How does ONC Certification Help Ensure Interoperability in Healthcare Software?

May 11, 2023 1:07:00 PM


As a healthcare provider, you know that having the right tools in your toolkit can make all the difference when it comes to delivering top-notch patient care. But with technology constantly evolving, it can be tough to keep up with the latest advancements – and to make sure that the tools you're using are up to par.  

That's where health IT software development companies come in. They're racing to build products that improve patient engagement, streamline clinical workflows, and facilitate data sharing between providers and patients. But with so many options out there, it's no wonder that medical organizations are scratching their heads trying to figure out which solution is the best fit for their needs.

But, let's be real – the high price tags associated with health IT projects – some of which can run up to $100 million or more – only make the decision more daunting. With so much money on the line, HCOs need to be absolutely certain that the product they choose is secure, user-friendly, and compliant with all federal regulations.

So, how can software providers convince healthcare organizations that their product fits the bill? The solution is: through the Office of the National Coordinator Health Information Technology(ONC) Certification.

But what exactly is the ONC Certification Program, and why is it so important? In this blog post, we'll take a closer look at this program and explore how it is helping healthcare providers deliver better care and improve patient outcomes. So let’s dive into it!


How it All Started 


The ONC is a vital entity responsible for managing the national certification program for electronic health record (EHR) software in the United States. Its inception can be traced back to the early 2000s when the US government recognized the potential of EHR systems in enhancing clinical workflows and enabling healthcare providers to deliver more effective treatments.

In 2004, the ONC was created to oversee the development and adoption of EHR systems at the national level. It served as a central agency responsible for driving the advancement of health IT and promoting the widespread use of EHRs in the country.

However, the ONC's work gained significant momentum in 2009 when Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act was a game-changer for the healthcare industry, providing significant funding to support the adoption of EHRs across the country.

EHR adoption

Image source: ONC Health IT

Thanks to the HITECH Act, EHR adoption rates in the US skyrocketed, with 94%  of hospitals using EHRs by 2017. This rapid adoption was a significant factor in improving patient outcomes and increasing efficiencies across the healthcare system.

What is ONC?


The ONC is a government agency tasked with driving the adoption and implementation of health information technology (HIT). This includes promoting the development and use of EHRs to facilitate the sharing and analysis of patient health data.

As a key player in the healthcare industry, ONC works to establish standards and best practices for the secure and effective exchange of health information among providers, patients, and other stakeholders. Through its HIT certification program, ONC also provides third-party conformity assessments to ensure that software companies meet specific technical and functional requirements for EHRs and other health IT systems.

By facilitating interoperability and promoting the widespread use of health IT, ONC aims to improve the quality of care, increase patient safety, and reduce healthcare costs. Through collaboration with other federal agencies, private sector organizations, and healthcare providers, ONC seeks to advance the use of technology to transform the healthcare landscape and create a more connected, data-driven, and patient-centered healthcare system.

According to the ONC, over 95% of non-federal acute care hospitals have adopted certified health IT

ehr integration

Key Players in the ONC Health IT Certification Program


The ONC does not directly conduct conformity assessments or provide certification. Instead, it collaborates with third-party entities that it evaluates, approves, and delegates to perform these tasks on its behalf.

There are several key players, including:

  • National Institute of Standards and Technology (NIST): Collaborates with ONC to create requirements, cases, and tools related to software testing.

  • National Voluntary Laboratory Accreditation Program (NVLAP): Accredits and supervises testing laboratories participating in the program.

  • ONC-Authorized Testing Laboratory (ONC-ATL): Conducts health IT testing to ensure compliance with ONC standards and certification criteria.

  • ONC-Authorized Certification Body (ONC-ACB): Certifies health IT products and monitors certified software.

  • ONC-Approved Accreditor (ONC-AA): Approves an entity to accredit and oversee ONC-ACBs according to program requirements.

  • Health IT developers: Develop software and offer it to be tested and certified in accordance with the program.

What are The Key Criteria For Software Certification?


