Printer Friendly, PDF & Email Printer Friendly, PDF & Email

§170.315(e)(1) View, download, and transmit to 3rd party

Updated on 12-02-2024
Regulation Text
Regulation Text

§ 170.315 (e)(1) View, download, and transmit to 3rd party

  1. Patients (and their authorized representatives) must be able to use internet-based technology to view, download, and transmit their health information to a 3rd party in the manner specified below. Such access must be consistent and in accordance with the standard adopted in § 170.204(a)(1) and may alternatively be demonstrated in accordance with the standard specified in § 170.204(a)(2).
    1. View. Patients (and their authorized representatives) must be able to use health IT to view, at a minimum, the following data:
      1. The data classes expressed in the standard in § 170.213 (which should be in their English (i.e., non-coded) representation if they associate with a vocabulary/code set), and in accordance with § 170.205(a)(4) and (a)(5), and paragraphs (e)(1)(i)(A)(3)(i) through (iii) of this section, for the time period up to and including December 31, 2025, or
      2. The data classes expressed in the standards in § 170.213 (which should be in their English (i.e., non-coded) representation if they associate with a vocabulary/code set), and in accordance with § 170.205(a)(4) and (a)(6), and paragraphs (e)(1)(i)(A)(3)(i) through (iii) of this section.
      3. The following data classes:
        1. Assessment and plan of treatment. In accordance with the “Assessment and Plan Section (V2)” of the standard specified in § 170.205(a)(4); or in accordance with the “Assessment Section (V2)” and “Plan of Treatment Section (V2)” of the standard specified in § 170.205(a)(4).
        2. Goals. In accordance with the “Goals Section” of the standard specified in § 170.205(a)(4).
        3. Health concerns. In accordance with the “Health Concerns Section” of the standard specified in § 170.205(a)(4).
        4. Unique device identifier(s) for a patient's implantable device(s). In accordance with the “Product Instance” in the “Procedure Activity Procedure Section” of the standards specified in § 170.205(a)(4).
      4. Ambulatory setting only. Provider's name and office contact information.
      5. Inpatient setting only. Admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization.
      6. Laboratory test report(s). Laboratory test report(s), including:
        1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7);
        2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d); and
        3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2).
      7. Diagnostic image report(s).
    2.  Download.
      1. Patients (and their authorized representatives) must be able to use technology to download an ambulatory summary or inpatient summary (as applicable to the health IT setting for which certification is requested) in the following formats:
        1. Human readable format; and
        2. The format specified in accordance to the standard specified in § 170.205(a)(4) and (5) for the time period up to and including December 31, 2025, or § 170.205(a)(4) and (6), and following the CCD document template.
      2. When downloaded according to the standard specified in § 170.205(a)(4) through (6) following the CCD document template, the ambulatory summary or inpatient summary must include, at a minimum, the following data (which, for the human readable version, should be in their English representation if they associate with a vocabulary/code set):
        1. Ambulatory setting only. All of the data specified in paragraph (e)(1)(i)(A)(1), (2), (4), and (5) of this section.
        2. Inpatient setting only. All of the data specified in paragraphs (e)(1)(i)(A)(1), and (3) through (5) of this section.
        3. Request for restrictions. Patients (and their authorized representatives) must be able to use an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213. Conformance with this paragraph is required by January 1, 2026.
      3. Inpatient setting only. Patients (and their authorized representatives) must be able to download transition of care/referral summaries that were created as a result of a transition of care (pursuant to the capability expressed in the certification criterion specified in paragraph (b)(1) of this section).
    3. Transmit to third party. Patients (and their authorized representatives) must be able to:
      1. Transmit the ambulatory summary or inpatient summary (as applicable to the health IT setting for which certification is requested) created in paragraph (e)(1)(i)(B)(2) of this section in accordance with both of the following ways:
        1. Email transmission to any email address; and
        2. An encrypted method of electronic transmission.
      2. Inpatient setting only. Transmit transition of care/referral summaries (as a result of a transition of care/referral as referenced by (e)(1)(i)(B)(3)) of this section selected by the patient (or their authorized representative) in both of the ways referenced (e)(1)(i)(C)(1)(i) and (ii) of this section).
    4. Timeframe selection. With respect to the data available to view, download, and transmit as referenced paragraphs (e)(1)(i)(A), (B), and (C) of this section, patients (and their authorized representatives) must be able to:
      1. Select data associated with a specific date (to be viewed, downloaded, or transmitted); and
      2. Select data within an identified date range (to be viewed, downloaded, or transmitted).
  2. Activity history log.
    1. When any of the capabilities included in paragraphs (e)(1)(i)(A) through (C) of this section are used, the following information must be recorded and made accessible to the patient (or his/her authorized representative):
      1. The action(s) (i.e., view, download, transmission) that occurred;
      2. The date and time each action occurred in accordance with the standard specified in § 170.210(g);
      3. The user who took the action; and
      4. Where applicable, the addressee to whom an ambulatory summary or inpatient summary was transmitted.
    2. [Reserved]
  3. Request for restrictions. Patients (and their authorized representatives) must be able to use an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213. Conformance with this paragraph is required by January 1, 2026.
Standard(s) Referenced

Paragraph (e)(1)(i)

§ 170.204(a)(1) Web Content Accessibility Guidelines (WCAG) 2.0, Level A Conformance

§ 170.204(a)(2) WCAG 2.0, Level AA Conformance

§ 170.205(a)(4) Health Level 7 (HL7®) Implementation Guide for CDA® Release 2 Consolidation CDA® Templates for Clinical Notes (US Realm), Draft Standard for Trial Use Release 2.1 C-CDA 2.1 with Errata, August 2015, June 2019 (with Errata)

§ 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2, October 2019 (Adoption of this standard expires on January 1, 2026)

§ 170.205(a)(6) HL7® CDA® R2 Implementation Guide: C-CDA Templates for Clinical Notes STU Companion Guide, Release 4.1 - US Realm (This standard is required by December 31, 2025)

Paragraph (e)(1)(i)(A)

§ 170.213(a) United States Core Data for Interoperability (USCDI), July 2020 Errata, Version 1 (v1) (Adoption of this standard expires on January 1, 2026)

§ 170.213(b) United States Core Data for Interoperability Version 3 (USCDI v3) (This standard is required by December 31, 2025.)

Laboratory test report(s):

  1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7);
    1. For positive patient identification, either the patient's name and identification number, or a unique patient identifier and identification number.
    2. The name and address of the laboratory location where the test was performed.
    3. The test report date.
    4. The test performed.
    5. The specimen source, when appropriate.
    6. The test result and, if applicable, the units of measurement or interpretation, or both.
    7. Any information regarding the condition and disposition of specimens that do not meet the laboratory's criteria for acceptability.
  2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d) – Pertinent “reference intervals” or “normal” values, as determined by the laboratory performing the tests, must be available to the authorized person who ordered the tests and, if applicable, the individual responsible for using the test results.
  3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2) – When errors in the reported patient test results are detected, the laboratory must do the following: Issue corrected reports promptly to the authorized person ordering the test and, if applicable, the individual using the test results.

Paragraph (e)(1)(i)(B)

§ 170.213(a) United States Core Data for Interoperability (USCDI), July 2020 Errata, Version 1 (v1) (Adoption of this standard expires on January 1, 2026)

§ 170.213(b) United States Core Data for Interoperability Version 3 (USCDI v3) (This standard is required by December 31, 2025.)

§ 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2 Consolidation CDA® Templates for Clinical Notes (US Realm), Draft Standard for Trial Use Release 2.1 C-CDA 2.1, August 2015, June 2019 (with Errata)

§ 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2, October 2019, IBR approved for § 170.205(a)(5) (Adoption of this standard expires on January 1, 2026)

§ 170.205(a)(6) HL7® CDA® R2 Implementation Guide: C-CDA Templates for Clinical Notes STU Companion Guide, Release 4.1 - US Realm (This standard is required by December 31, 2025)

Laboratory test reports:

  1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7) –
    1. For positive patient identification, either the patient's name and identification number, or a unique patient identifier and identification number.
    2. The name and address of the laboratory location where the test was performed.
    3. The test report date.
    4. The test performed.
    5. Specimen source, when appropriate.
    6. The test result and, if applicable, the units of measurement or interpretation, or both.
    7. Any information regarding the condition and disposition of specimens that do not meet the laboratory's criteria for acceptability.
  2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d) – Pertinent “reference intervals” or “normal” values, as determined by the laboratory performing the tests, must be available to the authorized person who ordered the tests and, if applicable, the individual responsible for using the test results.
  3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2) – When errors in the reported patient test results are detected, the laboratory must do the following: Issue corrected reports promptly to the authorized person ordering the test and, if applicable, the individual using the test results.

Paragraph (e)(1)(i)(C)

Please refer to the standards required for § 170.315(d)(9) “Trusted connection” for the encrypted method of electronic transmission.

Paragraph (e)(1)(ii)

§ 170.210(g) Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized using any Network Time Protocol (NTP) standard.

         Review the NTP Reference Document for guidance on certifying to this requirement.

Standard Version Advancement Process (SVAP) Version(s) Approved

Web Content Accessibility Guidelines (WCAG) 2.2, October 5, 2023

United States Core Data for Interoperability (USCDI), Version 4, October 2023 Errata

HL7® CDA® R2 Implementation Guide: Consolidated CDA Templates for Clinical Notes Edition 3.0 - US Realm, May 2024 

For more information, please visit the Standards Version Advancement Process (SVAP) Version(s) page.

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2025

Actions to be taken: Developers certified to this criterion must update their use of C-CDA and USCDI versions outlined in paragraphs (e)(1)(i) and (e)(1)(ii). Developers must attest to adding functionality to allow a patient to request a restriction to be applied for any USCDI data as outlined in paragraphs (e)(1)(iii).

Certification Dependencies

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.

