiple health care clinicians. The Consolidated Clinical Document Architecture (C-CDA) document, shared with clinicians from external sources such as hospitals, Health Information Exchanges (HIEs), or other clinicians, allow the clinician to import and reconcile health care information into their own patient record. 

Regulation Text

§170.315 (b)(2) Clinical information reconciliation and incorporation

  1. General requirements. Paragraphs (b)(2)(ii) and (iii) of this section must be completed based on the receipt of a transition of care/referral summary formatted in accordance with the standards adopted in §170.205(a)(3) and §170.205(a)(4) using the Continuity of Care Document, Referral Note, and (inpatient setting only) Discharge Summary document templates.
  2. Correct patient. Upon receipt of a transition of care/referral summary formatted according to the standards adopted §170.205(a)(3) and §170.205(a)(4), technology must be able to demonstrate that the transition of care/referral summary received can be properly matched to the correct patient.
  3. Reconciliation. Enable a user to reconcile the data that represent a patient's active medication list, medication allergy list, and problem list as follows. For each list type:
    1. Simultaneously display (i.e., in a single view) the data from at least two sources in a manner that allows a user to view the data and their attributes, which must include, at a minimum, the source and last modification date.
    2. Enable a user to create a single reconciled list of each of the following: Medications; medication allergies; and problems.
    3. Enable a user to review and validate the accuracy of a final set of data.
    4. Upon a user's confirmation, automatically update the list, and incorporate the following data expressed according to the specified standard(s):
      1. Medications. At a minimum, the version of the standard specified in §170.207(d)(3);
      2. Medication allergies. At a minimum, the version of the standard specified in §170.207(d)(3); and
      3. Problems. At a minimum, the version of the standard specified in §170.207(a)(4).
  4. System verification. Based on the data reconciled and incorporated, the technology must be able to create a file formatted according to the standard specified in §170.205(a)(4) using the Continuity of Care Document document template.

Criteria 18. Electronic Prescribing 

Electronic prescribing (e-Prescribing or eRx) is a fast, efficient way to write/re-order and transmit prescriptions. Electronic prescribing may also have pre-set fields so all the required information for prescriptions are entered and automatically stored in the patient’s record for easy review during follow-up visits or for transitions to other clinicians. Prescriptions can be automatically transmitted to a pharmacy of preference, resulting in increased overall patient satisfaction and convenience. Clinicians can also send and receive other prescription-related messages with the pharmacy, including prescription cancel requests as well as requests for a patient’s medication history. Using an electronic system also provides guided dose algorithms to assist clinicians.

Regulation Text

§170.315 (b)(3) Electronic prescribing

  1. Enable a user to perform all of the following prescription-related electronic transactions in accordance with the standard specified in §170.205(b)(2) and, at a minimum, the version of the standard specified in §170.207(d)(3) as follows:
    1. Create new prescriptions (NEWRX).
    2. Change prescriptions (RXCHG, CHGRES).
    3. Cancel prescriptions (CANRX, CANRES).
    4. Refill prescriptions (REFREQ, REFRES).
    5. Receive fill status notifications (RXFILL).
    6. Request and receive medication history information (RXHREQ, RXHRES).
  2. For each transaction listed in paragraph (b)(3)(i) of this section, the technology must be able to receive and transmit the reason for the prescription using the diagnosis elements in DRU Segment.
  3. Optional. For each transaction listed in paragraph (b)(3)(i) of this section, the technology must be able to receive and transmit the reason for the prescription using the indication elements in the SIG Segment.
  4. Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (i.e., not cc).
  5. Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications.

Criteria 19-20. Common Clinical Data Set Summary Record – Create and Receive  

A transition of care summary and referral summaries provide essential clinical information for the receiving care team and helps organize final clinical and administrative activities for the transferring care team. This summary helps ensure the coordination and continuity of health care as patients transfer between different clinicians at different health organizations or different levels of care within the same health organization. This document improves admissions, discharges and other transition processes, communication among clinicians, and cross-setting relationships which can improve care quality and safety. This certification criterion will rigorously assess a product’s ability to create and receive interoperable documents using a common content standard (e.g., Consolidated Clinical Document Architecture (C-CDA)) that include key health data (e.g., name, date of birth, medications) that should be accessible and available for exchange.