In order to receive ONC certification, software vendors must meet all the requirements set by the ONC and pass a series of tests and evaluations conducted by an accredited third-party testing organization. These requirements include specific technical standards, features, and functions that the EHR system must possess to ensure that it meets the needs of healthcare providers and patients alike. Let's take a closer look at the seven categories that make up the criteria for ONC software certification:

ONC certification criteria

1. Functional requirements for quality patient care


One of the essential criteria for ONC certification is the functionality of the software, which must include a range of features to ensure the safety and quality of care provided to patients.

a. Computerized Provider Order Entry (CPOE):

- Allows providers to enter orders for medications, laboratory tests, and diagnostic imaging tests electronically

- Improves accuracy and speed of order entry, reducing errors associated with traditional paper-based methods

b. Drug Interaction Checks:

- Flags potential adverse reactions and alerts providers to potential drug interactions

- Reduces medication errors and ensures patient safety

c. Accurate Patient Demographic Data:

- Essential for identifying patients accurately, maintaining up-to-date records, and ensuring that patients receive the correct care

- The software must capture and store this information accurately to enable care providers to make informed decisions and provide personalized care to their patients

d. Lists of Patient Problems, Medication Allergies, and Current/Previous Medications:

- Improves monitoring and visibility and enables providers to make informed decisions regarding patients' care

e. Clinical Decision Support Tools:

- Essential for ensuring that providers have the latest information and guidance to inform their decisions

- The software must include a range of decision support tools, such as drug formulary and preferred drug lists, patient-specific education sources, and tobacco-use recording, to tailor care plans and improve patient outcomes

f. Unique Device Identifiers (UDIs):

- Necessary to track the performance of patients' implantable devices

- Allows providers to monitor the performance of devices and ensure that patients receive the care they need to maintain their health

g. Social, Psychological, and Behavioral Data:

- Crucial to providing comprehensive care that addresses all aspects of a patient's health

- Enables providers to create a more complete picture of a patient's health and tailor their care plans to meet their specific needs

By incorporating these features into the software, providers can deliver high-quality, personalized care to their patients while ensuring that they meet the ONC certification criteria.

2. Electronic Clinical Quality Measures (eCQMs)


One of the critical requirements for EHR software to attain ONC certification is to provide eCQMs. These tools are designed to help healthcare providers estimate and monitor the quality of their services in real-time. An EHR software that meets this criterion is expected to cover various aspects of patient care, including patient engagement, patient safety, care coordination, public health, efficient healthcare resource utilization, and clinical effectiveness.

To obtain ONC certification, the software must be able to accurately calculate eCQM results and store, import, and export CQM data. For example, eCQMs can help providers monitor and improve vaccination rates for specific patient populations or track the number of patients who receive preventative screenings. This data can also help providers better manage their patient populations and identify patients who may be at higher risk for certain conditions, allowing for earlier interventions and improved outcomes.

Meeting this criterion helps healthcare providers to assess and improve their services and ultimately improve patient outcomes. EHRs that meet the ONC's eCQM criteria can also help identify gaps in care, detect potential safety issues, and facilitate the exchange of information between healthcare providers.

3. Connected Care Experience


The healthcare system involves a multitude of healthcare professionals, each providing a unique perspective on a patient's health. As a result, the patient's medical information may become fragmented and disconnected across multiple providers, making it difficult to get a comprehensive view of the patient's health.

The ONC certification requires the EHR software to provide a seamless and coordinated approach to patient care. This can be achieved by integrating and organizing a patient's protected health information (PHI) and facilitating its sharing between all authorized providers involved in the patient's treatment.

For instance, the EHR software should provide alerts to notify providers of any relevant updates or changes in the patient's health history or treatment plan. This enables all authorized providers to see a complete and up-to-date picture of the patient's health status and medical history, allowing for better-informed decision-making and coordinated care.

Read More: 5 Ways EHR Improves Patient Experience


4.  Protected health information


As the healthcare industry increasingly adopts electronic health records (EHRs), protecting patients' sensitive health information is more important than ever. To meet ONC certification criteria, EHR software must be designed with privacy and security in mind, ensuring that Electronic Protected Health Information (ePHI) is secured both in storage and during transmission.

