EHR Certification: Understanding Requirements and Process

Software vendors who fail to get ONC EHR certification pay a high price. Literally. In 2017, eClinicalWorks spent $155 million to resolve a False Claims Act lawsuit on fraudulently obtained health IT certification. And this is not the only case of million-dollar charges because of non-compliance.

That's why you must always consider ONC EHR certification requirements if you develop electronic health records systems. They specify design, performance, data exchange, privacy, and security standards. The changes are profound but absolutely doable. If you need any tech help or consulting, you can ask Binariks – an experienced healthcare cloud solutions company for help.

Below we share our expertise and explain what EHR certification involves.

EHR certification: a brief overview

EHR (also health IT) certification is a program the Office of the National Coordinator for Health Information Technology (ONC) has launched to encourage certified technology adoption among healthcare providers. Its primary goal is to improve the security of health records and the overall quality of healthcare services.

In 2011, the Centers for Medicare & Medicaid Services (CMS) contributed to key EHR certification requirements, creating the Electronic Health Record Incentive Program. This program incentivizes eligible professionals and hospitals to demonstrate a "meaningful use" of certified EHRs. It fast-tracked certified EHR adoption that reached over 95% of hospitals in 2017 .

Now, core EHR certification criteria fall into eight categories we'll discuss below. They specify how to create robust, secure, and easy-to-use EHR/EMR systems.

Check yourself: do you need an EHR certification?

EHR certification isn't mandatory. You should, however, remember that industry-level certifications like this don't aim to limit your activities or create extra trouble. Quite the opposite, they exist to guide you on how to make your product secure and effective. That's why your company is actually the first one to benefit from compliance.

Overall, you need an EHR certification in the following cases:

☑️You are a hospital getting Medicare and Medicaid incentives

To participate in governmental programs, you must follow the rules and adopt only certified EHR systems. Otherwise, you won't be eligible for incentives.

☑️You are a vendor that develops software for Medicare and Medicaid patients

Vendors must design the services with ONC EHR certification criteria in mind if software end users are Medicare and Medicaid participants.

☑️You are a vendor that cares for quality

Requirements for EHR certification help you develop software of the highest quality. Meeting them, you cover all the aspects critical for creating a decent medical solution.

☑️You are a vendor that wants to cover a broader market niche

Since almost 100% of hospitals have adopted certified healthcare software, you may lose many potential customers if you don't get certified. Certification allows you to create solutions for large providers.

Why does EHR certification matter?

Compliance with the requirements for certified EHR technology benefits every stakeholder, including software vendors, hospitals, and patients, through:

Improved quality of healthcare services

Certified electronic health records give patients more control over shared data and treatment. On the other side, healthcare teams can collaborate more efficiently and track every critical process related to a specific patient. As a result, the overall quality of healthcare services considerably improves.

Governmental support

Certification allows you to participate in the Medicare EHR Incentive Program and get up to $40,000 reimbursement for certified EHR adoption. It's a pleasant bonus from the government and a valid reason to use certified software. You can read more about the EHR Incentive Program here .

Smooth performance and data exchange between teams

EHR certification criteria make hospitals store data in a structured format. It allows healthcare providers to retrieve and exchange patient information across teams easily. It optimizes the performance of hospital team members, allowing them to communicate more efficiently.

Sign of quality

Certified software is included in the official Certified Health IT Product List . Such a mention means the solution meets the standards of the ONC Health IT Certification Program and serves as a powerful marketing boost to your product.

8 EHR certification requirements in the US

2015 Edition Health IT Certification Criteria formulates the latest EHR certification requirements. The criteria are organized into eight groups covering EHR development, design, and performance.

2015 Edition: Certification Criteria Categories

#1. Clinical processes

The first group of criteria specifies what modules and features must be available in an EHR system. The functions below are essential to cover the main clinical processes and provide clinicians with detailed patient information.

• Computerized provider order entry (CPOE). To meet the 2015 Edition Base EHR definition, you must have technology certified to perform CPOE for medications, radiology, or laboratory orders. It enables clinicians to order pharma, laboratory tests, radiology imaging electronically, minimizes human errors, brings more automation and PHI privacy.
• Demographics. Enable users to record, edit, and access patient demographic data, including race, ethnicity, language preferences, sex, sexual orientation, gender identity, and DoB.
• Drug-drug, drug-allergy interaction checks. Automatically provide real-time info on medication contraindications and interactions during ordering.
• Drug formulary and preferred drug list. Specify approved (or preferred) medications for the patient according to their health insurance and the hospital policy.
• Problem list. Indicate the current patient's health problems, chronic conditions, injuries, and other health factors.
• Medication list. Include current and previous medications of the patient.
• Medication allergy list. List all known medication allergies of the patient.
• CDS capabilities. Implement Clinical Decision Support features to help clinicians to make data-driven and accurate treatment choices.
• Family health history. Capture family health history in electronic records for better illness screening and prevention.
• Implantable device list. Specify devices used by patients with their unique identifiers.
• Smoking status. Differentiate smokers from non-smokers to enable clinicians to tailor their care plans more accurately.
• Patient-specific education resources. Include videos, articles, and other materials that help patients care about their health.
• Social, psychological, and behavioral data. Capture additional valuable details like financial resource strain, stress, education, depression, physical activity, social isolation, etc.

