Both the Physician Self-Referral Prohibition EHR Exception and the Anti-kickback EHR Safe Harbor regulations, at 42 CFR 411.357(w) and 42 CFR 1001.952(y), respectively, provide that software “is deemed to be interoperable if a certifying body recognized by the Secretary has certified the software within no more than 12 months prior to the date it is provided to the recipient.” The “recognition” of certification bodies process referred to in these regulations, as discussed in the Temporary… more
Regulation FAQs
What certification criteria will ONC-ATCBs and ONC-ACBs use to certify EHR technology for purposes of the “deeming” provision of the Physician Self-Referral Prohibition and Anti-Kickback Electronic Health Record (EHR) Exception and Safe Harbor Final Rules?
If my EHR technology is capable of submitting batch files to an immunization registry using the applicable adopted standards, is that sufficient for demonstrating compliance with the certification criterion specified at 45 CFR 170.302(k) or170.314(f)(2) (adopted as part of the 2011 and 2014 Edition EHR certification criteria, respectively)?
The certification criteria at 45 CFR 170.302(k) and 170.314(f)(2) do not specify, and are not intended to specify, when submissions should be made or the periodicity of the submissions. Consequently, submitting batch files to an immunization registry, provided that they are formatted according to the adopted standards referenced by the certification criteria at 45 CFR 170.302(k) and 170.314(f)(2), is not prohibited by these certification criteria and would be acceptable.
I currently use EHR version 1.3 which I purchased from EHR technology developer XYZ. EHR technology developer XYZ has informed me that it is not going to seek certification for EHR version 1.3. Can I seek certification for EHR version 1.3 or can I partner with a group of other health care providers that also use version 1.3 to split the cost of certification? Additionally, if EHR version 1.3 becomes certified can anyone else using EHR version 1.3 rely on the certification issued to EHR version 1.3?
In response to your first question, yes, any individual health care provider, group of health care providers, other type of affiliation, or organization is permitted to seek to have EHR technology tested and certified. The Temporary Certification Program and ONC HIT Certification Program regulations do not specify who may seek testing and certification for EHR technology. However, we note that any party that seeks testing and certification for the EHR technology would typically assume the… more
I am an EHR technology developer. I have sought and achieved certification for the Complete EHR that I sell. The Complete EHR, however, is also designed to be sold in separate components so that I can offer my customers different prices based on the capabilities they seek to implement. Is it possible for me to sell components of my certified Complete EHR separately as certified EHR Modules, or do I need to seek testing and certification for each of the separate components that I plan to sell as certified EHR Modules?
Stand-alone, separate components of a certified Complete EHR do not derive their own separate certified status based solely on the fact that they were included as part of the Complete EHR when it was tested and certified. The separate component(s) would no longer meet the Complete EHR definition, nor would the separate component have independently demonstrated that it can still properly perform capabilities for which certification is required in the absence of the capabilities with which it… more
I submitted a Complete EHR for certification, but it has not passed a test for one or more of the certification criteria. Can I request that the ONC-ATCB or ONC-ACB certify the EHR technology that I submitted as an EHR Module instead (i.e., certify only those capabilities that have been tested successfully)?
Yes, an ONC-ATCB or ONC-ACB that is authorized to certify Complete EHRs has the discretion to change the type of certification it would issue based on an EHR technology developer’s request. Whether the ONC-ATCB or ONC-ACB would choose to honor a request for a change, as well as any costs associated with a change, would depend upon the arrangement between the EHR technology developer and the ONC-ATCB or ONC-ACB. Along those lines, if an ONC-ATCB or ONC-ACB permits a developer or presenter to… more
My hospital purchased a certified EHR Module that provides approximately 75% of the capabilities we need to meet the definition of Certified EHR Technology. The other 25% are provided by our own self-developed system(s). Can we have our self-developed system tested and certified as an EHR Module and then subsequently use the combination of our self-developed certified EHR Module with the certified EHR Module we purchased to meet the definition of Certified EHR Technology? As a follow up, do we need to have the combination of the purchased certified EHR Module and our self-developed certified EHR Module tested and certified together as a Complete EHR (above and beyond the certifications they have already been issued)?