Criteria 21. Data Export 

Data export provides access and ability to export patient data for use in a different health IT system or a third party system for the purpose of a clinician’s choosing. This facilitates the accessibility and exchange of data, ensuring critical data is included when creating and exporting key patient health information, including name, sex, date of birth, problem list, medication list, functional status, reason for referral, and other vital information.

Criteria 22-23. Data Segmentation for Privacy – Send and Receive 

Sensitive health data is often exchanged via fax or paper-based methods, or excluded from data exchange altogether, meaning a clinician may not have all the relevant data at the point of care. This can lead to lower quality of care for the patient and can also lead to redundant, unnecessary, or harmful care. This criterion confirms that health IT is capable of sending and receiving a tagged transition of care summary document with privacy metadata that expresses the data classification and possible re-disclosure restrictions placed on the data by applicable law. This standard improves patient safety, the comprehensiveness of treatment, and quality of care, as well as supports and enables the delivery of more effective care to sub-groups of patients.

Criteria 24. Care Plan 

The care plan can help improve coordination of care by providing a structured format for documenting patient information such as goals, health concerns, health status evaluations, and interventions. Inclusion of this information is essential to incorporating the patient’s perspective, improving outcomes, and represents an important step toward realizing a longitudinal, dynamic, shared care plan.

3. Clinical Quality Measurement

Criteria 25. Clinical Quality Measures – Record and Export 

Clinical quality measures (CQMs) can help clinicians understand and improve the quality of health care for their beneficiaries. CQMs are also used by CMS and other health care organizations for quality improvement, public reporting, and pay-for-reporting programs for specific health care clinicians. This criterion ensures that health IT systems can record and export CQM data electronically (eCQM). The ability to export eCQM data can help a clinician or health system to view and verify their eCQM results for quality improvement on a near real-time basis. The export functionality gives clinicians the ability to export their results to multiple programs, such as those run by CMS, states, and private payers. 

Criteria 26. Clinical Quality Measures – Import and Calculate 

This criterion supports streamlined clinician processes through the importing of CQM data in a standardized format, reducing the need for manual patient data entry. It also ensures that health IT systems can correctly calculate eCQM results using a standardized format.

Criteria 27. Clinical Quality Measures – Report 

This criterion supports eCQM reporting using consensus-based industry standards (Health Level 7 Quality Reporting Document Architecture (HL7 QRDA)) and also supports better alignment with the reporting requirements of CMS programs by providing a baseline for interoperability of eCQM data. The requirements for reporting to CMS are included as an optional provision within the criterion because not all certified health IT is intended to be used for CMS reporting. Additionally, the HL7 QRDA standards are program-agnostic and can support a number of use cases for exchanging CQM data. 

Criteria 28. Clinical Quality Measures - Filter 

The filter functionality included in this criterion supports the capability for a clinician to make a query for eCQM results using one or a combination of data captured by the certified health IT for quality improvement and quality reporting purposes. It can also aid in the identification of health disparities, enable care quality improvement, and support clinicians in delivering more effective care to their patient populations. This certification criterion requires a Health IT Module to be able to record data (according to specified standards, where applicable) and filter CQM results at both patient and aggregate levels. These filters include, but are not limited to, practice site address, patient age, patient sex, and patient problem list.

4. Privacy & Security

Criteria 29. Authentication, Access Control, and Authorization 

Maintaining the confidentiality of patient health information is an important responsibility for clinicians. This certification criterion supports patient information to be safeguarded by requiring that health IT only permit access to patient health information by users who have valid credentials and only allowing credentialed users to access the types of information legitimately needed to perform their duties. 

