Electronic Health Records


What Is the ONC Health IT Certification Program?

The ONC Health IT Certification Program is meant to signal which health IT systems meet federal requirements and include useful functionality.

Source: Thinkstock

Health IT companies and innovators offer a number of different types of EHR technology and EHR-integrated health IT solutions to the provider community.

These tools include everything from patient portals to voice recognition software, and they all aim to help providers deliver high quality care to satisfied, engaged patients.

Health IT companies design technologies with an eye toward boosting patient engagement, easing clinical documentation, and enabling a seamless flow of health information between clinicians, care teams, and facilities.

However, the sheer volume of available products can overwhelm healthcare organizations looking for the right tool or system to boost clinician productivity and streamline daily operations.  

Considering the hefty price tags that accompany most EHR implementation projects — with some exceeding $100 million — healthcare organizations looking to commit to an EHR contract decision need assurance that the system they’re buying is capable of meeting all federal requirements and fulfilling the needs of clinicians, administrators, and patients.

And in the wake of a $155 million settlement with eClinicalWorks following allegations of fraudulently receiving ONC certification, providers cannot be too careful when evaluating vendors and their products.

While providers should consider several factors when making an EHR selection decision, one helpful indicator of a high quality system is a stamp of approval from the ONC Health IT Certification Program.

In combination with product demonstrations, provider feedback, reference calls, and site visits, ONC health IT certification can help to point healthcare organizations in the right direction when searching for a reliable EHR system.

The basics of the ONC Health IT Certification Program

In 2010, ONC launched the Health IT Certification Program to signal which health IT products meet the necessary standards, security measures, implementation specifications, and other criteria to fulfill requirements under the EHR Incentive Programs.

The certification program is a third-party product conformity assessment scheme based on the principles of the International Standards Organization (ISO) and International Electrotechnical Commission (IEC) framework.

“ONC does not perform conformance testing or issue certifications itself,” stated the federal agency in an ONC Health IT Certification Program Overview. “Rather, ONC collaborates with other organizations that it evaluates, approves, and authorizes to perform these functions on its behalf.”

The National Institute of Standards and Technology (NIST) collaborated with ONC to establish the certification program as part of the HITECH Act of 2009.

Together, ONC and NIST continue to develop and update the functional and conformance testing requirements, test cases, and testing tools that underpin the program.

The process of changing or updating the health IT certification program starts with a notice of proposed rulemaking (NPRM) from ONC, followed by a public comment period soliciting feedback from industry stakeholders. ONC then reviews stakeholder comments and drafts a final rule on behalf of the HHS Secretary.

Based on the certification criteria outlined in the final rule, ONC develops a test method. The test method must be approved by the National Coordinator for Health IT.

The test method functions as the structure for evaluating health IT conformance to certification criteria. The current 2015 Edition test method operates using an outcomes-focused format and includes guide documents to assist innovators in developing new health IT modules.

Health IT modules are EHR-integrated products or units that together comprise a health IT system.

In addition to overseeing approval of the test method, ONC is also responsible for approving all test tools that are part of the program.  

While the Health IT Certification Program was initially launched to support the EHR Incentive Programs, other incentive programs including the Merit-Based Incentive Payment System (MIPS) under the Quality Payment Program (QPP) now mandate the use of ONC-certified health IT.

ONC has put out several new editions of certification criteria since the program’s launch in 2010 — the most recent being 2015 Edition ONC Health IT Certification.

While ONC spearheads the program, the rigorous certification process itself is carried out by outside entities called ONC-Authorized Testing Laboratories (ONC-ATLs) and ONC-Authorized Certification Bodies (ONC-ACBs).

Current ONC-ACBs include Drummond Group, ICSA Labs, InfoGard Laboratories, Inc., and SLI Compliance.

ONC-ATLs are accredited by the NIST-run National Voluntary Laboratory Accreditation Program (NVLAP) to perform testing and determine whether certain health IT modules meet ONC standards and certification criteria using the ONC-approved test method.

Meanwhile, ONC-ACBs are responsible for putting the final stamp of approval on health IT products based on test results from ONC-ATLs. ONC-ACBs also carry out surveillance activities to ensure technology vendors are maintaining health IT functionality required by certification criteria.

Source: Thinkstock

What are the certification criteria?

To earn 2015 Edition Certified EHR Technology (CEHRT) status, vendors must ensure their EHR systems or health IT modules meet all 2015 Edition certification criteria, as well as the 2015 Edition Base EHR definition.

When earlier versions of the CEHRT program were intended to support specific regulatory goals in place at the time, the 2015 Edition certification criteria is program-agnostic.

According to an ONC final rule overview, 2015 edition certified health IT can support many different use cases, needs, and incentive programs, including initiatives related to long-term and post-acute care, behavioral healthcare, and chronic care management.

The 2015 edition certification final rule includes updated criteria, requirements, and modifications supporting the following:


The 2015 Edition CEHRT criteria integrates new and updated vocabulary and content standards for structured health data documentation, recording, and exchange. Requirements include a Common Clinical Data Set containing data expressed using up-to-date health IT standards, as well as testing for the C-CDA exchange standard.