Yes, you may seek testing and certification for only those systems that have not been certified as an EHR Module (in this case, the self-developed system), and no, you do not need to have the combination of certified EHR Modules certified again as a Complete EHR in order to meet the definition of Certified EHR Technology.
If an EHR Module addresses multiple certification criteria (thus providing multiple capabilities), does it need to be tested and certified to the applicable privacy and security certification criteria as a whole or for each capability?
An EHR Module could provide a single capability required by one certification criterion or it could provide all capabilities but one required by the certification criteria for a Complete EHR. In other words, for example, we would call HIT tested and certified to one certification criterion an "EHR Module" and HIT tested and certified to nine certification criteria an "EHR Module," where ten certification criteria are required for a Complete EHR.
We now provide two different answers… more
I'm an EHR technology developer and I've had my Complete EHR certified. I work with business partners/distributors and permit them to sell my (unmodified) certified Complete EHR under their own brand/name/label. Is this business practice permitted? Is there anything that I should do or be aware of?
Yes, this business practice is permitted. However, the ONC-ATCB or ONC-ACB that certified your Complete EHR is required to ensure that you adhere to the terms and conditions of the certification it issues, including communication of the information specified at 45 CFR 170.423(k) and 170.523(k), respectively. Thus, if you permit business partners/distributors to re-brand or rename your certified Complete EHR and represent that it has been certified, the ONC-ATCB or ONC-ACB that issued the… more
My EHR technology is designed to receive demographic data from a registration system or a practice management system. The data from these other IT systems is then used by my EHR technology to demonstrate compliance with one or more certification criteria. Do these other IT systems that act as data sources to my EHR technology need to be certified?
No, other IT systems that act as data sources and are not intended to perform required capabilities in accordance with adopted certification criteria do not need to be certified simply because they supply data to a Complete EHR or EHR Module. Obviously, if the other IT systems have not been developed to, and cannot, perform required capabilities in accordance with adopted certification criteria then certification of those other IT systems would not be available. For the purposes of… more
I’ve identified that I am using two different EHR technologies to meet a single certification criterion (my document management system receives and displays summary records (45 CFR 170.306(f)(1)) and my EHR technology from EHR technology developer XYZ transmits summary records (45 CFR 170.306(f)(2)). Do both EHR technologies need to be certified?
Yes, in order to possess EHR technology that meets the definition of Certified EHR Technology, both the document management system and the EHR technology from EHR technology developer XYZ together need to meet this certification criterion in its entirety. As a result, (assuming you are not implementing a certified Complete EHR) you could elect to seek testing and certification yourself for these two systems as an EHR Module or implement a certified EHR Module that meets this certification… more
How many clinical quality measures (CQMs) must EHR technology be capable of calculating in order to get certified?
It depends.
First, it depends on whether the EHR technology is being certified to the 2011 or 2014 Edition EHR certification criteria. Second, it depends on whether the EHR technology is designed to be used in an ambulatory setting or in an inpatient setting as we have adopted specific requirements for each setting to correspond to the correlated meaningful use requirements that eligible professionals (EPs), eligible hospitals (EHs), and critical access hospitals (CAHs) must satisfy… more
I plan to use a “data warehouse” to calculate and submit meaningful use clinical quality measures. Does my data warehouse need to be certified for me to be able to use it to achieve meaningful use?