Insights: Products certified to this criterion must submit responses for the following measures:

  • Individuals’ access to view, download and transmit to a third party

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, when different QMS are used, each QMS needs to be separately identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
  • Consolidated CDA creation performance (§ 170.315(g)(6)): Consolidated Clinical Document Architecture (C-CDA) creation performance (§ 170.315(g)(6)) does not need to be explicitly tested with this criterion unless it is the only criterion within the scope of the requested certification that includes C-CDA creation capabilities. Note that the application of § 170.315(g)(6) depends on the C-CDA templates explicitly required by the C-CDA-referenced criterion or criteria included within the scope of the certificate sought. Please refer to the C-CDA creation performance CCG for more details.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(e)(1). As a result, an ONC-ACB must ensure that a product presented for certification to a § 170.315(e) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (e) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, exceptions exist for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and (e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Testing
Testing Tool

Edge Testing Tool (ETT): Message Validators

Test Tool Documentation

Test Tool Supplemental Guide

 

Criterion Subparagraph Test Data
(e)(1)(i)(A)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

(e)(1)(i)(B)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

 

(e)(1)(i)(C)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

 

Revision History
Version # Description of Change Version Date
1.0

Initial publication

03-11-2024
1.1

Updated a typo in Paragraph (e)(1)(i) Web Content Accessibility to reflect the correct SVAP version cited in regulation as WCAG 2.2.

10-09-2024

Updated test tool link

12-02-2024

This Test Procedure illustrates the test steps required to certify a Health IT Module to this criterion. Please consult the most recent ONC Final Rule on the Certification Regulations page for a detailed description of the certification criterion with which these testing steps are associated. ONC also encourages developers to consult the Certification Companion Guide in tandem with the test procedure as it provides clarifications that may be useful for product development and testing.

Note: The test step order does not necessarily prescribe the order in which the tests should take place.

Testing components

Documentation Icon Visual Inspection Icon Test Tool Icon ONC Supplied Test Data Icon SVAP Icon
System Under Test
ONC-ACB Verification
Required by December 31, 2025 

The health IT developer of a Health IT Module currently certified to the 170.315(e)(1) View, download, and transmit to 3rd party will attest directly to the ONC-ACB to conformance with the updated 170.315(e)(1) requirements outlined in the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule.

Required by December 31, 2025 

The ONC-ACB verifies the health IT developer of a Health IT Module certified to the 170.315(e)(1) View, download, and transmit to 3rd party attests conformance to updated 170.315(e)(1) criteria requirements. 


System Under Test Test Lab Verification

Web Content Accessibility

  1. The health IT developer provides documentation indicating the level of Web Content Accessibility supported by the Health IT Module:
  • Web Content Accessibility Guideline (WCAG) 2.0, Level A Conformance as specified in § 170.204(a)(1), or
  • Level AA Conformance § 170.204(a)(2), or

     Web Content Accessibility (Approved SVAP Version)

  • Web Content Accessibility Guideline (WCAG) 2.2, Level A Conformance, or
  • Level AA Conformance.
  1. The health IT developer submits test documentation that demonstrates its internet-based technology’s compliance with either: 
  • § 170.204(a)(1) WCAG 2.0, Level A Conformance, 
  • § 170.204(a)(2) WCAG 2.0, Level AA Conformance, or

     Web Content Accessibility (Approved SVAP Version)

  • Web Content Accessibility Guideline (WCAG) 2.2, Level A Conformance, or
  • Level AA Conformance  
  1. The health IT developer documentation provided in step 1 includes WCAG compliance for each internet-based health IT technology associated with the view, download, or transmit (VDT) capabilities.

Web Content Accessibility

  1. The tester verifies the level of WCAG 2.0, Level A Conformance as specified in § 170.204(a)(1) or Level AA Conformance § 170.204(a)(2), or

     Web Content Accessibility (Approved SVAP Version)

  • WCAG 2.2, Level A Conformance, or
  • Level AA Conformance 
  1. Using the submitted testing results for WCAG Conformance (see http://www.w3.org/TR/2008/REC-WCAG20-20081211/#conformance-reqs) submitted in step 2, the tester evaluates the documentation of referenced practice, testing tools, tool results, and accompanying documentation to ensure the health IT developer has achieved conformance with WCAG 2.0 in accordance with § 170.204(a)(1) or § 170.204(a)(2) as applicable, or

     Web Content Accessibility (Approved SVAP Version)

  • WCAG 2.2, Level A Conformance, or
  • Level AA Conformance
  1. The tester verifies there is WCAG compliance for each internet-based health IT technology associated with the VDT capabilities and that this information is submitted with the documentation provided in step 1.

System Under Test Test Lab Verification
Expires on January 1, 2026

View

  1. Using the Edge Testing Tool (ETT): Message Validators – USCDI v1 R2.1 Validator, the user downloads the ONC supplied data instructions through the sender download selections of “170.315_e1_VDT_Amb” or “170.315_e1_VDT_Inp” and one of the VDT instruction documents and executes the download.
  2. Using the internet-based technology health IT function(s), the user, with the role of patient, views the ONC supplied information downloaded in step 1. At a minimum, the view includes the following data as applicable:
    • The data classes in accordance with § 170.213 United States Core Data for Interoperability Standard (USCDI) as specified in section (e)(1)(i)(A)(1) and
      1. Assessment and Plan of Treatment as specified in section (e)(1)(i)(A)(3)(i);
      2. Goals as specified in section (e)(1)(i)(A)(3)(ii);
      3. Health Concerns as specified in section (e)(1)(i)(A)(3)(iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • Laboratory test report(s) as specified in section (e)(1)(i)(A)(6), when available; and
    • Diagnostic Imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  3. Based upon the health IT setting(s) being certified, the user repeats steps 1-2 for each of the ambulatory and/or inpatient setting(s). All of the VDT summary record instruction documents for a given health IT setting must be viewed.

Authorized Viewer

  1. Using one of the ONC supplied test data instructions from step 1 and the internet-based technology health IT function(s), the user, with the role of authorized patient representative, views at a minimum the data referenced in step 2. Note, the data must be visible in the health IT product and not require a download.
  2. Negative Test: A user who is neither the patient identified in the patient record nor the patient’s authorized representative attempts to access and view patient data and is prevented from doing so.
Required by December 31, 2025

View

  1. Using the Edge Testing Tool (ETT): Message Validators – USCDI v3 R2.1, the user downloads the ONC supplied data instructions through the sender download selections of “170.315_e1_VDT_Amb” or “170.315_e1_VDT_Inp” and one of the VDT instruction documents and executes the download.
  2. Using the internet-based technology health IT function(s), the user, with the role of patient, views the ONC supplied information downloaded in step 1. At a minimum, the view includes the following data as applicable:
    • The data classes in accordance with § 170.213 United States Core Data for Interoperability Standard (USCDI) as specified in section (e)(1)(i)(A)(1) and
      1. Assessment and plan of treatment as specified in section (e)(1)(i)(A)(3)(i);
      2. Goals as specified in section (e)(1)(i)(A)(3)(ii);
      3. Health concerns as specified in section (e)(1)(i)(A)(3)(iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • Laboratory test report(s) as specified in section (e)(1)(i)(A)(6), when available; and
    • Diagnostic Imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  3. Based upon the health IT setting(s) being certified, the user repeats steps 1-2 for each of the ambulatory and/or inpatient setting(s). All of the VDT summary record instruction documents for a given health IT setting must be viewed.

Authorized Viewer

  1. Using one of the ONC supplied test data instructions from step 1 and the internet-based technology health IT function(s), the user, with the role of authorized patient representative, views at a minimum the data referenced in step 2. Note, the data must be visible in the health IT product and not require a download.
  2. Negative Test: A user who is neither the patient identified in the patient record nor the patient’s authorized representative attempts to access and view patient data and is prevented from doing so.
Expires on January 1, 2026

View

  1. The tester verifies that the user is able to download the ONC supplied data instructions for the health IT settings being certified.
  2. The tester uses the VDT instruction document downloaded in step 1 of the System Under Test to perform visual inspection to verify that a patient’s view of the patient health data in step 2 of the System Under Test is accurate and without omission, and at a minimum includes the following data as applicable:
    • The data classes in accordance with § 170.213 USCDI as specified in section (e)(1)(i)(A)(1) and
      1. Assessment and Plan of Treatment as specified in section (e)(1)(i)(A)(3)(i);
      2. Goals as specified in section (e)(1)(i)(A)(3)(ii);
      3. Health Concerns as specified in section (e)(1)(i)(A)(3)(iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • Laboratory test report(s) as specified in section (e)(1)(i)(A)(6) when available; and
    • Diagnostic Imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  3. Based upon the health IT setting(s) being certified, the tester repeats steps 1-2 for each of the ambulatory and/or inpatient setting(s). All of the VDT summary record instruction documents for a given health IT setting must be viewed.

Authorized Viewer

  1. The tester verifies that a patient’s authorized representative can view the patient health data, and using the VDT instruction document and the view from step 4 of the System Under Test, performs the same verification as in step 1.
  2. Negative Test: Using visual inspection, the tester verifies that a user, who is neither the patient identified in the record nor the patient’s authorized representative, does not have access to view the patient’s health information.
Required by December 31, 2025

View

  1. The tester verifies that the user is able to download the ONC supplied data instructions for the health IT settings being certified.
  2. The tester uses the VDT instruction document downloaded in step 1 of the System Under Test to perform visual inspection to verify that a patient’s view of the patient health data in step 2 of the System Under Test is accurate and without omission, and at a minimum includes the following data as applicable:
  • The data classes in accordance with § 170.213 USCDI as specified in section (e)(1)(i)(A)(1) and
    • Assessment and Plan of Treatment as specified in section (e)(1)(i)(A)(3)(i);
    • Goals as specified in section (e)(1)(i)(A)(3)(ii);
    • Health Concerns as specified in section (e)(1)(i)(A)(3)(iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • Laboratory test report(s) as specified in section (e)(1)(i)(A)(6) when available; and
    • Diagnostic Imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  1. Based upon the health IT setting(s) being certified, the tester repeats steps 1-2 for each of the ambulatory and/or inpatient setting(s). All of the VDT summary record instruction documents for a given health IT setting must be viewed.

Authorized Viewer

  1. The tester verifies that a patient’s authorized representative can view the patient health data, and using the VDT instruction document and the view from step 4 of the System Under Test, performs the same verification as in step 1.
  2. Negative Test: Using visual inspection, the tester verifies that a user, who is neither the patient identified in the record nor the patient’s authorized representative, does not have access to view the patient’s health information.