Health data exchange and access

Certified health IT that fulfills the 2015 Edition Base EHR definition must facilitate health data exchange and access through enhanced data export capabilities, include functionality that supports transitions of care, and allow for third parties to connect to health IT products through an application programming interface (API).

Health IT standardization across the care continuum

The 2015 edition certification final rule establishes a framework that ensures the Health IT Certification Program is open and accessible to a variety of health IT that supports different care and practice settings, HHS programs, and public and private interests.

Enhanced demographic data capture

Health IT tools must be able to capture granular data related to race, ethnicity, sexual orientation, gender identity, socioeconomic factors, psychological history, and behavioral health concerns.

Sensitive data segmentation

The final rule supports sensitive health data exchange by including data privacy criteria. Data segmentation has been defined by ONC as “the process of sequestering from capture, access, or view certain data elements that are perceived by a legal entity, institution, organization, or individual as being undesirable to share.”

Data segmentation for privacy allows providers or other healthcare entities to decide which specific data elements are eligible for exchange, who has access to that information, under what circumstances access is granted, and for how long.

According to the final rule, 2015 Edition Certified Health IT products must also support computerized provider order entry (CPOE), electronic prescribing, and drug and allergy interactions.

Certified tools must also include the ability to record patient demographics and smoking status, as well as behavioral, social, psychological, and family health history information. EHR problem lists, medication lists, implantable device lists, and medication allergy lists must also be accessible through the EHR system.

Furthermore, 2015 edition certified health IT must include clinical decision support capabilities and functionality that enables providers to view, download, and transfer health data to a third party, among other functionality.

Health IT companies can use one certified health IT module or a combination of modules to meet the 2015 edition Base EHR definition.

To meet the 2015 base EHR definition, a system must include the following capabilities:

  • Provide clinical decision support
  • Support physician order entry
  • Capture and query health information
  • Exchange health information with other sources and integrate information received from external sources
  • Store patient demographic and clinical health information, such as medical history and problem lists

Source: Thinkstock

Which health IT products have earned 2015 edition certification?

2015 Edition ONC health IT certification is still relatively new to the industry, and only a limited number of health IT companies offer products that fulfill its requirements.

In March 2018, ONC released four data visualizations to give healthcare providers an idea of how many health IT companies currently offer certified 2015 Edition health IT modules, as well as the number of eligible clinicians currently using the technology to fulfill federal reporting requirements.

The market share data is based on information from hospitals that used 2015 Edition Certified Health IT to attest to meaningful use through the EHR Incentive Programs from 2011 to 2016.  

According to ONC, Cerner products were in use at the most eligible hospitals (23.73 percent), while Epic was the most commonly used certified EHR system among eligible clinicians for MIPS reporting (27.29 percent).

Allscripts had about 9 percent of the market share of MIPS eligible clinicians, while eClinicalWorks had about 7 percent. Only 4 percent of eligible clinicians used a Cerner EHR system to fulfill MIPS reporting requirements, while approximately 3 percent utilized a Greenway Health EHR system.

Why is health IT certification important?

Under current federal regulation, eligible clinicians participating in MIPS as part of the second year of the QPP are required to report using at least 2014 Edition CEHRT to earn incentive payments.

According to the QPP final rule released in November 2017, eligible clinicians can opt to use a combination of 2014 and 2015 Edition CEHRT to successfully report under MIPS. While federal regulation allows the use of 2014 Edition CEHRT, it ultimately encourages the use of 2015 Edition CEHRT — those that are fully reliant on 2015 Edition CEHRT may receive a bonus.

For eligible hospitals participating in the Promoting Interoperability (PI) program — previously known as meaningful use — 2014 Edition CEHRT is similarly allowed for reporting during the 2018 calendar year.

However, suggestions included in the most recent Inpatient Prospective Payment System (IPPS) and Long-Term Care Hospital (LTCH) Prospective Payment System (PPS) proposed rule would modify regulations surrounding CEHRT.

According to the proposed rule, providers participating in PI would be required to use 2015 Edition CEHRT starting in 2019 to demonstrate meaningful use and qualify for federal incentive payments.

“This updated technology includes the use of application programming interfaces, which have the potential to improve the flow of information between providers and patients,” stated CMS in a press release.

“Patients could collect their health information from multiple providers and potentially incorporate all of their health information into a single portal, application, program, or other software.”

Some stakeholders support this move to promote the use of 2015 Edition CEHRT as technology better able to support interoperability and health data exchange. However, AHA Vice President for Health IT and Policy Operations Chantal Worzala suggests that this policy may be premature.

“We are a bit concerned about whether the 2015 Edition Certified EHR technology is actually going to be available in a way that allows for an orderly transition,” Worzala told EHRIntelligence.com.

