ONC Certification
This section is under construction. Certification is in progress and not yet complete.
The following materials are related to ONC Certification.
Mandatory Disclosures
Item | Description |
---|---|
Developer Organization Name | Orangebot, Inc. DBA Medplum |
Date the product was certified | |
Product Name and Version | Medplum, 2 |
Unique Certification Number | |
Certification Criteria | Criteria link |
Pricing | Offering Grid |
Registration Process | Instructions |
This Health IT Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
Materials and Usage
Resource Name | Description | Access |
---|---|---|
Checklist | Checklist for certification | Request Access |
Decision Guide | Decision framework for which certification to pursue | Request Access |
Certified Product List (CHPL) | Search tool for certified products | HealthIT.gov |
ONC 2015E Cures Base EHR | Requirements for a basic EHR per Cures Act | HealthIT.gov |
CMS-specific CEHRT | Certification for CMS reimbursement | CMS.gov |
Reference Implementation | Sample EHR code | Github |
Account Setup | Example account setup bot | Github |
CMS Queries | CMS reportable metrics | Request Access |
EHR Definition | Description of what defines an EHR | ecfr.gov |
Criteria Certified
This is the list of criteria that are already complete or are in active development. Related to this criteria these scripts are for the Medplum team only.
Criteria | Description |
---|---|
d1 | Authentication, Access Control, Authorization |
d9 | Trusted connection |
d10 | Auditing actions on Health Information |
d12 | Encrypt Authentication Credentials |
d13 | Multi-factor Authentication |
g4 | Quality Management System |
g5 | Accessibility-Centered Design |
g10 | Standardized API for Patient and Population Services |
The following criteria are required for CHPL listing: d12, d13, g4, g5.
Criteria Extended List
This is the list of criteria extended criteria that will follow the above.
Criteria | Description |
---|---|
a1 | Computerized Provider Order Entry (CPOE) - Medication |
a2 | CPOE - Laboratory Orders |
a3 | Computerized Provider Order Entry (CPOE) – Diagnostic Imaging |
a9 | Clinical Decision Support |
a14 | Implantable device list |
b1 | Transition of Care |
c1 | Clinical Quality Measures - record and export |
g7 | Application Access Patient Selection |
g9 | Application Access All Data Request |
h1 | Direct Project, Edge Protocol and XDR/XDM |
Self-Attested Criteria
CPOE Medication (a1)
- Medplum App CPOE Medication
- Medplum App Medication Requests
- HealthIT.gov Reference Material
- Requires a Safety Enhanced Design Report
CPOE Laboratory (a2)
- Medplum App CPOE Lab
- Medplum App Service Requests
- HealthIT.gov Reference Material
- Requires a Safety Enhanced Design Report
CPOE Imaging (a3)
Drug-drug, Drug-allergy Interaction Checks (a4)
- Not included in ONC 2015E Cures Base EHR
- Requires a Safety Enhanced Design Report
Demographics (a5)
Clinical Decision Support (a9)
- HealthIT.gov Reference Material
- Medplum App Medical Conditions
- Medplum App Allergies
- Medplum App Medication
- Account Setup Bot shows a sample implementation on how CDS can be integrated.
- Requires a Safety Enhanced Design Report
Drug-Formulary Checks (a10)
- Not included in ONC 2015E Cures Base EHR
Family Health History (a12)
Patient-specific Education Resources (a13)
- Not included in ONC 2015E Cures Base EHR
Implantable Device List (a14)
Social, Psychological, and Behavioral Data (a15)
- Not included in ONC 2015E Cures Base EHR
- Implementation via Medplum Questionnaires (tutorial here)
EHI Export (b10)
- Not included in ONC 2015E Cures Base EHR
Authentication, Access Control, Authorization (d1)
Medplum attests to this criteria. Links provided below.
- The ability to authenticate the user (authentication)
- Ability to establish permitted user access (authorization)
- Related Materials: Overview
- Related Materials: Access Policies
- Related Materials: Inviting a user
Auditable Events and Tamper Resistant (d2)
Medplum attests to this criteria. Links and description provided below.
- Demonstrates synchronization to a configured NTP server through use of Amazon Time Sync Service.
- Audit log records actions related to electronic health information, audit log status, and encryption status.
- Audit log records the audit log status and/or the encryption status.
- Audit logging is based off of AuditEvent FHIR resources which are written to AWS CloudWatch, write to which is limited to the Medplum team only and to which access and edits are logged.