Criteria 30. Auditable Events and Tamper-Resistance 

Applying privacy and security safeguards help protect patient information and can help clinicians avoid common security gaps that lead to cyber-attack or data loss. This certification criterion requires that by default, actions related to health information are recorded, such as who has accessed a patient’s information, and when, where, and how that access occurred. This capability (coupled with other Privacy and Security criteria such as “Audit Report(s)” and “Auditing Actions on Health Information”) enables a practice to review audit logs and thereby regularly monitor access to patient information and detect unauthorized access. This criterion also confirms that health IT is capable of preventing such audit logs from being changed, overwritten or deleted. 

Criteria 31. Audit Report(s) 

Audit report(s) enables a user to create reports of events recorded in audit trails and audit logs (see “Auditable Events and Tamper-Resistance”). Periodic reviews of audit reports provide many benefits such as preparing evidence during investigations of suspected or known security breaches, detecting unauthorized access to patient health information, and investigating patient complaints or employee concerns about suspected unauthorized access to patient data.

Criteria 32. Amendments 

Under the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, patients may request corrections and amendments to their patient health information. This certification criterion supports the capability for clinicians to easily append the amendment to a patient’s health record, or provide a link that indicates an amendment’s location.

Criteria 33. Automatic Access Time-Out 

Automatic access time-out prevents unauthorized users from viewing or accessing electronic health information from unattended system devices (e.g., laptops, tablets) after a predetermined period of inactivity and requires a user to re-enter their credentials (e.g., password, pin number) in order to resume or regain access.

Criteria 34. Emergency Access 

During critical situations, clinicians may need emergency access to a patient’s health information to quickly provide crucial services and emergency care. Having access to patient data such as treatment history, known allergies, and medications can make the difference between life and death for patients. Practices can use this capability to assure that an identified set of users can access electronic health information during an emergency.

Criteria 35. End-User Device Encryption 

Patient health information can be breached when unencrypted end-user devices (e.g., laptops, tablets, smartphones) are lost or stolen. This criterion focuses on the capability of certified health IT to encrypt and decrypt electronic health information managed by certified health IT on end-user devices if the electronic health information remains stored on the devices when they no longer connected to the certified health IT.

Criteria 36. Integrity 

Ensuring that a patient’s record is secured, protected and contains accurate data is essential for both patient safety and quality of care. This certification criterion helps assure that data is not compromised during electronic exchange by creating a message digest verifying that the exchanged health information has not been altered.

Criteria 37. Trusted Connection 

Establishing a trusted connection provides assurance that electronic health data being exchanged will remain private and secure when transferring from point A to point B. This assurance is often displayed as an icon or symbol (such as a “lock”) depending on the technology.  

Criteria 38. Auditing Actions on Health Information 

This certification criterion supports the recording of auditable events (see “Auditable Events and Tamper-Resistance”) for the purpose of creating audit logs that help a practice monitor access to patient health information and detect unauthorized access. 

Criteria 39. Accounting of Disclosures 

This certification criterion ensures health IT can record disclosures made for treatment, payment, and health care operations. This includes recording data such as the date, time, patient identification, user identification, and a description of disclosures as defined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules (see 45 CFR 164.501). 

5. Patient Engagement

Criteria 40. View, Download, and Transmit to 3rd Party 

This certification criterion supports patient access to their health information, including via email transmission to any third party the patient chooses (including to any email address, so long as the patient is properly advised of the risks of doing so) and through a second encrypted method of transmission (which could be accomplished with Direct or by another encrypted means). This allows patients to be more engaged in their care and enhance care coordination and management.

Criteria 41. Secure Messaging 

Secure messaging enables a clinician to send messages to, and receive messages from, a patient in a secure manner to ensure appropriate access and secure exchange of health information.

