What EHR Systems Can Obtain ONC Health IT Certification?

In the early 2000s, the US government recognized the huge potential of electronic health record (EHR) systems for improving medical workflows and ensuring that patient information is available for clinicians. The promise that EHR systems would lead to better treatment convinced US lawmakers that they needed to achieve widespread adoption of EHR systems at the national level. 

Achieving quick EHR adoption

In 2004, the US government created the Office of the National Coordinator (ONC) of Health Information Technology, an entity responsible for managing work on a national certification program for EHR software. 

In 2009, Congress passed the HITECH Act. According to its tough terms, if Medicare eligible professionals didn’t adopt EHR technology, their Medicare physician fee schedule amount for covered professional services would go down by one percentage point each year beginning in 2015.

As a result of this act, 94 percent of US hospitals were using an EHR system in 2017. The diagram below shows the effectiveness of the HITECH Act in promoting EHR adoption. It’s the reason why this technology became well-established in the United States.

role of the hitech act in accelerating ehr adoption

Not just adoption but meaningful use

The aim of the HITECH Act was not just adoption but “meaningful use” of EHRs, which requires ensuring crucial improvements in care. To support the meaningful use of EHRs, the Centers for Medicare and Medicaid Services (CMS) allocated federal funds and established payment programs to reward clinicians for meaningful use through the Medicare and Medicaid Promoting Interoperability (PI) Programs.

According to cms.gov, from 2011 to 2018: 

  • over 546,644 clinicians received payments for taking part in the Medicare and Medicaid programs
  • over $24.8 billion in Medicare PI Program payments were made
  • over $6 billion in Medicaid PI Program payments were made.

Currently, all clinicians participating in the Medicare and Medicaid Promoting Interoperability Programs are now required to report on the Quality Payment Program requirements we’ll talk about later.

In 2010, the ONC established a Health IT Certification Program. What is certified Health IT? What Is EHR certification? Let’s find out the answers.

EHRs and health IT modules (EHR-integrated solutions or units that together constitute a health IT system) that have passed this certification are included in the Certified Health IT Product List (CHPL). 

To take part in the Medicaid and Medicare PI programs, clinicians have to use Certified Health IT solutions. The CHPL contains all certified health information technology products. To become certified and get on the list, software has to be successfully tested by the ONC Health IT Certification Program. Thereby, Health IT Certification is somewhat of a quality indicator for EHR software.

Through the Health IT Certification Program:

  • the government creates a favorable environment for improving the quality of care, which benefits patients
  • healthcare IT developers can prove their software’s relevance and expand its use (the certification program requires the use of certified software under different federal, state, and private programs)
  • healthcare providers can facilitate their processes, increase their reputations, and participate in payment programs (or at least avoid penalties for not participating; we’ll talk about them later).

Having recognized the benefits of the certification program, we’ll discuss its structure, criteria for obtaining certification, and the certification process. 

ONC Health IT Certification Program in a nutshell

What do you need to know about the Health IT Certification Program? It’s based on a third-party conformity assessment scheme and has the following structure. 

Certification program participants

The ONC doesn’t directly conduct conformance testing or offer certification. Rather, this organization cooperates with third parties that it assesses, approves, and authorizes to do this work on its behalf. 

These are the participants in the certification process:

National Institute of Standards and Technology (NIST). As the HITECH Act requires, NIST and the ONC together create requirements, cases, and tools related to software testing.

National Voluntary Laboratory Accreditation Program (NVLAP). According to the certification program requirements, only test results from an NVLAP-accredited testing laboratory may be used for a certification determination by an ONC-Authorized Certification Body.

ONC-Authorized Testing Laboratory (ONC-ATL). An NVLAP-accredited ONC-ATL conducts health IT testing to identify compliance with ONC standards and certification criteria based on the ONC-approved test method.

ONC-Approved Accreditor (ONC-AA). The ONC approves an entity for a three-year term to accredit and oversee ONC-ACBs according to the program requirements.

