Skip to main content

Understanding EHR certification criteria


In your independent practice, you and your clinical team use electronic health records (EHRs) on a daily basis to maintain patient data, to communicate with patients, and coordinate patient care. What does it mean to have a certified EHR? Understanding the EHR certification criteria could mean the difference in your practice’s long-term success.

The Office of the National Coordinator (ONC) for Health IT has established a certification program composed of functional requirements known as certification criteria. EHR developers are able to certify their modules by demonstrating conformance to these criteria, using procedures approved by the National Coordinator. ONC also provides clarifications to the certification criteria in Certification Companion Guides that are designed to assist with product development.

EHR certification is determined by the guidelines established in the 2015 Edition Health IT Certification Criteria, which was recently updated to become the 2015 Edition Cures Update. There are 60 criteria, organized into 8 categories:

Certification supports engagement in clinical practice improvement and care coordination. It is also a requirement for participation in many value-based programs offered by the Centers for Medicare & Medicaid Services (CMS). Certification criteria emphasize the need for interoperability, which is an essential function for various systems to communicate with each other regarding a patient’s care.

Elation offers you a clinical-first experience with a HIPAA-compliant, ONC-certified EHR solution for your new independent practice.

Understanding EHR certification criteria also enables you and your independent practice to have access to the tools you need for clinical processes and quality improvement. The criteria ensure that your EHR meets recognized standards and functionality.

Interoperability, security, and patient access are critical pieces of the criteria, made evident in the changes from the 2015 Edition Health IT Certification Criteria to the 2015 Edition Cures Update, which resulted from the ONC’s 21st Century Cures Act Final Rule.

These updates include the:

  • Introduction of new technical certification criteria to advance interoperability and make it easier for patients to access their own electronic health information on their smartphones.
  • Addition of new privacy and security certification criteria.
  • Revision of the standards referenced by several existing 2015 Edition certification criteria, including United States Core Data for Interoperability updates.
  • Removal and time-limiting of several 2015 Edition certification criteria.

CMS outlines the benefits of Certified Electronic Health Record Technology (CEHRT) as being critical to:

  • Improving interoperability by adopting new and updated vocabulary and content standards for the structured capture and exchange of health information, including a Common Clinical Data Set (CCDS) composed primarily of data expressed using adopted standards; and rigorously tested and identified content exchange standards (Consolidated Clinical Document Architecture).
  • Supporting patient care by ensuring that health care data is consistently available to the right person, at the right place, and at the right time through a standards-based electronic exchange.
  • Including “application access” certification criteria that requires health IT to demonstrate it can provide application access via an application programming interface (API).
  • Supporting patient electronic access to health information through new functionalities and a range of potential technologies including the use of APIs. These technologies allow patients greater flexibility and choice in how they access and share their health information.
  • Including a revised View, Download, and Transmit criterion that continues to support patients’ access to their health information, including via email transmission to any third party the patient chooses (including to any email address, so long as the patient is properly advised of the risks of doing so) and through a second encrypted method of transmission.