System Under Test Test Lab Verification
Expires on January 1, 2026

Data Class Requirements

  1. The data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes the USCDI data classes as specified in the standard at § 170.213 as applicable, and is in English (i.e., non-coded) representation, if associated with a vocabulary/code set, and in accordance with the implementation guides at § 170.205(a)(4) and § 170.205(a)(5).
  2. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(i):
    • The Assessment and Plan of Treatment in accordance with either the Assessment and Plan Section (V2), or both the Assessment and Plan of Treatment Sections (V2), specified in accordance with the standard specified in § 170.205(a)(4). At a minimum, the Assessment and plan of treatment data includes the narrative text.
  3. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(ii):
    • The Goals specified in accordance with the standard specified at § 170.205(a)(4) and § 170.205(a)(4)(i). At a minimum, the Goals data includes narrative text.
  4. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(iii):
    • The Health Concerns specified in accordance with the standard specified at § 170.205(a)(4). At a minimum, the Health concerns data includes narrative text.
Required by December 31, 2025

Data Class Requirements

  1. The data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes the USCDI data classes as specified in the standard at § 170.213 as applicable, and is in English (i.e., non-coded) representation, if associated with a vocabulary/code set, and in accordance with the implementation guides at § 170.205(a)(4) and § 170.205(a)(6).
  2. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(i):
  • The Assessment and Plan of Treatment in accordance with either the Assessment and Plan Section (V2), or both the Assessment and Plan of Treatment Sections (V2), specified in accordance with the standard specified in § 170.205(a)(4). At a minimum, the Assessment and plan of treatment data includes the narrative text.
  1. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(ii):
  • The Goals specified in accordance with the standard specified at § 170.205(a)(4) and § 170.205(a)(4)(i). At a minimum, the Goals data includes narrative text.
  1. Additionally, the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes as specified the following data as specified in section (e)(1)(i)(A)(3)(iii):
  • The Health Concerns specified in accordance with the standard specified at § 170.205(a)(4). At a minimum, the Health Concerns data includes narrative text.
Expires on January 1, 2026

Data Class Requirements

  1. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes all of the USCDI data classes as specified in the in the standard at § 170.213, as applicable; and human-readable version with English terminology is in English (i.e., non-coded) representation, if associated with a vocabulary/code set, and in accordance with the implementation guides at § 170.205(a)(4) and § 170.205(a)(5).
  2. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(i) step 2 of the System Under Test includes:
    • The Assessment and Plan Section (V2), or both the Assessment and Plan of Treatment Sections (V2) are specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.
  3. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(ii) step 2 of the System Under Test includes:
    • The Goals specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.
  4. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(iii) step 2 of the System Under Test includes:
    • The Health Concerns specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.

Note: The system must consistently and independently represent the data as discrete data that are clearly distinguishable.

Required by December 31, 2025 

Data Class Requirements

  1. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A) step 2 of the System Under Test includes all of the USCDI data classes as specified in the in the standard at § 170.213, as applicable; and human-readable version with English terminology is in English (i.e., non-coded) representation, if associated with a vocabulary/code set, and in accordance with the implementation guides at §170.205(a)(4) and § 170.205(a)(6):
  2. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(i) step 2 of the System Under Test includes:
    • The Assessment and Plan Section (V2), or both the Assessment and Plan of Treatment Sections (V2) are specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.
  3. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(ii) step 2 of the System Under Test includes:
    • The Goals specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.
  4. Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A)(3)(iii) step 2 of the System Under Test includes:
    • The Health Concerns specified in accordance with the standard specified in § 170.205(a)(4) as narrative text.

Note: The system must consistently and independently represent the data as discrete data that are clearly distinguishable.


System Under Test Test Lab Verification

Ambulatory Setting Only

The data presented in section (e)(1)(i)(A) step 2 of the System Under Test will also include:

  • The provider’s name; and
  • Office contact information.

Ambulatory Setting Only

Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A) step 2 of the System Under Test, in the case of an ambulatory setting, includes:

  • The provider’s name; and
  • Office contact information.

System Under Test Test Lab Verification

Inpatient Setting Only

The data presented in section (e)(1)(i)(A) step 2 of the System Under Test will also include:

  • Admissions and discharge dates and locations;
  • Discharge instructions; and
  • Reason(s) for hospitalization.

Inpatient Setting Only

Using visual inspection, the tester verifies that the data presented in section (e)(1)(i)(A) step 2 of the System Under Test, in the case of an inpatient setting, includes:

  • Admissions and discharge dates and locations;
  • Discharge instructions; and
  • Reason(s) for hospitalization.

System Under Test Test Lab Verification

Laboratory Test Report

The data presented includes the laboratory test report(s) when available, including the following information:

  • The test report must indicate the following information as specified in 42 CFR 493.1291(c)(1) through (7):
    1. For positive patient identification, either the patient's name and identification number or a unique patient identifier and identification number.
    2. The name and address of the laboratory location where the test was performed.
    3. The test report date.
    4. The test performed.
    5. The specimen source, when appropriate.
    6. The test result and, if applicable, the units of measurement or interpretation, or both.
    7. Any information regarding the condition and disposition of specimens that do not meet the laboratory's criteria for acceptability.
  • Pertinent “reference intervals” or “normal” values, as determined by the laboratory performing the tests, must be available to the authorized person who ordered the tests and, if applicable, the individual responsible for using the test results as specified in 42 CFR 493.1291(d); and
  • The information for corrected reports as specified in 42 CFR 493.1291(k)(2).

Laboratory Test Report

Using the ONC-supplied VDT information and visual inspection, the tester verifies that the correct laboratory test report(s) are displayed in human readable format, and that the laboratory test report is complete and accurate. Additionally, the tester verifies that the laboratory test report includes:

  • The Clinical Laboratory Improvement Amendments (CLIA) reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7);
  • The CLIA referenced values 42 CFR 493.1291(d); and
  • The CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2).

System Under Test Test Lab Verification

Diagnostic Imaging Report

The data presented includes the diagnostic image report(s) when available.

Diagnostic Imaging Report

Using the ONC-supplied VDT information and visual inspection, the tester verifies that the correct diagnostic imaging report(s) are displayed in human readable format and that the diagnostic imaging report(s) are complete and accurate.


System Under Test Test Lab Verification

Download in Human Readable Format

  1. For each data set viewed in section (e)(1)(i)(A) step 2, the user, with the role of patient, uses the internet-based technology health IT function(s) to download an ambulatory or inpatient summary document formatted as a human readable document, which at the minimum contains the health information data identified in sections (e)(1)(i)(A)(1,3-7), as applicable.

Authorized Downloader

  1. For the data set viewed in section (e)(1)(i)(A) step 4, the user, with the role of patient authorized representative, uses the internet-based technology health IT function(s), to download an ambulatory or inpatient summary document formatted as a human readable document, which at a minimum contains the health information data identified in section (e)(1)(i)(A)(1,3-7), as applicable.
  2. Negative Test: A user who is neither the patient identified in the patient record nor a patient’s authorized representative attempts to access and download patient data and is prevented from doing so.

Download in Human Readable Format

  1. For each data set downloaded in step 1 of the System Under Test, the tester verifies that the data set can be downloaded using visual inspection, and uses the corresponding ONC-supplied VDT summary record information downloaded in (e)(1)(i)(A) step 1 of the System Under Test to verify that the downloaded ambulatory and/or inpatient summary, in human readable format, is accurate and without omission.  Using visual inspection, the tester verifies the summary document includes at a minimum, the following data, as applicable:
    • The USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1);
    • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in (e)(1)(i)(A)(3)(i-iii);
    • For the inpatient setting, the downloaded inpatient summary document in step 1 includes at a minimum, the following data as applicable: the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • For the ambulatory setting, the downloaded ambulatory summary document in step 1 includes at a minimum, the following data as applicable: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • The laboratory report(s) are complete and accurate as specified in section (e)(1)(i)(A)(6). The laboratory test report must include the Clinical Laboratory Improvement Amendments (CLIA) reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7), the CLIA referenced values 42 CFR 493.1291(d), and the CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2); and
    • The diagnostic report is complete and accurate as specified in section (e)(1)(i)(A)(7).

Authorized Downloader

  1. The tester verifies that a patient’s authorized representative can download the patient health data in human readable version, and using the VDT instruction document and the download from step 2 of the System Under Test to perform the same verification as in steps 1-5.
  2. Negative Test: Using visual inspection, the tester verifies that a user, who is neither the patient identified in the record nor the patient’s authorized representative, does not have access to download the patient’s health information.