ONC-Authorized Certification Body (ONC-ACB). This entity certifies health IT products according to test results delivered by ONC-ATLs. The ONC-ACB also adds results to the CHPL and is in charge of monitoring certified software.

Health IT developer. These participants develop software and offer it to be tested and certified in accordance with the program. 

onc hit certification program structure

Certification criteria your EHR software has to meet

Let’s talk about how to get EHR certification. The ONC has issued three editions of certification criteria. The latest 2015 Edition Health IT Certification Criteria has integrated previous rules and is based on improved criteria, standards, and implementation requirements. All eligible hospitals under the Medicare and Medicaid Promoting Interoperability Programs must follow the 2015 Edition.

The certification criteria is divided into eight categories.  

15 edition certification criteria

1. Clinical processes

EHR software has to provide electronic clinical processes for e-prescriptions, digital laboratory reports, electronic care summaries such as after-visit reports, and improved Health Information Exchange (HIE).

2. Care coordination

As a rule, each member of a healthcare team has particular, limited interactions with a patient depending on their expertise. As a result, the team's perspective on the patient’s state might become fragmented into disconnected facts and symptoms. EHR software has to provide a holistic view of a patient’s health.

This might be achieved by integrating and organizing protected health information and improving its sharing between all authorized providers engaged in a patient’s treatment. For instance, EHR alerts can notify providers on updates related to a particular patient, enabling them to see the whole picture of the patient’s state of health and what medical procedures the patient has undergone.

3. Electronic clinical quality measures

EHRs have to provide electronic clinical quality measures (eCQMs). These are tools that help to estimate and monitor the quality of a healthcare provider’s services. eCQMs should cover the following aspects of patient care:

  • Patient and family engagement
  • Patient safety
  • Care coordination
  • Population / public health
  • Efficient use of healthcare resources
  • Clinical processes / effectiveness

To date, the ONC has approved a testing method offered by the National Committee for Quality Assurance (NCQA) for eCQMs as an alternative to the ONC-provided method.

4. Privacy and security 

The ONC, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and other HHS agencies have developed a number of resources helping to ensure your EHR software meets the privacy and security requirements. They include tools, guides, and documents to help you ensure HIPAA compliance and meet other federal regulatory requirements.

Read also: HIPAA and Other Musts for Healthcare Software

5. Patient engagement 

According to patient engagement criteria, patients have to be able to proactively participate in their own treatment. This facilitates better health outcomes and results in better care. The ONC Patient Engagement Playbook provides tips and best practices for patient engagement that the ONC has received from healthcare providers.

6. Public health

The public health criteria in the 2015 Edition require healthcare providers to take preventive measures, diagnose, and treat a whole population rather than one individual at a time. To meet these criteria, EHR software has to use the electronic clinical quality measures we described above.

7. Health IT design and performance

Design and performance criteria for an EHR system include: 

  • Automated numerator recording and automated measurement calculations
  • Safety enhanced design
  • Quality management system
  • Accessible design
  • Consolidated Clinical Document Architecture creation performance
  • Application access

8. Electronic exchange 

This category refers to healthcare interoperability. It covers data access, data sharing, and cooperative use of data in a coordinated manner. You can meet electronic exchange criteria by using data exchange architectures, application interfaces (APIs), and specific standards like HL7.

For details on what functionality an EHR has to have to meet clinical process, privacy and security, patient engagement, and interoperability criteria for certified EHR software, check out our article on how to develop an EHR system. 

To help eHealth developers pass the ONC Health IT Certification, the ONC and HHS recently developed seven conditions for Electronic Health Record certification and maintenance certification requirements.

Read also: How We Built an Enterprise Healthcare System to Digitize Processes for Clinicians and Patients

Conditions of EHR certification established by the 21st Century Cures Act Final Rule

Published on May 1, 2020, and effective June 30, 2020, the final rule by the Office of the National Coordinator for Health Information Technology (ONC) implementing parts of the 21st Century Cures Act provides the following seven conditions of certification:

21st century cures act conditions

1. Information blocking

The information blocking condition bans all health IT developers from obtaining certification who intentionally withhold patient health information either between providers or between a provider and a patient. But what is the definition of “intentional”?  In the finalized rule, the ONC highlights eight exceptions that are not considered information blocking. Check them out in the image below.

exceptions to the information blocking

2. Assurances

This condition requires a developer to prove that their software doesn’t block the appropriate exchange, access, and use of electronic health information (EHI). To fulfill this condition, developers have to provide technology certified according to the EHI export certification criterion if their product stores EHI.