To help developers meet privacy and security requirements, the ONC and the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) have developed a range of resources, including tools, guides, and documents. These resources help EHR software developers ensure HIPAA compliance and meet other federal regulatory requirements.

Therefore, when selecting an EHR software, make sure that it has the necessary security features, such as access controls, encryption, and auditing capabilities, to protect ePHI. Additionally, the software should provide robust authentication and encryption mechanisms for detecting and reporting security breaches or unauthorized access to ePHI.

5. Patient engagement


The fourth criterion for ONC certification is patient engagement, which is critical for improving health outcomes and patient care. Patient engagement means that patients are actively involved in their own treatment, which is important for better health outcomes.

To receive ONC certification, EHR developers must provide patients with secure communication channels to interact with their healthcare providers, as well as the ability to access and transmit their health data. This means patients can view, download, and transmit their health data in a secure manner, promoting transparency and collaboration with healthcare providers.

Moreover, the ONC Patient Engagement Playbook is an excellent resource for healthcare providers seeking to improve their patient engagement strategies. The playbook provides best practices, tips, and case studies to help providers engage patients more effectively.

New call-to-action

6. Population health


The population health criteria in the ONC certification requirements emphasize the importance of taking a population-based approach to healthcare delivery. Rather than just treating individual patients, healthcare providers should also focus on preventive measures, diagnosis, and treatment of the population as a whole. The software applying for ONC certification has to enable healthcare providers to transmit public health data to various registries such as diabetes, immunization, asthma, and cancer registries.

By integrating public health data into EHRs, healthcare providers can get a better understanding of the health of the population they serve. This helps in identifying trends and patterns in health outcomes, which can lead to the development of more effective public health policies and interventions.

In addition, disease surveillance and outbreak response can be facilitated by its use. Meeting the population health criteria of ONC certification helps healthcare providers in achieving meaningful use of EHRs, which is a key factor in receiving federal incentives.

 7. Interoperability


The electronic exchange criterion is crucial for achieving healthcare interoperability, which refers to the ability of different health IT systems to share and use data in a coordinated and secure manner. This criterion encompasses data access, data sharing, and cooperative use of data.

In order to meet the ONC certification requirements, EHR developers must utilize data exchange architectures, and application programming interfaces (APIs), and adhere to specific standards such as CCD, DICOM, and HL7.

This enables healthcare providers to access comprehensive and up-to-date patient information, improve care coordination, and ultimately enhance patient outcomes.

Demystifying the Major Conditions of ONC's Cures Act Final Rule


The 21st Century Cures Act Final Rule, issued by ONC, sets the conditions for health information technology (health IT) developers to obtain certification for their products. These conditions aim to improve the interoperability, usability, and security of electronic health records (EHRs) and other health IT systems. To achieve certification, health IT developers must comply with the seven conditions established by the ONC. Let's take a closer look at these conditions and their significance in the healthcare industry.

ONC's cures act final rule

  1. Information Blocking: Information blocking is the practice of intentionally interfering with the access, exchange, or use of electronic health information. The condition prohibits health IT developers, networks, exchanges, and healthcare providers from engaging in information blocking activities. The goal of this condition is to improve patient access to health information and promote the exchange of health information for care coordination and patient engagement.

  2. Bi-Directional Communication: The second condition emphasizes the importance of communication between healthcare providers and patients. It requires healthcare software systems to facilitate secure messaging between providers and patients, enabling patients to communicate directly with their doctors and other healthcare providers.

  3. Certification to Adopt and Implement APIs: This condition requires certified health IT products to support secure, standards-based APIs that enable patients to access, view, and download their health information. Additionally, healthcare providers must demonstrate that they have implemented the API in a way that enables patients to access their health information without any restrictions.

  4. Real-World Testing: Real-world testing involves evaluating the usability, safety, and effectiveness of certified health IT products in real-world clinical settings. The condition requires ONC-authorized testing laboratories to conduct real-world testing on certified health IT products to ensure they function as intended in real-world clinical settings.