Yes, your data warehouse does need to be certified. However, only those capabilities that your data warehouse is intended to perform and for which certification is required would need to be tested and certified. Other capabilities that the data warehouse may also perform (e.g., benchmarking, research analytics) would not need to be tested and certified. Thus, if you plan to use a data warehouse to calculate and submit clinical quality measures to CMS or States for meaningful use, the data… more
I’ve selected a certified Complete EHR [or certified EHR Module] from EHR technology developer XYZ. That being said, I prefer the certified CPOE EHR Module designed by EHR technology developer ABC over the CPOE capability included in EHR technology developer XYZ’s Complete EHR. Can I use the certified CPOE EHR Module from EHR technology developer ABC instead of the CPOE capability included in EHR technology developer XYZ’s certified Complete EHR? Alternatively, can I use both of the certified CPOE capabilities included in EHR technology developer XYZ and ABC’s EHR technologies at the same time? In other words, can I use duplicative or overlapping certified capabilities of different certified EHR technologies without jeopardizing my ability to meaningfully use Certified EHR Technology?
Meeting the Certified EHR Technology definition can be achieved in numerous ways, including using EHR technologies that perform duplicative or overlapping capabilities (if that is what an eligible health care provider chooses to do) so long as those EHR technologies are certified. Consequently, an eligible health care provider could use both certified capabilities (e.g., CPOE) at the same time in two different sections/departments of its organization. The eligible health care provider would… more
I am an EHR technology developer preparing my EHR technology for certification. I am relying on a 3rd party software program to demonstrate my compliance with a specific certification criterion. Does this 3rd party software program need to be independently certified?
No, the 3rd party software program that your EHR technology relies upon does not need to be independently certified. In principle, when presenting your EHR technology to an ONC-ATCB or ONC-ACB you must be able to demonstrate that your EHR technology is in compliance with the certification criterion regardless of whether your EHR technology natively performs the specified capability or relies upon a 3rd party software program. Thus, in practice, if you rely upon a 3rd party software program… more
I’ve implemented EHR technology developer XYZ’s certified Complete EHR [or certified EHR Module] “E-HealthSystem” which has been certified to the 2011 Edition EHR certification criteria. The developer indicated that it’s making the necessary development changes and will, in the next year, present “E-HealthSystem” for Complete EHR certification to the 2014 Edition EHR certification criteria.
Scenario 1: I determined that E-HealthSystem needed to be reconfigured in order to connect with one of my patient registration systems so I made the necessary adjustments. Is it okay to make adjustments? If necessary, can I also reconfigure, in a similar manner, the next version of E-HealthSystem that will be certified to the 2014 Edition EHR certification criteria without compromising the certified status of my implementation of E-HealthSystem?
Scenario 2: EHR technology developer XYZ communicated to my organization that they relied upon a 3rd party software program “PatientInfoTracker 2.0” for the purposes of demonstrating compliance with the “generate patient lists” certification criterion specified at 45 CFR 170.302(i) in achieving E-HealthSystem’s certification. They’ve also informed me that they will rely on the same 3rd party program to meet the “create patient lists” certification criterion at 45 CFR 170.314(a)(14) as part of their Complete EHR certification to the 2014 Edition EHR certification criteria. I have already implemented, use, and would like to continue using “SuperListGenerator 7.0.” I have determined that I can reconfigure SuperListGenerator 7.0 to work with E-HealthSystem. Can I use SuperListGenerator 7.0 in lieu of PatientInfoTracker 2.0 without compromising the certified status of my implementation of E-HealthSystem now and potentially with the 2014 Edition version?
Scenario 1: I determined that E-HealthSystem needed to be reconfigured in order to connect with one of my patient registration systems so I made the necessary adjustments. Is it okay to make adjustments? If necessary, can I also reconfigure, in a similar manner, the next version of E-HealthSystem that will be certified to the 2014 Edition EHR certification criteria without compromising the certified status of my implementation of E-HealthSystem?
Scenario 2: EHR technology developer XYZ communicated to my organization that they relied upon a 3rd party software program “PatientInfoTracker 2.0” for the purposes of demonstrating compliance with the “generate patient lists” certification criterion specified at 45 CFR 170.302(i) in achieving E-HealthSystem’s certification. They’ve also informed me that they will rely on the same 3rd party program to meet the “create patient lists” certification criterion at 45 CFR 170.314(a)(14) as part of their Complete EHR certification to the 2014 Edition EHR certification criteria. I have already implemented, use, and would like to continue using “SuperListGenerator 7.0.” I have determined that I can reconfigure SuperListGenerator 7.0 to work with E-HealthSystem. Can I use SuperListGenerator 7.0 in lieu of PatientInfoTracker 2.0 without compromising the certified status of my implementation of E-HealthSystem now and potentially with the 2014 Edition version?