System Under Test Test Lab Verification
Expires on January 1, 2026

Download as a Continuity of Care Document (CCD)

  1. For each data set viewed in section (e)(1)(i)(A) step 2, the user, with the role of patient, uses the internet-based technology health IT function(s) to download an ambulatory or inpatient summary document in section (e)(1)(i)(B) that is formatted as a CCD document according to the standard specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA® Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2.
  2. The user submits the downloaded CCD document from step 1 for verification.
Required by December 31, 2025

Download as a Continuity of Care Document (CCD)

  1. For each data set viewed in section (e)(1)(i)(A) step 2, the user, with the role of patient, uses the internet-based technology health IT function(s) to download an ambulatory or inpatient summary document in section (e)(1)(i)(B) that is formatted as a CCD document according to the standard specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1.
  2. The user submits the downloaded CCD document from step 1 for verification.
Expires on January 1, 2026

Download as a Continuity of Care Document (CCD)

  1. For each data set downloaded in step 1 of the System Under Test, the tester verifies that a CCD document has been downloaded using visual inspection.
  2. For each CCD submitted in step 2 of the System Under Test, the tester uses the ETT: Message Validators – USCDI v1 R2.1 to upload the CCD submitted by the System Under Test as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_Inp” criteria and the corresponding ONC-supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation Report produced by the ETT: Message Validators – USCDI v1 R2.1 in step 2 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and 170.205(a)(5), using the CCD document format, including the presentation of the downloaded data is a valid coded document containing:
    • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1);
    • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in section (e)(1)(i)(A)(3)(i-iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: admission and discharge dates and locations, discharge instructions, and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5);
    • Laboratory report(s) as specified in section (e)(1)(i)(A)(6), when available; and
    • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  3. Additionally, as required by the ONC-supplied VDT instruction document, the tester uses the ETT: Message Validators –USCDI v1 R2.1 Message Content Report, created in step 2, to verify the additional checks have equivalent text and the content of all section level narrative text.
Required by December 31, 2025

Download as a Continuity of Care Document (CCD)

  1. For each data set downloaded in step 1 of the System Under Test, the tester verifies that a CCD document has been downloaded using visual inspection.
  2. For each CCD submitted in step 2 of the System Under Test, the tester uses the ETT: Message Validators –USCDI v3 R2.1 to upload the CCD submitted by the System Under Test as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_Inp” criteria and the corresponding ONC-supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation Report produced by the ETT: Message Validators – USCDI v3 R2.1 in step 2 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and § 170.205(a)(6), using the CCD document format, including the presentation of the downloaded data is a valid coded document containing:
  • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1);
  • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in section (e)(1)(i)(A)(3)(i-iii);
  • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
  • Inpatient setting only: admission and discharge dates and locations, discharge instructions, and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5);
  • Laboratory report(s) as specified in section (e)(1)(i)(A)(6), when available; and
  • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7), when available.
  1. Additionally, as required by the ONC-supplied VDT instruction document, the tester uses the ETT: Message Validators –USCDI v3 R2.1 Message Content Report, created in step 2, to verify the additional checks have equivalent text and the content of all section level narrative text.

System Under Test Test Lab Verification

Download CCD - Human Readable Version

  1. For each of the downloaded CCD documents in section (e)(1)(i)(B)(1)(ii), the VDT summary record downloaded must include, at a minimum, the following human readable data with applicable standards:
    • The USCDI data classes expressed in the standard in § 170.213;
    • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns.
    • Ambulatory setting only: the provider’s name and office contact information;
    • Inpatient setting only: admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization;
    • Laboratory test report(s) when available; and
    • Diagnostic imaging report(s) when available.

Download CCD - Human Readable Version

  1. The tester uses the Message Content Report produced by the ETT: Message Validators in step 2 to verify that the submitted CCD document created by the Health IT module includes the following human readable data:
    • The USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1);
    • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in (e)(1)(i)(A)(3)(i-iii);
    • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization as specified in section (e)(1)(i)(A)(5);
    • The tester verifies that laboratory test report(s) are present as specified in section (e)(1)(i)(A)(6) when available; and
    • The tester verifies that diagnostic imaging report(s) are present as specified in section (e)(1)(i)(A)(7) when available.

System Under Test Test Lab Verification

Inpatient Setting Only - Download Transition of Care/Referral Summary

  1. For the inpatient setting only, using the ETT: Message Validators, the user downloads the ONC supplied transition of care/referral summary records instructions provided by the PDF files for “170.315_e1_VDT_Inp” or “170.315_b1_ToC_Inp” to enter the required patient data on the Health IT Module.
  2. Using the internet-based technology health IT function(s), the user, with the role of patient, downloads each of the VDT transitions of care/referral summary records created in step 1 formatted as a Discharge Summary document as defined in 170.315(b)(1) Continuity of Care Document and Referral Note.

Setup

  1. For each transition of care/referral summary record document downloaded in step 1 of the System Under Test, the tester creates a human readable version to be used for verification.

Download Transition of Care/Referral Summary

  1. Using visual inspection, the tester verifies that each of the VDT transition of care/referral summary records from System Under Test step 1 is downloaded using the internet-based technology health IT function(s). Additionally, the tester verifies that each of the VDT transition of care/referral summary records downloaded from System Under Test step 2 is accurate and complete according to the human readable version in step 1. This includes verification at a minimum the following content as applicable:
    • The USCDI data classes expressed in the standard in § 170.213 as specified in  the standard at § 170.213; and
    • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in (e)(1)(i)(A)(3)(i-iii).

System Under Test Test Lab Verification
Expires on January 1, 2026

Unencrypted Email Method

  1. For each data set viewed in section (e)(1)(i)(A), the user, with the role of patient, uses the Health IT Module’s internet-based technology to transmit, via email, an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2 to a valid, third-party email address identified by the user.
  2. The user accesses the third-party email account and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.

Authorized Email Transmission

  1. For the test data set viewed in section (e)(1)(i)(A) step 4, a user role of patient authorized representative uses the Health IT Module’s internet-based technology, to transmit, via email, an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2 to a valid, third-party email address identified by the user.
  2. The user accesses the third-party email account and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.
  3. Negative Test: A user who is neither the patient identified in the test record nor the patient’s authorized representative attempts to access and transmit patient data and is prevented from doing so.
Required by December 31, 2025

Unencrypted Email Method

  1. For each data set viewed in section (e)(1)(i)(A), the user, with the role of patient, uses the Health IT Module’s internet-based technology to transmit, via email, an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1 to a valid, third-party email address identified by the user.
  2. The user accesses the third-party email account and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.

Authorized Email Transmission

  1. For the test data set viewed in section (e)(1)(i)(A) step 4, a user role of patient authorized representative uses the Health IT Module’s internet-based technology, to transmit, via email, an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7 Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1 to a valid, third-party email address identified by the user.
  2. The user accesses the third-party email account and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.
  3. Negative Test: A user who is neither the patient identified in the test record nor the patient’s authorized representative attempts to access and transmit patient data and is prevented from doing so.
Expires on January 1, 2026

Unencrypted Email Method

  1. Using visual inspection, the tester verifies that each ambulatory or inpatient summary document transmitted in steps 1-2 of the System Under Test using an email transmission is received successfully by the third-party, developer-identified email address.
  2. For each CCD document transmitted in step 2 of the System Under Test, the tester uses ETT: Message Validators –USCDI v1 R2.1to upload the CCD transmitted as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_ Inp” criteria and the corresponding ONC supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation Report and Content Report produced by the ETT: Message Validator – USCDI v1 R2.1 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and § 170.205(a)(5) using the CCD document format. The format shall include the presentation of the transmitted data is a valid coded document containing:
  • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1). Additionally, the transmitted health information contains the data in human readable version with English terminology (i.e. non-coded representation of vocabulary/code sets) as specified in section (e)(1)(i)(A);
  • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in section (e)(1)(i)(A)(3)(i-iii);
  • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
  • Inpatient setting only: admission and discharge dates and locations, discharge instructions and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5), when available;
  • Laboratory report(s) as specified in section (e)(1)(i)(A)(6), when available. Additionally, if included, the correct laboratory test report is displayed in human readable format, and that the laboratory test report is complete and accurate. The laboratory test report must include the CLIA reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7), the CLIA referenced values 42 CFR 493.1291(d), and the CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2);
  • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7) when available. Additionally, if included, the correct diagnostic imaging report is displayed in human readable format, and that the diagnostic imaging report is complete and accurate; and
  • As required by the corresponding ONC supplied VDT instruction document, verification of the additional checks for equivalent text the content of all section level narrative text.

Authorized Email Transmission

  1. The tester verifies that the Health IT Module can send an unencrypted email with an attachment.
  2. The tester verifies that a patient’s authorized representative can transmit the patient health data as a CCD using an unencrypted email method by using the VDT instruction document and the transmission from steps 3-4 of the System Under Test, and performs the same verification as in steps 1-7.
  3. Negative Test: Using visual inspection, the tester verifies that a user who is not the patient identified in the record and is not the patient’s authorized representative does not have access to transmit the patient’s health information.
Required by December 31, 2025

Unencrypted Email Method

  1. Using visual inspection, the tester verifies that each ambulatory or inpatient summary document transmitted in steps 1-2 of the System Under Test using an email transmission is received successfully by the third-party, developer-identified email address.
  2. For each CCD document transmitted in step 2 of the System Under Test, the tester uses ETT: Message Validators – USCDI v3 R2.1 to upload the CCD transmitted as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_ Inp” criteria and the corresponding ONC supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation Report and Content Report produced by the ETT: Message Validator – USCDI v3 R2.1 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and § 170.205(a)(6) using the CCD document format. The format shall include the presentation of the transmitted data is a valid coded document containing:
  • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1). Additionally, the transmitted health information contains the data in human readable version with English terminology (i.e. non-coded representation of vocabulary/code sets) as specified in section (e)(1)(i)(A);
  • The following data classes: Assessment and Plan of Treatment, Goals and Health Concerns as specified in section (e)(1)(i)(A)(3)(i-iii);
  • Ambulatory setting only: the provider’s name and office contact information as specified in section (e)(1)(i)(A)(4);
  • Inpatient setting only: admission and discharge dates and locations, discharge instructions and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5), when available;
  • Laboratory report(s) as specified in section (e)(1)(i)(A)(6), when available. Additionally, if included, the correct laboratory test report is displayed in human readable format, and that the laboratory test report is complete and accurate. The laboratory test report must include the CLIA reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7), the CLIA referenced values 42 CFR 493.1291(d), and the CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2);
  • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7) when available. Additionally, if included, the correct diagnostic imaging report is displayed in human readable format, and that the diagnostic imaging report is complete and accurate; and
  • As required by the corresponding ONC supplied VDT instruction document, verification of the additional checks for equivalent text the content of all section level narrative text.

Authorized Email Transmission

  1. The tester verifies that the Health IT Module can send an unencrypted email with an attachment.
  2. The tester verifies that a patient’s authorized representative can transmit the patient health data as a CCD using an unencrypted email method by using the VDT instruction document and the transmission from steps 3-4 of the System Under Test, and performs the same verification as in steps 1-7.
  3. Negative Test: Using visual inspection, the tester verifies that a user who is not the patient identified in the record and is not the patient’s authorized representative does not have access to transmit the patient’s health information.

System Under Test Test Lab Verification
Expires on January 1, 2026

Encrypted Method

  1. For the data set viewed in (e)(1)(i)(A), a user, with the role of patient, uses the Health IT Module’s internet-based technology to transmit an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2 to any third party using the developer-identified encrypted method of transmission.
  2. The user accesses the account to which the encrypted message has been sent and verifies that the transmission was received with the correct ambulatory and/or inpatient summary.