Criteria 42. Patient Health Information Capture 

This certification criterion supports clinician acceptance of health information from patients which can advance patient engagement and activation, as well as support the use of patient generated health data (PGHD) in shared decision-making. This can help provide health information to clinicians and help address health disparities in populations that are less likely to execute health care planning documents.

6. Public Health

Criteria 43. Transmission to Immunization Registries 

Immunization Registries provide a consolidated, reconciled source of individual level immunizations. Immunization registries are typically part of larger Immunization Information Systems (IIS) that offer services beyond the registry. IIS are managed by state and jurisdictional public health departments. They provide public health information on vaccine coverage in their communities, inform public health immunization policy and programs, and provide information to inform the outbreaks of vaccine preventable. For clinicians, IIS provide information that otherwise may not be found in their local health IT. IIS help prevent over vaccination, and provide information that can be helpful in determining “catch-up” schedules for missing vaccination.

Criteria 44. Transmission to Public Health Agencies – Syndromic Surveillance 

Syndromic Surveillance Systems (SyS) collect individual level data from hospital emergency departments, urgent care clinics and, in some jurisdictions, other clinicians. SyS are managed by state and jurisdictional public health departments. SyS were originally built to help identify potential bio-terrorism events. The data are also useful on providing indicators on many infectious diseases, food borne diseases, situational awareness during public health responses and other types of surveillance. SyS often include the ability to interoperate with additional statistical tools used by epidemiologists and researchers. Many states and jurisdictions are sharing de-identified data across boundaries.

Criteria 45. Transmission to Public Health Agencies – Reportable Laboratory Tests and Values/Results 

As part of state and local disease surveillance, laboratories are required to report on laboratory tests and results for “Reportable Diseases.” Reportable diseases differ by state, but there is a core set found in all public health departments. The electronic transmission has improved the timeliness and quality of reports. The elimination of “re-keying” data not only improves quality but frees staff resources for other tasks. Laboratory test results are sometimes the first indication of disease and in some cases support disease reporting from clinicians. 

Criteria 46. Transmission to Cancer Registries 

Cancer Registries have provided detailed information on cancer for many decades. Hospital cancer registries report up to “centralized” cancer registries that may be at the county or state level. This “upward” reporting continues onto the national level at the Centers for Disease Control and Prevention (CDC) where de-identified data is collected and analyzed. Automating the complex and detailed cancer reports using information found in health IT reduces burden on clinicians and their staff and provides timely and accurate data on both diseases and treatment.

Criteria 47. Transmission to Public Health Agencies – Electronic Case Reporting 

State and local health departments mandate that clinicians provide information on a list of “Reportable Diseases.” Reportable diseases differ by state, but there is a core set found in all public health departments. The electronic transmission of case information from health IT improves not only the timeliness and quality of reports but reduces “under-reporting” that can occur for many reasons. Electronic case reporting provides additional clinical information beyond the data found in electronic laboratory reporting.

Criteria 48. Transmission to Public Health Agencies – Antimicrobial Use and Resistance Reporting 

Antimicrobial use/antimicrobial resistance (AU/AR), unlike many other public health reporting processes, is reported directly to Centers for Disease Control and Prevention. This type of public health reporting reports and analyzes antimicrobial use and/or resistance as part of local or regional efforts to reduce antimicrobial resistant infections. This collection and analysis on antimicrobial use and antimicrobial resistance are important components of antimicrobial stewardship programs throughout the nation and can promote timely, accurate, and complete reporting, particularly if data is extracted from health IT systems and delivered using well established data exchange standards to a public health registry. 

Criteria 49. Transmission to Public Health Agencies – Health Care Surveys 

This certification criterion supports the transmission of health care surveys to directly to the Centers for Disease Control and Prevention. The National Health Care Surveys are designed to answer key questions of interest to health care policy makers, public health professionals, and researchers. This may include factors that influence the use of health care resources, and the quality of health care such as safety, and disparities in health care services. 