#2. Care coordination

The second subset of EHR certification requirements for the USA lays out the principles of patient data transmission. In particular, software providers and adopters must follow HL7 Consolidated Clinical Document Architecture (C-CDA) rules. This XML-based markup standard defines the structure of clinical documents and specifies what a patient health data form must include. Besides, an EHR system must be able to send and receive data with one of the following protocols: IHE XDR, POP3, SMTP, or IMAP4.

EHR systems that meet these tech requirements can efficiently connect multiple teams exchanging data quickly and securely.

#3. Clinical quality measurement (CQM)

You must implement clinical quality measures within the EHR system to get certified. It must automatically record, calculate, and export CQM results in the HL7 QRDA format. Such a capability is critical for two reasons. First, the CQM requirements for a certified EHR help prove meaningful use of the EHR system for CMS incentive programs. Second, they allow hospitals to evaluate the quality of care internally to optimize operations.

#4. Privacy and security

These certification requirements specify how an EHR software must regulate access to personal health information. One-factor authentication with a username, password, and specific permission level is a fundamental demand to get certified. Apart from that, EHR must:

• Record actions related to health information by default and prevent users from deleting or changing them
• Create reports of events captured in audit trails and logs
• Enable patients to request corrections and updates to their PHI
• Implement automatic access time-out
• Encrypt electronic health information on end-user devices
• Establish a trusted connection and inform users about it with a lock (or alternative) symbol
• Record disclosures necessary for treatment, payment, or other care operations
• Ensure data integrity

#5. Patient engagement

Patients must be able to access their health information and transmit it to a third party when necessary. The preferred format for data transmission is HL7 C-CDA. Besides, you must ensure data encryption and enable medical teams to use patient-generated health data (PGHD) for decision-making. This way, patients will be more engaged in their treatment, improving its outcome.

#6. Public health

Aggregated healthcare data is precious for research. Therefore, certified EHR systems must perform public health data exchange and submit information to at least two of the following official registries:

• Immunization Registries
• Syndromic Surveillance Systems
• Cancer Registries
• Reportable Laboratory Tests and Values/Results
• Public Health Agencies on Electronic Case Reporting
• Antimicrobial Use and Resistance Reporting
• Health Care Surveys

#7. Design and performance

Medical teams participating in some CMS payment programs must submit frequency reports to CMS with percentage-based measures. That's why an electronic health record system must enable users to track performance in detail.

You will need to create an EHR that can automatically generate reports with numerator and measure calculation; ensure a smooth exchange of care and referral summaries with external organizations; and comply with accessibility-centered design to get certified.

#8. Electronic exchange

The last requirement is using the Direct Project standard for electronically exchanging health information. This project sets a simple and standard-based way to send health data directly to trusted recipients over the web. To meet this criterion, you must collaborate with a Health Information Service Provider (HISP) and follow standard messaging formats, protocols, and data processing requirements.

EHR certification process [step-by-step]

ONC delegates the review of applications to third-party laboratories and certification bodies. They check the software to validate its compliance with the requirements or reject the certification. Thus, you will need to reach ONC-Authorized Testing Laboratory (ONC ATL) for EHR testing to get certified. Here're the steps to take:

1. Request testing from ONC-Authorized Testing Laboratories

So far, ONC has authorized five laboratories to test Health IT Modules. You can contact any of them to clarify testing details and get some guidance. Besides, there are usually lots of materials on the labs' websites. Once you double-check the core EHR certification criteria, review your system to ensure it meets them.

2. Submit the necessary materials

Provide the necessary materials to the chosen ONC ATL, including a vendor certification information form, information on every requirement, self-attestation forms, and other requested details.

3. Wait for the result

The ONC ATL will assign a pass or fail for each requirement. You may be allowed to request a retest of a specific problem.

If you comply with all the criteria, the ATL will send the result to an Authorized Certification Body (ACB). The ACB makes the final decision and publishes certified EHR on the ONC website.

Note that you must re-apply for the certification each time after rolling out a new version of an EHR. That's why compliance with EHR ONC certification is an ongoing process you must manage as long as you use electronic health records.

The role of software developers in the certification process

The certification process involves many specialists at different stages. Yet software developers initially play the most critical role in achieving compliance.

You will need to hire an experienced team of engineers who have previously built compliant EHRs. They know how to meet the tech ONC requirements and build reliable systems. Since finding healthcare software engineers locally may be challenging, consider outsourcing the tech tasks to a remote development team. It's more efficient and affordable since you don't waste time assembling a team and can start the work in weeks instead of months.

How Binariks can help with EHR certification

Binariks is a software development company specializing in health information technology. We can create a compliant EHR from scratch or assist you with certification through:

• Making your existing software more secure
• Legacy software migration to the cloud
• Enabling interoperability for smooth data exchange
• Updating your current systems to follow the data standards required for EHR certification
• Revamping the existing architecture
• Sharing our expertise at any stage of EHR adoption and certification

We assemble a dedicated team of software engineers for every customer to match their business needs. Check out our completed projects here .

Final thoughts

Even though EHR certification isn't always mandatory, you can considerably benefit from it. Compliance allows software vendors to build a robust EHR while hospitals and patients enjoy enhanced healthcare services.

We know meeting EHR certification requirements is burdensome. That's why Binariks is always ready to support you. Contact us to talk about your project.We know meeting EHR certification requirements is burdensome. That's why Binariks is always ready to support you. Contact us to talk about your project.