Authorized Encrypted Transmission

  1. For the data set viewed in section (e)(1)(i)(A) step 4, a user, with the role of patient authorized representative, uses the Health IT Module’s internet-based technology to transmit an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2 to any third party using the developer-identified encrypted method of transmission.
  2. The user accesses the account to which the encrypted message has been sent and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.
  3. Negative Test: A user who is neither the patient identified in the test record nor a patient’s authorized representative attempts to access and transmit patient data and is prevented from doing so.
Required by December 31, 2025

Encrypted Method

  1. For the data set viewed in (e)(1)(i)(A), a user, with the role of patient, uses the Health IT Module’s internet-based technology to transmit an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7 Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1 to any third party using the developer-identified encrypted method of transmission.
  2. The user accesses the account to which the encrypted message has been sent and verifies that the transmission was received with the correct ambulatory and/or inpatient summary.

Authorized Encrypted Transmission

  1. For the data set viewed in section (e)(1)(i)(A) step 4, a user, with the role of patient authorized representative, uses the Health IT Module’s internet-based technology to transmit an ambulatory summary or inpatient summary as created in section (e)(1)(i)(B)(2) as a CCD document according to the standards specified in § 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes with Errata, DSTU Release 2.1 and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1 to any third party using the developer-identified encrypted method of transmission.
  2. The user accesses the account to which the encrypted message has been sent and verifies that the transmission was received, and the correct ambulatory and/or inpatient summary is attached.
  3. Negative Test: A user who is neither the patient identified in the test record nor a patient’s authorized representative attempts to access and transmit patient data and is prevented from doing so.
Expires on January 1, 2026

Encrypted Method

  1. Using visual inspection, the tester verifies that for each ambulatory or inpatient summary transmitted in step 2 of the System Under Test using an encrypted transmission, that the message is received and successfully decrypted.
  2. For each CCD document transmitted in step 2 of the System Under Test, the tester uses the ETT: Message Validators - USCDI v1 R2.1 to upload the CCD transmitted as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_Inp” criteria and the corresponding ONC supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation and Content Reports produced by the ETT: Message Validators - USDCI v1 R2.1 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and § 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R1 Companion Guide, Release 2 using the CCD document format and that the presentation of the transmitted data is a valid coded document as specified in(e)(1)(i)(A) containing:
    • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1).  Additionally, the transmitted health information contains the data in human readable version with English terminology (i.e. non-coded representation of vocabulary/code sets) as specified in section (e)(1)(i)(A);
    • The following data classes: Assessment and Plan of treatment, Goals and Health Concerns as specified in (e)(1)(i)(A)(3)(i-iii);
    • Ambulatory setting only: the provider’s Name and office contact information as specified in section (e)(1)(i)(A)(4);
    • Inpatient setting only: admission and discharge dates and locations, discharge instructions, and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5);
    • Laboratory report(s) as specified in section (e)(1)(i)(A)(4)6, when available. Additionally, if included, the correct laboratory test report is displayed in human readable format, and that the laboratory test report is complete and accurate. The laboratory test report must include the CLIA reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7), the CLIA referenced values 42 CFR 493.1291(d), and the CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2);
    • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7) when available. Additionally, if included, the correct diagnostic imaging report is displayed in human readable format, and that the diagnostic imaging report is complete and accurate; and
    • As required by the corresponding ONC supplied VDT instruction document, verification the additional checks for equivalent text for the content of all section level narrative text.

Authorized Encrypted Transmission

  1. The tester verifies that the Health IT Module can send an encrypted email with an attachment.
  2. The tester verifies that a patient’s authorized representative can transmit the patient health data as a CCD using an encrypted method by using the VDT instruction document and the view from steps 3-4 of the System Under Test, and performs the same verification as in steps 1-7.
  3. Negative Test: Using visual inspection, the tester verifies that a user who is not the patient identified in the record and is not the patient’s authorized representative does not have access to transmit the patient’s health information.
Required by December 31, 2025

Encrypted Method

  1. Using visual inspection, the tester verifies that for each ambulatory or inpatient summary transmitted in step 2 of the System Under Test using an encrypted transmission, that the message is received and successfully decrypted.
  2. For each CCD document transmitted in step 2 of the System Under Test, the tester uses the ETT: Message Validators - USCDI v3 R2.1 to upload the CCD transmitted as a sender, by selecting “170.315_e1_VDT_ Amb” or “170.315_e1_VDT_Inp” criteria and the corresponding ONC supplied VDT summary record file name, and the tester executes the upload. The tester uses the Validation and Content Reports produced by the ETT: Message Validators - USCDI v3 R2.1 to verify the validation report indicates passing without error to confirm that the VDT summary record is conformant to the standard adopted in § 170.205(a)(4) and § 170.205(a)(6) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 4.1 using the CCD document format and that the presentation of the transmitted data is a valid coded document as specified in(e)(1)(i)(A) containing:
  • All of the required USCDI data classes expressed in the standard in § 170.213 as specified in section (e)(1)(i)(A)(1).  Additionally, the transmitted health information contains the data in human readable version with English terminology (i.e. non-coded representation of vocabulary/code sets) as specified in section (e)(1)(i)(A);
  • The following data classes: Assessment and Plan of treatment, Goals and Health Concerns as specified in (e)(1)(i)(A)(3)(i-iii);
  • Ambulatory setting only: the provider’s Name and office contact information as specified in section (e)(1)(i)(A)(4);
  • Inpatient setting only: admission and discharge dates and locations, discharge instructions, and reason(s) for hospitalization) as specified in section (e)(1)(i)(A)(5);
  • Laboratory report(s) as specified in section (e)(1)(i)(A)(46, when available. Additionally, if included, the correct laboratory test report is displayed in human readable format, and that the laboratory test report is complete and accurate. The laboratory test report must include the CLIA reporting data requirements specified at 42 CFR 493.1291(c)(1) through (7), the CLIA referenced values 42 CFR 493.1291(d), and the CLIA corrected report requirements specified at 42 CFR 493.1291(k)(2);
  • Diagnostic imaging report(s) as specified in section (e)(1)(i)(A)(7) when available. Additionally, if included, the correct diagnostic imaging report is displayed in human readable format, and that the diagnostic imaging report is complete and accurate; and
  • As required by the corresponding ONC supplied VDT instruction document, verification the additional checks for equivalent text for the content of all section level narrative text.

Authorized Encrypted Transmission

  1. The tester verifies that the Health IT Module can send an encrypted email with an attachment.
  2. The tester verifies that a patient’s authorized representative can transmit the patient health data as a CCD using an encrypted method by using the VDT instruction document and the view from steps 3-4 of the System Under Test, and performs the same verification as in steps 1-7.
  3. Negative Test: Using visual inspection, the tester verifies that a user who is not the patient identified in the record and is not the patient’s authorized representative does not have access to transmit the patient’s health information.

System Under Test Test Lab Verification

Inpatient Setting Only

Unencrypted Email Method - ToC

  1. For the inpatient setting only, a user, with the role of patient, uses the Health IT Module’s internet-based technology to transmit, via email, to a valid, third-party email address identified by the user, each of the ToC/referral summary as downloaded in section (e)(1)(i)(B)(3) formatted as a:
    • Continuity of Care;
    • Referral Note; and
    • Discharge Summary document.
  2. The user accesses the third-party email account and verifies that the transmission was received and the correct ambulatory and/or inpatient summary is attached.

Encrypted Method - ToC

  1. For the inpatient setting only, a user role of patient uses the Health IT module’s internet-based technology to transmit via the developer-identified encrypted method of transmission a ToC/referral summary as downloaded in section (e)(1)(i)(B)(3) formatted as a:
    • Continuity of Care;
    • Referral Note; and
    • Discharge Summary document.

Inpatient Setting Only

Unencrypted Email Method - ToC

  1. Using visual inspection, the tester verifies that each ToC/referral summary document, transmitted in steps 1-2 of the System Under Test using an email transmission, is received successfully by the third-party, developer-identified email address.
  2. Using visual inspection, the tester verifies that each of the VDT ToC/referral summary records transmitted in step 2 of the System Under Test is accurate and complete according to the human readable version as specified in section (e)(1)(i)(B)(3).

Encrypted Method - ToC

  1. Using visual inspection, the tester verifies that each ToC/referral summary document transmitted in step 2 of the  System Under Test using an encrypted transmission is received, and the message is successfully decrypted. Additionally, the tester verifies that each of the VDT ToC/referral summary records transmitted in step 2 of the System Under Test is accurate and complete according to the human readable version as specified in section (e)(1)(i)(B)(3).

System Under Test Test Lab Verification
  1. The user in the role of patient and the patient’s authorized representative requests to view and download the data in sections (e)(1)(i)(A) and (e)(1)(i)(B) for a specific date.
  2. The user in the role of patient and patient’s authorized representative requests to transmit the data in sections (e)(1)(i)(C) for a specific date.
  1. The tester verifies that the user in the role of patient and the patient’s authorized representative can view and download the health information as specified in sections (e)(1)(i)(A) and (e)(1)(i)(B) for a selected date and that the viewed and downloaded health information data associated with that date is accurate and without omission.
  2. The tester verifies that the user in the role of patient and the patient’s authorized representative can transmit the health information to a third party as specified in section (e)(1)(i)(C) for a selected date and that the transmitted health information data associated with that date is accurate and without omission.

System Under Test Test Lab Verification
  1. The user in the role of patient and the patient’s authorized representative requests to view and download, the data in sections (e)(1)(i)(A) and (e)(1)(i)(B) for a date range.
  2. The user in the role of patient and the patient’s authorized representative requests to transmit the data in sections (e)(1)(i)(C) for a date range.
  1. The tester verifies that the user in the role of patient and the patient’s authorized representative can view and download the health information as specified in section (e)(1)(i)(A) and (e)(1)(i)(B) for a selected date range and that the viewed and downloaded health information data associated with that date range is accurate and without omission.
  2. The tester verifies that the user in the role of patient and the patient’s authorized representative can transmit the health information to a third party as specified in section (e)(1)(i)(C) for a selected date range and that the transmitted health information data associated with that date range is accurate and without omission.