7. Health IT Design and Performance

Criteria 50. Automated Numerator Recording 

Clinicians participating in certain Centers for Medicare and Medicaid (CMS) payment programs, such as the EHR Incentive Programs and Quality Payment Program, are required to submit certain percentage-based measures to CMS in compliance with the program's reporting requirements. This criterion aims to ease the burden of creating a report for submission to CMS, particularly for smaller clinician offices and hospitals. Automated numerator recording allows a health IT user to automatically create a report or file that enables a user to review the patients or actions that are included in a measure’s numerator. 

Criteria 51. Automated Measure Calculation 

Automated measure calculation allows a health IT user to electronically record the numerator and denominator for the CMS’ EHR Incentive Programs percentage-based measures and to create a report of the measures. This automation is intended to improve the accuracy of measure calculations and to reduce burden for clinicians and hospitals in calculating and reporting measures. 

Criteria 52. Safety-Enhanced Design 

This certification criterion focuses on health IT usability and safety. The criterion requires health IT that includes certain certified capabilities to demonstrate compliance with specified user-center design requirements. The capabilities identified are those that pose the greatest opportunity for error prevention and improved patient safety.  

Criteria 53. Quality Management System 

This certification criterion requires health IT developers to identify the quality management systems (QMS) used in the development, testing, implementation, and maintenance of certified capabilities. The QMS identified by the health IT developer must be consistent with federal QMS standards or QMS standards developed by standards developing organizations. 

Criteria 54. Accessibility-Centered Design 

This certification criterion encourages health IT developers to identify the accessibility standards used, and accessibility laws complied with, in the development of certified health IT. Clinicians, consumers, and other stakeholders benefit the application of user-centered design standards for accessibility to health IT and the compliance of health IT with accessibility laws as well as increased transparency around such actions.

Criteria 55. Consolidated CDA Creation Performance 

This certification criterion helps to ensure the interoperability of transition of care and referral summaries sent and received to and from external organizations. No matter how data is entered into health IT – via whatever workflow and functionality – the transition of care or referral summary should reflect the data accurately and not be missing data a user otherwise recorded. 

Criteria 56-58. Application Access – Patient Selection, Data Category Request and All Data Request

The “application access” certification criteria are split into three separate certification criteria (Patient Selection, Data Category Request, and All Data Request) with each individual criterion focused on specific functionality. The “application access” certification criteria require health IT to demonstrate it can provide application access to a common set of patient clinical data via an application programming interface (API). API functionality will help address many of the challenges currently faced by individuals and caregivers accessing their health data, including the “multiple portal” problem, by potentially allowing individuals to aggregate data from multiple sources in a web or mobile application of their choice. 

8. Electronic Exchange

Criteria 59. Direct Project 

Despite the increase in health IT adoption, many providers and organizations still remain reliant on paper, phone, fax, and physical transport to exchange patient information. The Direct Project is a low-cost, practical, secure mechanism for exchanging health information electronically instead of relying on slow, inconvenient, expensive methods of exchange such as paper and faxes, providing a path to more advanced interoperability. Direct makes it possible for providers to securely email information to other trusted providers or parties, such as specialists, pharmacies, and laboratories. The Direct Project does not replace other ways of exchanging information electronically but rather enhances them. 

Criteria 60. Direct Project, Edge Protocol, and XDR/XDM 

Effective, efficient, and secure communications between health care providers is a key contributing factor to providing better patient care. Direct Project, Edge Protocol, and Crossenterprise Document Reliable Interchange/Cross-enterprise Document Media Interchange (XDR/ XDM) allows standard protocols, along with message formats and processing requirements to work together to securely transport health information electronically by including three distinct capabilities to support interoperability and all potential certified exchange options. 

Sharing is caring!