How health IT certification should factor into EHR selection

Healthcare organizations must consider EHR usability, health data exchange capabilities, interoperability with outside health systems, price, and available system functionalities and features before signing the dotted line on an EHR contract.

According to Epic Vice President of Interoperability Peter DeVault, health IT certification should not be at the top of the list of qualifications for a potential EHR implementation.

“The best advice for a provider buying health IT is not just to rely on the certification and on responses to the RFP the vendor provides, but to do site visits and reference calls,” DeVault said at the 2017 Value-Based Care Summit. “You have to see it in action.”

Many organizations, such as Virtua Health System, engage in rigorous EHR selection processes that heavily involve feedback from all clinicians, health system leadership, and staff members to ensure the system meets the needs of providers across the care continuum.

As part of its EHR selection process, Virtua invited over 1500 health system staff members to attend 80 product demonstrations. Staff scored competing systems on their performance against several metrics.

“We looked at two solutions: Epic and Cerner,” Virtua Senior Vice President and CIO Tom Gordon told EHRIntelligence.com. “We had a week-long process where we conducted 40 demos apiece — 40 Cerner demos and 40 Epic demos.”  

“It was a paper-driven process, but we had about 90 percent of the scoring sheets filled out,” continued Gordon.

Clinicians ultimately scored Epic higher than Cerner, and Virtua leadership followed the advice of its staff. For Virtua, clinician and staff member feedback ranked highest on its list of priorities.

The future of health IT certification

In keeping with provisions of the 21st Century Cures Act, ONC will continuously update and improve the Health IT Certification Program to support real-world health IT testing.

ONC updated the program in 2017 to support improvements in clinical efficiency and reduce regulatory burden. Administrative burden reduction is a top priority of CMS, ONC, and other regulating agencies.

ONC announced it would reduce instances of randomized surveillance of certified health IT products. Additionally, ONC stated that health IT developers are now able to self-declare their product’s conformance to 30 functionality-based certification criteria instead of spending time testing with an ONC-ATL.

“This testing typically included either a visual demonstration of the product’s functionality or submission of documentation confirming the required functionality,” wrote ONC officials in a Health IT Buzz blog post.

“Self-declaration is not a new approach and is used among other industry testing programs,” continued the federal agency. “In evaluating the Certification Program’s potential burdens, ONC determined that this industry approach would best meet our efficiency goals while maintaining overall integrity.”

Source: Thinkstock

As per provisions of the Cures Act related to improving interoperability, health IT developers must rely on testing at ONC-ATLs for interoperability-based certification criteria.

“Health IT developers are still required to meet certification criteria requirements and maintain their products’ conformance to the full scope of the criteria,” clarified ONC. “Any non-conformity complaints received and associated with these certification criteria would continue to be reviewed and investigated by ONC-ACBs.”

ONC is also currently in the process of implementing a five-year plan to revise the health IT certification program so that regulatory bodies can utilize testing tools developed by the healthcare industry rather than using tools financed by tax-payer dollars.

“Achieving this goal will enable the Program to more efficiently focus its testing resources and better align with industry-developed testing tools, which could help support the ‘real world testing’ envisioned by the Cures Act,” wrote ONC Director of the Office of Standards and Technology Steve Posnack, MS in a Health IT Buzz blog post.

ONC is currently working to incorporate testing tools developed by health IT developers, standards development organizations, and others part of the private sector into the program. Privately-developed testing tools could someday replace current testing infrastructure, which would eliminate the need for the public funding used to support test tool development.

“A diverse mix of testing tools, including those developed in partnership with or solely administered by industry, can help optimize the certification experience,” stated Posnack.

Thus far, ONC has approved a testing method proposed by the National Committee for Quality Assurance (NCQA) for electronic clinical quality measures (eCQMs) as an alternative to the ONC-provided test method.

“This approval was a first step toward our five-year goal and is a clear signal that the Program can and will approve industry-developed testing methods,” stated Posnack.

Most recently, ONC announced it is developing a new proposed rule that would update the certification program to support voluntary attestation to the adoption of the Trusted Exchange Framework and Common Agreement (TEFCA).

TEFCA is intended to promote network-to-network connectivity across the healthcare industry for improved health data exchange. The framework primarily aims to give patients access to their electronic health data without special effort, promote API use, and help providers and payer organizations receive population level health data in accordance with Cures.

The proposed rule will also include a definition of information blocking, as well as details outlining which activities do not constitute information blocking.

The proposed rule is slated for release in September 2018.

These and future program changes help to ensure certification stays relevant in an industry subject to ever-evolving federal regulations and constant innovation.

Ultimately, health IT certification is a useful tool for promoting standardization and adherence to federal regulation. However, certification is one quality indicator of many that providers should consider when selecting reliable health IT for their organizations.



Sign up to continue reading and gain Free Access to all our resources.

Sign up for our free newsletter and join 60,000 of your peers to stay up to date with tips and advice on:

EHR Optimization
EHR Interoperability

White Papers, Webcasts, Featured Articles and Exclusive Interviews

Our privacy policy

no, thanks

Continue to site...