System Under Test Test Lab Verification
  1. When the user utilizes the view, download, or transmit to a third party capabilities as specified in sections (e)(1)(i)(A) through (e)(1)(i)(C), the Health IT Module records a new activity log entry for the following actions related to electronic health information:
    • View of patient information;
    • Download patient information; and
    • Transmit patient information.
  2. For each action, the activity log entry includes:
    • Type of action;
    • Date and time of event in accordance with the standard specified in § 170.210(g);
    • User identification; and
    • To whom the transmission was sent (if applicable).
  1. Using visual inspection, the tester verifies that the Health IT Module creates an activity log entry for each of the following actions related to electronic health information:
    • View of patient information;
    • Download patient information; and
    • Transmit patient information.
  2. The tester verifies that the Health IT Module has certified to the certification criterion specified in § 170.315(d)(2) using documentation or the tester verifies via visual inspection that for all required actions, an activity log entry related to each action taken has been generated correctly and without omission, containing:
    • The actions that occurred;
    • The date/time, specified in accordance to the standard specified in § 170.210(g);
    • The user who took the action; and
    • The addressee to whom the transmission was sent (if applicable).

System Under Test Test Lab Verification
Required by December 31, 2025

Using the internet-based technology health IT function(s), the user, with the role of patient, requests a restriction to be applied to data expressed in the standards in § 170.213.

Required by December 31, 2025

Using visual inspection, the tester verified user is able to use an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213.


Updated on 08-19-2024
Regulation Text
Regulation Text

§ 170.315 (e)(1) View, download, and transmit to 3rd party

  1. Patients (and their authorized representatives) must be able to use internet-based technology to view, download, and transmit their health information to a 3rd party in the manner specified below. Such access must be consistent and in accordance with the standard adopted in § 170.204(a)(1) and may alternatively be demonstrated in accordance with the standard specified in § 170.204(a)(2).
    1. View. Patients (and their authorized representatives) must be able to use health IT to view, at a minimum, the following data:
      1. The data classes expressed in the standard in § 170.213 (which should be in their English (i.e., non-coded) representation if they associate with a vocabulary/code set), and in accordance with § 170.205(a)(4) and (a)(5), and paragraphs (e)(1)(i)(A)(3)(i) through (iii) of this section, for the time period up to and including December 31, 2025, or
      2. The data classes expressed in the standards in § 170.213 (which should be in their English (i.e., non-coded) representation if they associate with a vocabulary/code set), and in accordance with § 170.205(a)(4) and (a)(6), and paragraphs (e)(1)(i)(A)(3)(i) through (iii) of this section.
      3. The following data classes:
        1. Assessment and plan of treatment. In accordance with the “Assessment and Plan Section (V2)” of the standard specified in § 170.205(a)(4); or in accordance with the “Assessment Section (V2)” and “Plan of Treatment Section (V2)” of the standard specified in § 170.205(a)(4).
        2. Goals. In accordance with the “Goals Section” of the standard specified in § 170.205(a)(4).
        3. Health concerns. In accordance with the “Health Concerns Section” of the standard specified in § 170.205(a)(4).
        4. Unique device identifier(s) for a patient's implantable device(s). In accordance with the “Product Instance” in the “Procedure Activity Procedure Section” of the standards specified in § 170.205(a)(4).
      4. Ambulatory setting only. Provider's name and office contact information.
      5. Inpatient setting only. Admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization.
      6. Laboratory test report(s). Laboratory test report(s), including:
        1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7);
        2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d); and
        3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2).
      7. Diagnostic image report(s).
    2.  Download.
      1. Patients (and their authorized representatives) must be able to use technology to download an ambulatory summary or inpatient summary (as applicable to the health IT setting for which certification is requested) in the following formats:
        1. Human readable format; and
        2. The format specified in accordance to the standard specified in § 170.205(a)(4) and (5) for the time period up to and including December 31, 2025, or § 170.205(a)(4) and (6), and following the CCD document template.
      2. When downloaded according to the standard specified in § 170.205(a)(4) through (6) following the CCD document template, the ambulatory summary or inpatient summary must include, at a minimum, the following data (which, for the human readable version, should be in their English representation if they associate with a vocabulary/code set):
        1. Ambulatory setting only. All of the data specified in paragraph (e)(1)(i)(A)(1), (2), (4), and (5) of this section.
        2. Inpatient setting only. All of the data specified in paragraphs (e)(1)(i)(A)(1), and (3) through (5) of this section.
        3. Request for restrictions. Patients (and their authorized representatives) must be able to use an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213. Conformance with this paragraph is required by January 1, 2026.
      3. Inpatient setting only. Patients (and their authorized representatives) must be able to download transition of care/referral summaries that were created as a result of a transition of care (pursuant to the capability expressed in the certification criterion specified in paragraph (b)(1) of this section).
    3. Transmit to third party. Patients (and their authorized representatives) must be able to:
      1. Transmit the ambulatory summary or inpatient summary (as applicable to the health IT setting for which certification is requested) created in paragraph (e)(1)(i)(B)(2) of this section in accordance with both of the following ways:
        1. Email transmission to any email address; and
        2. An encrypted method of electronic transmission.
      2. Inpatient setting only. Transmit transition of care/referral summaries (as a result of a transition of care/referral as referenced by (e)(1)(i)(B)(3)) of this section selected by the patient (or their authorized representative) in both of the ways referenced (e)(1)(i)(C)(1)(i) and (ii) of this section).
    4. Timeframe selection. With respect to the data available to view, download, and transmit as referenced paragraphs (e)(1)(i)(A), (B), and (C) of this section, patients (and their authorized representatives) must be able to:
      1. Select data associated with a specific date (to be viewed, downloaded, or transmitted); and
      2. Select data within an identified date range (to be viewed, downloaded, or transmitted).
  2. Activity history log.
    1. When any of the capabilities included in paragraphs (e)(1)(i)(A) through (C) of this section are used, the following information must be recorded and made accessible to the patient (or his/her authorized representative):
      1. The action(s) (i.e., view, download, transmission) that occurred;
      2. The date and time each action occurred in accordance with the standard specified in § 170.210(g);
      3. The user who took the action; and
      4. Where applicable, the addressee to whom an ambulatory summary or inpatient summary was transmitted.
    2. [Reserved]
  3. Request for restrictions. Patients (and their authorized representatives) must be able to use an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213. Conformance with this paragraph is required by January 1, 2026.
Standard(s) Referenced

Paragraph (e)(1)(i)

§ 170.204(a)(1) Web Content Accessibility Guidelines (WCAG) 2.0, Level A Conformance

§ 170.204(a)(2) WCAG 2.0, Level AA Conformance

§ 170.205(a)(4) Health Level 7 (HL7®) Implementation Guide for CDA® Release 2 Consolidation CDA® Templates for Clinical Notes (US Realm), Draft Standard for Trial Use Release 2.1 C-CDA 2.1 with Errata, August 2015, June 2019 (with Errata)

§ 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2, October 2019 (Adoption of this standard expires on January 1, 2026)

§ 170.205(a)(6) HL7® CDA® R2 Implementation Guide: C-CDA Templates for Clinical Notes STU Companion Guide, Release 4.1 - US Realm (This standard is required by December 31, 2025)

Paragraph (e)(1)(i)(A)

§ 170.213(a) United States Core Data for Interoperability (USCDI), July 2020 Errata, Version 1 (v1) (Adoption of this standard expires on January 1, 2026)

§ 170.213(b) United States Core Data for Interoperability Version 3 (USCDI v3) (This standard is required by December 31, 2025.)

Laboratory test report(s):

  1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7);
    1. For positive patient identification, either the patient's name and identification number, or a unique patient identifier and identification number.
    2. The name and address of the laboratory location where the test was performed.
    3. The test report date.
    4. The test performed.
    5. The specimen source, when appropriate.
    6. The test result and, if applicable, the units of measurement or interpretation, or both.
    7. Any information regarding the condition and disposition of specimens that do not meet the laboratory's criteria for acceptability.
  2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d) – Pertinent “reference intervals” or “normal” values, as determined by the laboratory performing the tests, must be available to the authorized person who ordered the tests and, if applicable, the individual responsible for using the test results.
  3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2) – When errors in the reported patient test results are detected, the laboratory must do the following: Issue corrected reports promptly to the authorized person ordering the test and, if applicable, the individual using the test results.

Paragraph (e)(1)(i)(B)

§ 170.213(a) United States Core Data for Interoperability (USCDI), July 2020 Errata, Version 1 (v1) (Adoption of this standard expires on January 1, 2026)

§ 170.213(b) United States Core Data for Interoperability Version 3 (USCDI v3) (This standard is required by December 31, 2025.)

§ 170.205(a)(4) HL7® Implementation Guide for CDA® Release 2 Consolidation CDA® Templates for Clinical Notes (US Realm), Draft Standard for Trial Use Release 2.1 C-CDA 2.1, August 2015, June 2019 (with Errata)

§ 170.205(a)(5) HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2.1 Companion Guide, Release 2, October 2019, IBR approved for § 170.205(a)(5) (Adoption of this standard expires on January 1, 2026)

§ 170.205(a)(6) HL7® CDA® R2 Implementation Guide: C-CDA Templates for Clinical Notes STU Companion Guide, Release 4.1 - US Realm (This standard is required by December 31, 2025)

Laboratory test reports:

  1. The information for a test report as specified all the data specified in 42 CFR 493.1291(c)(1) through (7) –
    1. For positive patient identification, either the patient's name and identification number, or a unique patient identifier and identification number.
    2. The name and address of the laboratory location where the test was performed.
    3. The test report date.
    4. The test performed.
    5. Specimen source, when appropriate.
    6. The test result and, if applicable, the units of measurement or interpretation, or both.
    7. Any information regarding the condition and disposition of specimens that do not meet the laboratory's criteria for acceptability.
  2. The information related to reference intervals or normal values as specified in 42 CFR 493.1291(d) – Pertinent “reference intervals” or “normal” values, as determined by the laboratory performing the tests, must be available to the authorized person who ordered the tests and, if applicable, the individual responsible for using the test results.
  3. The information for corrected reports as specified in 42 CFR 493.1291(k)(2) – When errors in the reported patient test results are detected, the laboratory must do the following: Issue corrected reports promptly to the authorized person ordering the test and, if applicable, the individual using the test results.