Author
Written by
Deputy Business Development Director at Belitsoft
I am a customer’s advocate and an expert in Healthcare IT.
4.2
5 reviews

Rate this article

Portfolio
Custom Electronic Healthcare Record SaaS Development
Custom Electronic Healthcare Record SaaS Development
Technologies:
PHP, Laravel, Native iOS, MySQL, Angular, Node.js, CSS3
Team size:
12 specialists (2 iOS developers, 5 backend/RESTful API developers, 2 QA, 1 UI/UX designer, 1 BA, 1 PM)
Speech recognition system for medical center chain
Speech recognition system for medical center chain
Technologies:
C++, Machine Learning, Neural Networks, SVM, Regression
Country:
USA

Testimonials

tichen

I expected and demanded a lot of you at Belitsoft company, but you exceeded my expectations. You acted pro-actively, challenged me at the right moments. Thanks!

Martin Beijer

CEO at Ticken B.V. (Netherlands)

EFI

We have been working for over 10 years and they have become our long-term technology partner. Any software development, programming, or design needs we have had, Belitsoft company has always been able to handle this for us.

Bjarne Mortensen

СEO at ElearningForce International (United States, Denmark)

Crimson

They use their knowledge and skills to program the product, and then completed a series of quality assurance tests. We were working in an agile way with them. Belitsoft performed very well throughout our project. We are definitely looking at Belitsoft as a long-term partner.

Eddie Nicholas

Service Delivery Director at Crimson (United Kingdom)

Berkeley

I highly recommend Belitsoft for website design and development. We were up against a tight deadline to launch the project. The work was delivered on time and within budget! I will continue working with Belitsoft as a valued partner for our web development!

Adrienne Herd

Program Administrator at UC Berkeley (United States)

Hathway

We have worked with Belitsoft team over the past few years on projects involving much customized programming work. They are knowledgeable and are able to complete tasks on schedule, meeting our technical requirements. We would recommend them to anyone who is in need of custom programming work.

Kevin M. Rice

Main Partner at Hathway Tech (United States)

Howcast

Belitsoft company is able to make changes instantly. One of our internal engineers has commented about how clean their code is. Belitsoft seems to know what they're doing, which I appreciate.

Darlene Liebman

Co-Founder at HOWCAST MEDIA (United States)

Fraunhofer

It was a great pleasure working with Belitsoft. Software Development Company. New requirements and adjustments were implemented fast and precisely. We can recommend Belitsoft and are looking forward to start a follow-up project.

Renè Reiners

Deputy Head of Division at Fraunhofer FIT (Germany)

Apollo Matrix

Belitsoft company has been able to provide senior developers with the skills to support back end, native mobile and web applications. We continue today to augment our existing staff with great developers from Belitsoft.

Pete Johnson

CEO at Apollo Matrix (United States)

Key2Know

Belitsoft company delivered dedicated development team for our products and technical specialists for our clients time to time custom development needs. We highly recommend that you use this company if you want the same benefits.

Bo Sejer Frandsen

Managing Director at Key2Know A/S in 2012 (Denmark)

Regen Med

We approached BelITsoft with a concept, and they were able to convert it into a multi-platform software solution. Their team members are skilled, agile and attached to their work, all of which paid dividends as our software grew in complexity.

Nicolas Tierney

COO at Regenerative Medicine LLC (United States)

Moblers

Having worked with Belitsoft as a service provider, I must say that I'm very pleased with the company's policy. Belitsoft guarantees first-class service through efficient management, great expertise, and a systematic approach to business.. I would strongly recommend Belitsoft's services to anyone wanting to get the right IT products in the right place at the right time.

Guy Doron

CEO at Moblers (Israel)

Showcast

If you are looking for a true partnership Belitsoft company might be the best choice for you. They have proven to be most reliable, polite and professional. The team managed to adapt to changing requirements and to provide me with best solutions. I strongly recommend Belisoft.

Ivo Downes

Director at ShowCast Limited (Germany)

Let's Talk Business
Do you have a software development project to implement? We have people to work on it. We will be glad to answer all your questions as well as estimate any project of yours. Use the form below to describe the project and we will get in touch with you within 1 business day.
Contact form
* Maximum file size is 20MB
to top