  5. EHR Usability: This condition highlights the significance of ensuring that EHRs are user-friendly and easy to use. It requires healthcare software systems to meet specific usability criteria, ensuring that providers can quickly and easily access and use patient health information, improving the quality of care delivered.

  6. Assurance of Patient Privacy and Security: The final rule also requires healthcare software systems to implement strict data security measures and comply with all relevant data privacy regulations, ensuring that patients' personal health information remains confidential and secure.

  7. Health IT Developer Accountability: The last condition focuses on health IT developer accountability. It requires developers to take responsibility for the performance and security of their software systems, ensuring that they meet all relevant regulatory requirements and guidelines.


Navigating the ONC Certification Process: A Brief Overview


The certification process for Health IT is crucial in ensuring that EHRs meet the necessary standards for privacy, security, and functionality. The process involves several steps to ensure that the software modules are tested and evaluated for compliance with the 2015 Edition Health IT Certification test method.

The process begins with an assessment of testing artifacts and contracts by an ONC-Authorized Testing Laboratory. The software is then tested for functionality, interoperability, and security. Once the testing process is complete and all requirements are met, the software is certified, and all related information is posted on the Certified Health IT Product List (CHPL).

ONC structure

Image source: HealthIT

The ONC-Authorized Certification Bodies (ONC-ACBs) perform further surveillance to ensure that the certified software continues to function as required. This process helps to maintain the integrity of the certification and ensures that healthcare providers can rely on the certified software for quality patient care.

The certification process is an ongoing effort to ensure that Health IT products meet the necessary standards for patient safety and care quality. It is an essential step in the adoption of EHRs, as it provides assurance that the software meets the necessary requirements for certification under the 21st Century Cures Act Final Rule.

Some Common Mistakes to Avoid During the ONC Certification Process:


  1. Not following the requirements closely: One of the most common mistakes that organizations make during the ONC certification process is not following the requirements closely. It's essential to read and understand all the requirements and regulations thoroughly to ensure that your software meets all the criteria.

  2. Insufficient testing: Another common mistake is conducting insufficient testing. Your software should undergo rigorous testing to ensure that it meets all the requirements. You should conduct tests to check for compatibility, data exchange, and other technical requirements.

    Common mistakes during ONC certification

  3. Poor documentation: Documentation is an essential part of the certification process. Incomplete or poorly documented processes, code, or other required information can result in the rejection of your certification application. Ensure that all documentation is complete, accurate, and up to date.

  4. Not keeping up with changes: The ONC requirements change regularly, so it's important to keep up with these changes to ensure that your software meets the latest requirements. Not keeping up with the changes can result in a delay or even the rejection of your certification application.

  5. Neglecting to involve stakeholders: Failure to involve stakeholders during the certification process can lead to costly mistakes. Engage with all stakeholders, including users, developers, and regulatory bodies, to ensure that the software meets the required standards.

By avoiding these common mistakes, you can increase your chances of a successful ONC certification and ensure that your software meets the highest industry standards.

Finding the Right Software Development Partner for Health IT Certification


As the healthcare industry continues to adopt EHRs and prioritize patient data security and privacy, ONC certification becomes even more critical. Healthcare providers must choose software that has the necessary security features and meets all federal regulatory requirements.

So if you're looking for a software development partner who is experienced in creating mature healthcare products, then Daffodil can be the smart choice.

At Daffodil, we have a deep understanding of ONC Certification, EHRs, and Health IT, and our team of experts is well-equipped to guide you through the entire certification process. We have a proven track record of developing secure and compliant healthcare software solutions that meet the highest industry standards. With our extensive experience and expertise, we can help you navigate the certification process smoothly and efficiently.


Topics: Healthcare

Nikita Sachdeva

Written by Nikita Sachdeva

Nikita is a B2B research analyst who conducts market research around the most cutting-edge technological solutions such as Salesforce, Cloud, Data Enrichment, AI, etc. She is a techno-optimist who brings unique perspectives gained from her experience to the organization and aims to disseminate knowledge to others. When she's not writing, she can usually be found watching sci-fi anime or reading webtoons.