Paragraph (e)(1)(i)(C)

Please refer to the standards required for § 170.315(d)(9) “Trusted connection” for the encrypted method of electronic transmission.

Paragraph (e)(1)(ii)

§ 170.210(g) Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized using any Network Time Protocol (NTP) standard.

         Review the NTP Reference Document for guidance on certifying to this requirement.

Standard Version Advancement Process (SVAP) Version(s) Approved

Web Content Accessibility Guidelines (WCAG) 2.2, October 5, 2023

United States Core Data for Interoperability (USCDI), Version 4, October 2023 Errata

HL7® CDA® R2 Implementation Guide: Consolidated CDA Templates for Clinical Notes Edition 3.0 - US Realm, May 2024 

For more information, please visit the Standards Version Advancement Process (SVAP) Version(s) page.

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2025

Actions to be taken: Developers certified to this criterion must update their use of C-CDA and USCDI versions outlined in paragraphs (e)(1)(i) and (e)(1)(ii). Developers must attest to adding functionality to allow a patient to request a restriction to be applied for any USCDI data as outlined in paragraphs (e)(1)(iii).

Certification Dependencies

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.

Insights: Products certified to this criterion must submit responses for the following measures:

  • Individuals’ access to view, download and transmit to a third party

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, when different QMS are used, each QMS needs to be separately identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
  • Consolidated CDA creation performance (§ 170.315(g)(6)): Consolidated Clinical Document Architecture (C-CDA) creation performance (§ 170.315(g)(6)) does not need to be explicitly tested with this criterion unless it is the only criterion within the scope of the requested certification that includes C-CDA creation capabilities. Note that the application of § 170.315(g)(6) depends on the C-CDA templates explicitly required by the C-CDA-referenced criterion or criteria included within the scope of the certificate sought. Please refer to the C-CDA creation performance CCG for more details.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(e)(1). As a result, an ONC-ACB must ensure that a product presented for certification to a § 170.315(e) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (e) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, exceptions exist for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and (e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Revision History
Version # Description of Change Version Date
1.0

Initial publication

03-11-2024
1.1

Standards Referenced updated to reflect 2024 Approved SVAP Standards

08-19-2024
Testing
Testing Tool

Edge Testing Tool (ETT): Message Validators

Test Tool Documentation

Test Tool Supplemental Guide

 

Criterion Subparagraph Test Data
(e)(1)(i)(A)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

(e)(1)(i)(B)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

 

(e)(1)(i)(C)

Inpatient setting: 170.315_e1_vdt_inp_sample*.pdf (All samples)

Ambulatory setting: 170.315_e1_vdt_amb_sample*.pdf (All samples)

 

Certification Companion Guide: View, download, and transmit to 3rd party

This Certification Companion Guide (CCG) is an informative document designed to assist with health IT product certification. The CCG is not a substitute for the requirements outlined in regulation and related ONC final rules. It extracts key portions of ONC final rules’ preambles and includes subsequent clarifying interpretations. To access the full context of regulatory intent please consult the Certification Regulations page for links to all ONC final rules or consult other regulatory references as noted. The CCG is for public use and should not be sold or redistributed.

The below table outlines whether this criterion has additional Maintenance of Certification dependencies, update requirements and/or eligibility for standards updates via SVAP. Review the Certification Dependencies and Required Update Deadline drop-downs above if this table indicates “yes” for any field.

 

Certification Requirements
Technical Explanations and Clarifications

 

Function

Both Care Settings

Ambulatory Setting

Inpatient Setting

View

  • USCDI (English/human readable)
  • Laboratory test report(s)
  • Diagnostic image report(s)
  • Provider name
  • Office contact information
  • Admission and discharge dates and locations
  • Discharge instructions
  • Reason(s) for hospitalization

Download and Transmit

  • Human readable summary and Continuity of Care Document (CCD) document template containing:
    • USCDI
    • Laboratory test report(s)
    • Diagnostic image report(s)
  • Human readable summary and CCD also contain:
    • Provider name
    • Office contact information
  • Human readable summary and CCD also contain:
    • Admission and discharge dates and locations
    • Discharge instructions
    • Reason(s) for hospitalization
  • Transition of care/referral summaries created as a result of a transition of care or referral (human readable and CCD)

 


Clarifications:

  • The scope of this criterion is limited to the C-CDA Release 2.1 CCD document template for both ambulatory and inpatient settings. In the inpatient setting C-CDA Release 2.1 Referral and Transition of Care document templates are also within scope. Health IT developers may choose to offer view, download, and transmit to 3rd party (VDT) capabilities for other C-CDA templates as appropriate for different care and practice settings, but the CCD document template is the mandatory minimum that must be supported for this criterion.
  • In combination with the C-CDA R2.1 standard, developers certifying to the USCDI must follow the guidance and templates provided in HL7® CDA® R2 IG: C-CDA Templates for Clinical Notes R2 Companion Guide, Release 2, or a time period until December 31, 2025, or HL7® CDA® R2 Implementation Guide: C-CDA Templates for Clinical Notes STU Companion Guide, Release 4.1 - US Realm, for implementation of the C-CDA Release 2.1 standard. For example, details on how to structure and exchange Clinical Notes are included in the C-CDA Companion Guide.
  • ONC provides flexibility for the Diagnostic Imaging and Laboratory Test Results Narratives to be placed in the CCD document template in either the “Result Observation” or “Note Activity” entry templates that can be represented in the “Result” or “Notes” sections.
  • “Patients (and their authorized representatives)” are defined as any individuals to whom the patient has granted access to their health information. [see also 80 FR 62658 and 77 FR 13720]
  • The technology specifications should be designed and implemented in such a way as to provide maximum clarity to a patient (and their authorized representative) about what data exists in the system and how to interpret it. ONC expects that health IT developers will make choices following design and usability best practices that will make it easier and clearer for patients to find and use their records. [see also 80 FR 62659]
  • In order to mitigate potential interoperability errors and inconsistent implementation of the HL7® Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes, Draft Standard for Trial Use, Release 2.1, ONC assesses, approves, and incorporates corrections as part of required testing and certification to this criterion. [see the Health IT Certification Program Overview] Certified health IT adoption and compliance with the following corrections are necessary because they implement updates to vocabularies, update rules for cardinality and conformance statements, and promote proper exchange of C-CDA documents. There is a 90-day delay from the time the CCG has been updated with the ONC-approved corrections to when compliance with the corrections will be required to pass testing (i.e., ETT Message Validator). Similarly, there will be an 18-month delay before a finding of a correction’s absence in certified health IT during surveillance would constitute a non-conformity under the Certification Program.
  • Health IT developers can choose to use the flexibility of the Standards Version Advancement Process (SVAP) to use more advanced version(s) of standards than the version(s) incorporated by reference in the regulation for this certification criterion. To comply with the Maintenance of Certification requirement in § 170.405(b), a health IT developer that chooses to pursue such updates must include in their Real World Testing plan each Certified Health IT Module updated to newer version(s) of any standard(s) prior to August 31 of the year in which their updates were made and test each Module the following calendar year for conformance to all applicable criteria within its scope, including the newer version(s) of the standard(s).
  • Developers updating their already Certified Health IT Modules who choose to leverage the SVAP flexibility will be required to provide advance notice to all affected customers and its ONC-Authorized Certification Body (ONC-ACB). To be open and transparent to the public, developers must also provide its ONC-ACB with a publicly accessible hyperlink to the SVAP Notice to be published with the Module on the ONC Certified Health IT Product List (CHPL). 

Technical outcome – Patients (and their authorized representatives) can view, download, and transmit their health information to a 3rd party via internet-based technology consistent with one of the WCAG 2.0 Levels A or AA.

Clarifications:

  • A Health IT Module must demonstrate compliance with the WCAG 2.0 Level A at minimum, and may alternatively demonstrate compliance in accordance with the standard specified in Level AA protocols. This information will be listed with the product as part of its CHPL listing. [see also 80 FR 62660]
  • A Health IT Module does not need to support both WCAG 2.0 Levels.
  • Documentation from a third party or self-attestation that provides independent evidence of conformance to WCAG Levels A or AA can expedite a NVLAP-accredited testing laboratory’s review, but health IT still needs to be independently assessed by the testing laboratory for conformance according to the ONC test procedure. [see also 77 FR 54179]

Technical outcome – View:

The health IT must allow patients (and their authorized representatives) to view, at a minimum, the USCDI; laboratory test report(s); and diagnostic image reports. Additionally, patients (and their authorized representatives) must be able to view for specific settings:

  • Ambulatory setting only – the provider's name and office contact information;
  • Inpatient setting only – the admission and discharge dates and locations; discharge instructions; and reason(s) for hospitalization.

Clarifications:

  • To meet the “view” requirement, the USCDI information should be made available in its human readable/English (i.e., non-coded) representation.
  • Please refer to the standards required by the USCDI.
  • Throughout this criterion, this requirement pertains to the diagnostic image report, not the image(s) itself. A diagnostic image report contains the consulting specialist’s interpretation of image data conveying the interpretation to the referring/ordering physician and should become a part of the patient’s medical record. Unstructured data for the interpretation text is acceptable for certification. [see also 80 FR 62659]
  • Although Health IT Modules must allow the patient to download and transmit corrected reports in accordance with 42 CFR 493.1291(k)(2), there is no need to separately test for this capability to achieve certification for this criterion. The laboratory test report requirement is satisfied if the Health IT Module demonstrates that it can send a test report.