- Audit Log Link on Medplum app
- Related Material: Amazon Time Sync Service
- Related Material: Audit Log Commits and Issues on Github
- Logging - TODO: Tutorial
Audit Report(s) (d3)
- Not included in ONC 2015E Cures Base EHR
Amendments (d4)
- Not included in ONC 2015E Cures Base EHR
Automatic Access Time-Out (d5)
- Not included in ONC 2015E Cures Base EHR
Emergency Access (d6)
- Not included in ONC 2015E Cures Base EHR
End-user Device Encryption (d7)
- Not included in ONC 2015E Cures Base EHR
- Medplum Security
Integrity (d8)
- Not included in ONC 2015E Cures Base EHR
- Implemented by Medplum
Trusted connection (d9)
- Not included in ONC 2015E Cures Base EHR
Auditing actions on health information (d10)
Medplum attests to this criteria. Links and description provided below.
- Medplum does not support disabling audit logging for end users.
- Medplum uses Cloudwatch logging, and only Medplum team members have access to the environment which contains the logs.
- HealthIT.gov Reference Material
- Related Material: Audit Log Commits and Issues on Github
Accounting of Disclosures (d11)
- Not included in ONC 2015E Cures Base EHR
Encrypt Authentication Credentials (d12)
- Medplum attests to this criteria.
- HealthIT.gov Reference Material
Multi-factor Authentication (d13)
Medplum attests to this criteria. Links and description provided below.
- Medplum supports multi-factor authentication through Google single sign on, which you can see on the signin page
- HealthIT.gov Reference Material
Secure Messaging (e2)
- Not included in ONC 2015E Cures Base EHR
- Medplum App Create Communication
Patient Health Information Capture (e3)
- HealthIT.gov Reference Material
- Patient Health Information Questionnaire Example AHCHRSN Screening
- Design a new Questionnaire
Transmit to Public Health Agencies – case reporting (f5)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Safety-enhanced Design (g3)
- Not included in ONC 2015E Cures Base EHR
Quality Management System (g4)
Medplum attests to this criteria. Medplum practices Agile development.
- Medplum maps Agile development to ISO 9001
- Guidance on HealthIT.gov
Accessibility-Centered Design (g5)
With regard to application development, no accessibility-centered design standard or law was applied.
Application Access – Patient Selection (g7)
Live Tested Criteria
As it relates to Live Testing, these are the resources for Medplum team only.
Transition of Care (b1)
- HealthIT.gov Reference Material
- TODO: CCD-A Import and Export
Clinical Information Reconciliation and Incorporation (b2)
- Not included in ONC 2015E Cures Base EHR
Electronic Prescribing (b3)
- Not included in ONC 2015E Cures Base EHR
Care Plan (b9)
Clinical Quality Measures – record and export (c1)
Technical outcome – The health IT must be able to record all data necessary to calculate CQMs presented for certification.
Clinical Quality Measures – import and calculate (c2)
Clinical Quality Measures - report (c3)
Clinical Quality Measures – filter (c4)
- Not included in ONC 2015E Cures Base EHR
View, Download, Transmit to 3rd Party (e1)
This relates to the parsing and handling of CCD-A.
- HealthIT CCD-A Validation Tool
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Immunization Registries (f1)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Public Health Agencies – syndromic surveillance (f2)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Public Health Agencies – reportable laboratory tests (f3)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Cancer Registries (f4)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Public Health Agencies – antimicrobial use and resistance reporting (f6)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Transmit to Public Health Agencies – health care surveys (f7)
- Not included in ONC 2015E Cures Base EHR
- Implement using Medplum Bots (tutorials)
Automated Numerator / Measure Calculation (g1-g2)
- HealthIT.gov Reference Material
- TODO: Need tutorial on constructing queries on Medplum
Consolidated CDA Creation Performance (g6)
- TODO: Need tutorial on creating and importing a CCDA document
Application Access – Data Category Request (g8)
Application Access – All Data Request (g9)
Standardized API for Patient and Population Services (Cures Update) (g10)
- Tested via Inferno
- Detailed guide and requirements
Direct Project
- HealthIT.gov Reference Material
- TODO: Direct message tutorial
Direct Project, Edge Protocol, and XDR/XDM (h1)
- HealthIT.gov Reference Material
- TODO: Direct message tutorial