EHR Certification: An Ongoing Process for ONC’s Office of Certification

Carol Bean and Asara Clark | April 25, 2013

Part of ONC’s mission is to certify that electronic health record (EHR) products meet the standards and capabilities we have created. It’s a big job, and we take it seriously.

Providers should be confident that when they buy and use a certified EHR, their product satisfies our requirements. That’s why we review any complaints we receive about these products and make sure they are addressed, even to the point of revoking certification when necessary. In fact, we recently revoked the certification of two such products.

Have a Question about EHR Certification?

Health IT stakeholders can submit questions to, a mailbox that we monitor daily – and we work hard to answer inquiries as quickly as possible. We coordinate our responses with our partners at the National Institute of Standards and Technology (NIST) to make sure users are able to get the most up-to-date information and help them install the Test Method Program quickly and easily.

Filing a Complaint with the Office of Certification

When ONC receives a complaint, the Office of Certification conducts an initial investigation. If the complaint is not about EHR certification, it is referred to the appropriate ONC office. If it is EHR certification-related, we will conduct a preliminary review, which may require additional clarification or details.  If we can’t resolve the issue here in ONC, the Authorized Certification Body (ACB) is contacted.

ONC Surveillance of Certified EHRs with Complaints

Depending on the nature of the complaint, surveillance activities may be triggered. At this point, the ACB will conduct the surveillance. Because surveillance activities currently vary across the different ACBs, ONC is developing guidance on surveillance of certified EHRs to provide more consistency, as well as provide guidance to the ACBs on surveillance. We expect the guidance will be issued later this year.

Before being accredited by the American National Standards Institute (ANSI) and the ONC-Approved Accreditor (ONC-AA), each ACB applicant must submit a surveillance plan.  The complaints and surveillance guidance will also include information about different types of surveillance; “proactive” and “reactive.”

  • Proactive surveillance includes reviews and monitoring to confirm that the product(s) in question meets the same functionalities as the product that was originally tested and certified; and that an EHR vendor is appropriately representing themselves and their product.  Proactive surveillance may include:
    • random audits,
    • assessments of newly certified products, and
    • review of marketing and other materials available to the public, including press releases and website content.
  • Reactive surveillance is triggered by an incident that warrants an unscheduled assessment of a product’s certification.  This could be triggered by a user complaint or if questions arise about whether an EHR vendor is misrepresenting a product’s capabilities to the public, for example.  Reactive surveillance actions may vary and we handle these on a case by case basis.  Our upcoming guidance will provide guidelines on timeframes, reports, and records for the specific incident.

The Office of Certification Provides Ongoing Monitoring of Certified EHRs

We want to be clear, the Office of Certification’s role doesn’t stop after EHR certification. We are also going to monitor certified EHRs to determine whether they continue to meet our requirements. The doctors, hospitals and other providers that are adopting – and have already adopted – EHRs deserve this and should feel confident that the tools they are using are up to the job of helping their patients get the best care possible.

If they don’t, we want to hear about it.

More resources on EHR certification can be found in the ONC HIT Certification Program FAQs.

Please leave a comment or question below.