Technical outcome – Download:

  • In general, health IT presented for certification must be capable of creating CCD documents in order to demonstrate compliance with this certification criterion specified in § 170.205(a)(4) and (5) for a period until December 31, 2025, or § 170.205(a)(4) and (6), following the CCD document template. [see also 80 FR 1685080 FR 62659; and 80 FR 62674]
  • Ambulatory setting – Patients (and their authorized representatives) must be able to download a summary in both a human readable format and using the CCD document template of the Consolidated CDA Release 2.1. If the patient (or their authorized representative) chooses to download a summary using the CCD document template, the information must contain:
    • The USCDI data elements;
    • The provider’s name and office contact information;
    • Laboratory test report(s);
    • Diagnostic image report(s).
  • Inpatient setting –
    • Patients (and their authorized representatives) must be able to download a summary in both a human readable format and using the CCD document template of the Consolidated CDA Release 2.1. If the patient (or their authorized representative) chooses to download a summary using the CCD document template, the information must contain:
      • The USCDI data elements;
      • Admission and discharge dates and locations;
      • Discharge instructions;
      • Reason(s) for hospitalization;
      • Laboratory test report(s);
      • Diagnostic image report(s).
    • Patients (and their authorized representatives) must be able to download transition of care/referral summaries that were created for a transition of care. [see also Transitions of care CCG]
  • For both settings, if the patient (or their authorized representative) chooses to download a summary using the CCD document template, the human readable CCD must include data in their English (i.e., non-coded) representation if associated with a vocabulary or code set.

Clarifications:

  • Health IT may demonstrate that it is capable of creating CCDs in one of two ways.
    1. As a native capability that is part of the health IT presented for certification; or
    2. Relying upon a separate source system to perform the CCD creation capability. In this latter case, the source system would be performing a required capability to demonstrate compliance with this certification criterion and would be bound to the issued certificate as “relied upon software.” [see Relied Upon Software Guidance]  If taking this approach, the Health IT Module must be tested with at least one relied upon software product.
  • The “human readable” aspect of this provision can be satisfied using a style sheet associated with a document formatted according to the C-CDA as specified in § 170.205(a)(4) and (5) for a period until December 31, 2025, or § 170.205(a)(4) and (6), following the CCD document template. [see also 80 FR 62634]
  • A hyperlink to the data alone cannot satisfy this provision. The patient (or their authorized representatives) must be able to download the data to meet this requirement. [see also 77 FR 54180]
  • For inpatient setting only, patients (and their authorized representatives) must be able to download transition of care/referral summaries.
  • Health IT Modules may include laboratory test reports and diagnostic image reports in the “Results” or the "Notes" sections of the CCD.
    • For laboratory test reports, the C-CDA can support this information in a structured way using the “Result Observation Template” in the “Results” section, or in the “Note Activity Template” in either the “Results” or the “Notes” sections..
      • There is no need to test for sending a corrected laboratory report; this requirement is satisfied if the Health IT Module can demonstrate that it can send a laboratory test report. [see also 80 FR 62660]
    • The C-CDA can support the laboratory test reports data in a structured way using the “Result Observation Template” in the “Results” section. ONC recommends developers follow the best practices for use of the Result Observation Template per HL7® (e.g., HL7® Task Force Examples). [see also 80 FR 62660]
    • ONC recommends developers code laboratory test report data where possible and appropriate in anticipation that future certification will require more extensively coded laboratory test report data. [see also 80 FR 62660] For diagnostic image reports, unstructured data for the interpretation text is acceptable. [see also 80 FR 62659]
  • The “inpatient setting only” provision at paragraph (e)(1)(i)(B)(3), which requires a Health IT Module to enable the download of transition of care/referral summaries created as a result of a transition of care, tests the functionality of supplying such previously created C-CDAs and not the content/conformance of the C-CDAs supplied.

Technical outcome – Transmit:

  • For both settings, patients (and their authorized representatives) must be able to transmit the CCD summary created in provision (i)(B)(2) through both (1) email transmission to any email address; and (2) an encrypted method of electronic transmission.
  • In addition, for the inpatient setting, patients (and their authorized representatives) must be able to select and transmit transition of care/referral summaries created for a transition of care through both (1) email transmission to any email address; and (2) an encrypted method of electronic transmission.

Clarifications:

  • Please see the Office of Civil Rights (OCR) Frequently Asked Questions for best practices regarding the use of email for transmitting health information. 
  • For the email option, the approach is to provide patients with a readily understood and convenient option to send their health information via email. Under the current Health Insurance Portability and Accountability Act (HIPAA) regulations (45 CFR 164.524 and related guidance), patients may presently ask that their data be disclosed to them via unencrypted email. [see also 80 FR 62660]
  • For the encrypted “transmit” option, ONC encourages developers to provide innovative options for individuals to easily and efficiently protect their health information based on generally available mechanisms for security and new advances in this area.
    • The second “transmit” option is subject to the privacy and security certification framework, particularly the “Trusted connection” certification criterion (§ 170.315(d)(9)).
    • Health IT developers have the flexibility to either establish an encrypted connection between two end points or, alternatively, secure the payload via encryption.
    • The Direct protocol remains an encouraged and viable method to meet the requirements of the encrypted “transmit” requirement.
  • Transferring data to an electronic media like a USB drive or DVD does not constitute “electronic transmission” to meet this criterion. [see also 77 FR 54182]
  • For the purposes of transmission, several methods are acceptable with respect to enabling patients to use this capability. The transmission capabilities could include the ambulatory or inpatient summary created as a file attachment or provide another way for the patient to access their ambulatory or inpatient summary after initiating a transmission, such as a link embedded to their ambulatory or inpatient summary. In either case, however, note that the transmission capability must be able to support transmitting CCD documents and human readable formatted documents.

Technical outcome – Timeframe Selection:

For all of the provisions in (i)(A), (i)(B), and (i)(C) (i.e., VDT capabilities), patients and their authorized representatives must be able to select data associated with a specific date and select data within an identified time range.

Clarifications:

Timeframes

  • This criterion has two timeframe filters that patients must be able to select and configure on their own (specific date and date range). ONC did not include the ability to select a specific data element category as part of this filtering requirement.
  • There is no need to allow for selection of a specific time within each date range. For example, “9/1/2015 to 10/1/2015” is sufficient, rather than “9/1/2015 at 9:00am to 10/1/2015 at 5:00pm.” However, health IT developers may choose to include additional functionality to make it easy for patients to locate the information they need.

Data Requirements

  • Paragraph (e)(1)(i)(D) and its subsequent subparagraphs focus on "data." The scope of the information to be included in the timeframe selection for paragraphs (e)(1)(i)(A),(B), and (C) is focused on the data as laid out in (e)(1)(i)(A)(1) and (e)(1)(i)(A)(3) through (7), which are more than just the USCDI data elements.
  • All referenced data in the specified range of the timeframe selection must be returned regardless of whether the data is contained in a C-CDA document or in an atomic form and parsed.
  • Returning all data all the time regardless of a date selection or date range selection is non-conformant insofar as the technology is not demonstrating filtering by date range. The health IT developer must be able to demonstrate that filtering based on the two timeframes can be done properly.
  • Filtering in terms of excluding certain data must be by timeframe pursuant to the two filtering functionalities.
    • ONC expects that the Health IT Module must be able to send, at a minimum, all required data for a specified date range(s). ONC acknowledges that there will be organizational policies and/or safety best practices that will dictate additional data to be sent and when data is considered complete and/or ready for being sent.
    • For a Date Range Filter associated with VDT a System Under Test can provide the patient with one or more C-CDA documents that contain the data that is appropriate for the date range.

Approach

  • The date/date range filtering capability does not alone require the creation of new CCD documents to match the patient’s date or date range selection. Health IT is not expected to decompose, extract, and recompose the data from multiple CCD documents into a single larger CCD reflective of the entire date/date range filter selected. Rather, existing/previously created CCD documents in the health IT could be returned in response to a date/date range filter request that the patient could then view, download, or transmit. In other words, the health IT would not be expected to reproduce duplicative copies of CCDs it already created as part of this criterion’s conformance requirements in order to meet the date/date range filter requirement. Providing a list of the existing/previously created CCDs for that date or within the specified date range would be acceptable.
  • However, to be clear, the practice of creating a new CCD is not prohibited and would have the positive effect of making discrete data available to the patient upon request.
  • Health IT must separately demonstrate compliance with paragraphs (e)(1)(i)(B)(3) and (e)(1)(i)(C)(2) of this criterion. However, the data requirements of paragraph (e)(1)(i)(D) do not apply to “supplied” transition of care/referral summaries referenced in these paragraphs.

Technical outcome – Activity History Log:

For all of the provisions in (i)(A), (i)(B), and (i)(C) (i.e., VDT capabilities), patients (and their authorized representatives) must be able to access information regarding the action (view, download, or transmit) that occurred, the date and time each action occurred using any Network Time Protocol standard, the user who took the action, and the addressee to whom the summary was transmitted.

Clarifications:

  • Health IT may meet this requirement if it is certified to the “Auditable events and tamper-resistance” certification criterion (§ 170.315(d)(2)) and these data are accessible by the patient (and their authorized representatives).
  • The time period for which the activity log should be available is a policy determination that the organization who implements the health IT should make. Testing and certification will only test for the health IT’s ability to create such a log. [see also 77 FR 54184]
  • Developers may use any version of the Network Time Protocol standard as specified in § 170.210(g), and must meet the time accuracy requirement as defined in the certification criteria. 

Technical outcome – A Health IT Module must provide patients (and their authorized representatives) an internet-based method to request a restriction to be applied for any data expressed in the standards in § 170.213.

Clarifications:

  • Conformance with this paragraph is required by December 31, 2025.
  • Under the HIPAA Privacy Rule, covered entities as defined in 45 CFR 164.530(i) are required to allow individuals to request a restriction on the use or disclosure of their PHI for treatment, payment, or health care operations and to have policies in place by which to accept or deny such requests (See 45 CFR 164.522(a)(1)(i)(A) and (B)). The HIPAA Privacy Rule does not specify a particular process to be used by individuals to make such requests or for the entity to accept or deny the request. However, we believe that certified health IT should—to the extent feasible—support covered entities so they can execute these processes to protect individuals' privacy and to provide patients an opportunity to exercise this right (88 FR 23821).
  • The user of the technology may also need to comply with certain requirements established by federal, state, territory, local or tribal law.