3. Communications

Developers can’t prohibit or restrict communications related to such aspects of software performance as:

  • Usability
  • Interoperability
  • Security
  • User experience
  • Developers’ business practices regarding the exchange of EHI
  • The way a user has used the healthcare software 

4. Application Programming Interfaces (APIs)

The final rule also expects healthcare providers and device developers to support the use of third-party apps and APIs. The ONC also requires that API use FHIR Release 4. This is the latest version of the FHIR Standard. 

Read also: How the Healthcare Industry Can Benefit from Medical APIs

5. Real-world testing

Developers must successfully test their software in the real world to check for interoperability in the types of settings where their software will be marketed. Developers have to annually submit real-world testing plans to the ONC-ACB so these plans will be available on the CHPL. The next step is to annually submit real-world testing results that are also added to the CHPL.

6. Attestations

This condition obliges developers to attest that they meet all the Conditions and Maintenance of Certification requirements. Developers have to submit their attestations every six months, and there is a 30-day window for submissions. The first window will be opened on April 1, 2021.

7. (Future) EHR reporting criteria submissions

Developers must submit reporting criteria for their certified software under the EHR Reporting Program, which is currently under development. The ONC plans to implement the related Condition and Maintenance of Certification requirements for EHR certification in future rulemaking.

Developers should keep in mind that due to COVID-19, lawmakers have pushed back the ONC Health IT Certification deadline up to three months.

Now that you know the criteria and conditions of Health IT Certification, let’s touch upon the certification process itself.

Brief overview of the certification process

The 2015 Edition test method includes test procedures, test data, and associated test tools for developing new health IT modules. The certification process includes an assessment of testing artifacts to check if all requirements are met once all necessary contracts and testing materials are obtained. 

ONC-ACB specialists perform all assessment processes, which may take up to ten business days once all the needed materials and contracts are submitted. To learn more about the 2015 Edition test procedures and certification companion guides, click here.

Once the estimation process is over and if there are no problems with the submitted documentation, the software is certified and all related information is posted on the CHPL.

ONC-ACBs then perform further surveillance to check if the software they have certified keeps functioning as required. While software remains certified, healthcare providers can use it to participate in Promoting Interoperability Programs.

What Promoting Interoperability Programs are available?

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) created the Quality Payment Program (QPP) to reward eligible healthcare providers for ensuring higher-value care. Healthcare providers can participate in the QPP in one of two ways: 

  • Through the Merit-based Incentive Payment System (MIPS)
  • Through Advanced Alternative Payment Models (Advanced APMs)

While MIPS is built around meaningful use of the ONC certified EHR technology, each advanced APM has its own requirements for members to use certified EHR technology (CEHRT). Most providers initially participate in the QPP through MIPS.

mips and advanced apms

Merit-based Incentive Payment System (MIPS)

MIPS annually scores eligible Medicare Part B clinicians on a 100-point performance scale resulting in a composite performance score (CPS). The payment adjustment is based on this CPS two years prior. For instance, performance in 2020 determines Medicare Part B payments in 2022.
The MIPS score determines if a clinician’s payment adjustment will be negative, neutral, or positive based on a performance threshold (which is currently 45 points).

  • Scores under the threshold are subject to negative payment adjustments, which requires a participant to pay a penalty.
  • Scores equivalent to the threshold are subject to neutral payment adjustments, which means a participant neither pays a penalty nor receives a payment.
  • Scores above the threshold are subject to positive payment adjustments, which means a participant receives a payment. 

MIPS needs to remain budget-neutral, so negative payment adjustments serve to cover the costs of payments to clinicians whose scores are above the threshold. There’s also $500 million in funds allocated to grant extra incentives to exceptional participants who achieve 85 or more points.