With respect to Scenario 1, yes, you can reconfigure your implementation of E-HealthSystem without compromising its certified status, but you assume the risks associated with modifying a certified capability after it has been certified. You are also responsible for ensuring that the modifications do not adversely affect the performance of E-HealthSystem and, as a result, your ability to demonstrate meaningful use. We encourage eligible providers to use caution when modifying certified… more
As an eligible provider seeking to demonstrate meaningful use of Certified EHR Technology (CEHRT), what options do I have to meet the Certified EHR Technology definition before and after 2014?
The CEHRT definition can be found at 45 CFR 170.102 and applies to the calendar year (CY) for eligible professionals (EPs) and the fiscal year (FY) for eligible hospitals (EHs) and critical access hospitals (CAHs).
Before FY/CY 2014 (i.e., for the EHR reporting periods in 2011, 2012, and 2013)
An eligible provider can satisfy the CEHRT definition in any one of the following three ways:
- The eligible provider possesses EHR technology certified to… more
I use or would like to use an “interface” to submit data to a public health agency/registry. Does this interface need to be certified?
It depends. We recognize that the term “interface” has several different meanings depending on the context in which it is used, the IT infrastructure of which it is a part, and the capability it performs. Consequently, depending on various factors, an interface may or may not need to be certified.
“NO”
- The answer to your question would be “no,” if the interface provided a user with the ability to directly enter data to the public health agency/registry. In that… more
The “electronic copy of health information” certification criteria (45 CFR 170.304(f) and 45 CFR 170.306(d)) each require that Certified EHR Technology “enable a user to create an electronic copy of a patient’s clinical information… in: (1) Human readable format; and (2) On electronic media or through some other electronic means….” Is there more than one way to demonstrate compliance with these certification criteria?
Yes, as discussed in the Initial Set of Standards, Implementation Specifications, and Certification Criteria Final Rule published in July 2010 (75 FR 44630), there is more than one way to demonstrate compliance with these certification criteria. For these certification criteria, Certified EHR Technology must be capable of generating two outputs to produce an electronic copy (i.e., a copy in human readable format and a copy as a CCD or CCR). If the Certified EHR Technology is capable of… more
The certification criterion at 45 CFR 170.302(n) specifies (and similarly specified in 45 CFR 170.314(g)(2)) that “[f]or each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure.” Is it possible for the action of “record” in the certification criterion to be implemented in different ways and still remain in compliance with the certification criterion? For example, could “record” comprise the ability of a centralized analytics EHR Module to accept or retrieve raw data from another EHR Module or EHR Modules, and upon receipt of this raw data, the centralized analytics EHR Module would calculate the numerator, denominator, and the resulting percentage as specified by 45 CFR 170.302(n) and 170.314(g)(2)?
Yes, it is possible for the action of “record” in this certification criterion to be implemented in different ways. The example in this question appears to be one possible way to demonstrate compliance with this certification criterion. Other possible methods could include a Complete EHR that accepts or retrieves raw data, analyzes the data, and then generates a report based on the analysis; a Complete EHR that separately tracks each capability with a percentage-based meaningful use measure… more
What does it mean to “possess” EHR technology as mentioned in FAQ 9-10-017?
We consider “possession” of EHR technology certified to an edition of EHR certification criteria to be either the physical possession of the medium on which a certified Complete EHR, or certified EHR Module resides, or a legally enforceable right by an eligible health care provider to access and use, at its discretion, the capabilities of a certified Complete EHR or certified EHR Module. An eligible health care provider may determine the extent to which it will implement or use these… more