There are four performance categories that make up a participant’s final score:

Quality (45 percent of the score). This category checks a provider’s quality of care based on various performance measures. Each provider has to select six of them that suit their practice best. The MIPS Measures Reference Guide from the American Academy of Family Physicians gives details on how to properly choose MIPS quality measures.

Promoting interoperability (25 percent of the score). This category measures how easily you can exchange information with other healthcare providers or patients. This might include sharing test results, visit summaries, and therapeutic plans with patients themselves and with other facilities engaged in treatment.

Improvement activities (15 percent of the score). This category checks the activities you perform to facilitate your medical processes and allow patients to participate in their own care. The available inventory of activities helps you select the most suitable to your practice from categories including improving care coordination, patient and clinician shared decision-making, and expanding practice access.

Cost (15 percent of the score). The cost of your healthcare services is calculated based on your Medicare claims. MIPS uses cost measures to identify the total cost of service during the year or during a hospital stay. 

You might also receive up to five bonus points for your patients’ complexity. CMS determines this bonus based on two indicators: 

  • the average Hierarchical Condition Category (HCC) risk score of your patients; 
  • the number of dually eligible (Medicare + Medicaid) patients treated.

The example below shows how a MIPS final score is calculated.

mips final score calculation example

Clinicians can use the updated QPP Lookup Tool to identify their initial 2020 eligibility for MIPS. All they need to do is to enter their National Provider Identifier to check if they need to take part in MIPS during the 2020 performance period. They can also use the MIPS Quick Start Guide to know the conditions for participation.

How profitable is it for a medical practice to participate in MIPS?

On January 6, 2020, CMS announced the 2020 payouts for MIPS. According to 2018 participation, the bonus for exceptional performers who achieved a perfect 100 points is 1.68 percent of Medicare reimbursement. How does that translate into money?

For example, your revenue from Medicare Part B per year is $75,000. Depending on your healthcare services, that equates to from 500 to 750 interactions with Medicare beneficiaries per year. 

The recent announcement states that receiving 100 points would equate to an extra $1,260 per year. But in case you were just an "exceptional performer," the government would allot just an extra $157, which is less than you might receive for one doctor’s appointment.

Accordingly, more and more clinicians consider MIPS a game not worth playing. But attention, please! Failing to participate in the QPP in 2020 will result in a 9 percent Medicare Part B payment penalty in 2022.

The difference between exceptional performance and compliance is about $1000. But nonparticipation will cost a practice $6,750. That’s definitely an essential monetary loss for most healthcare providers. So a medical practice should take care to at least meet the threshold to avoid the penalty. 

A post by Medscape shares useful tips on the easiest ways to avoid this penalty.

Advanced alternative payment models

The other track of the QPP is to engage in advanced Alternative Payment Models (advanced APMs). APMs enable clinicians to get a five percent bonus on their Medicare payments. To motivate clinicians to take part in these models, the MACRA implementation rules allow eligible clinicians not to participate in MIPS. 

Moreover, each APM provides specific rewards. These might be joining in shared savings earned for Medicare or accessing waivers that provide practices with additional flexibility to coordinate care and engage beneficiaries in safe and efficient manners. 

But keep in mind that organizations usually need to significantly invest in their technology, provide employees’ training, and change their processes to benefit from participating in advanced APMs. Read this post for details on Advanced Alternative Payment Models.

As you can see from our article, building EHR software systems capable of obtaining the Certification of Health IT is challenging and requires a complex approach. So make sure your software development partner provides related consulting, is experienced in creating mature healthcare products, and is informed in all the technical and compliance peculiarities of Health IT Certification.  

4.4/ 5.0
Article rating
Remember those Facebook reactions? Well, we aren't Facebook but we love reactions too. They can give us valuable insights on how to improve what we're doing. Would you tell us how you feel about this article?
Want to build software capable to be ONC-certified?

We can help you build it

Let’s talk business

We use cookies to personalize our service and to improve your experience on the website and its subdomains. We also use this information for analytics.