Actionable ways to meet the 2015 Edition Cures Update requirements

Laura M. Urioste | November 8, 2022

The 2015 Edition Cures Update made several changes to the ONC Health IT Certification Program (Certification Program), including new functionalities; new, removed, and revised criteria; and new requirements establishing the Conditions and Maintenance of Certification. This means that most health IT developers of certified health IT (certified health IT developers) will be required to update their certified Health IT Modules by December 31, 2022. As we approach this deadline, it is important to remember that meeting the Certification Program requirements and avoiding non-conformities is up to each certified health IT developer.

To better understand the changes to the 2015 Edition Certification Criteria, as presented in the ONC Cures Act Final Rule, please take a moment to review the 2015 Edition Cures Update Test Method. You can also find resources on the ONC Health IT Certification Program webpage, including the 2015 Edition Cures Update Reference Guide and fact sheet.


As we noted in a previous blog post, more than half of hospitals and two-thirds of clinicians use Health IT Modules offered by certified health IT developers that are certified to the FHIR-based standardized API criterion in § 170.315(g)(10). This blog post intends to highlight the options and alternatives available to certified health IT developers as they consider how to meet the API Condition and Maintenance of Certification requirements. Specifically, we describe how certified health IT developers can adhere to the requirement to update and provide their customers with certified API technology (§ 170.404(b)(3)) by the December 31, 2022 deadline.

Paths for Conformance

Certified health IT developers with API technology certified to the § 170.315(g)(8) Application Access- data category request criterion must update their product(s) to the § 170.315(g)(10) Standardized API for patient and population services criterion, and provide this new certified API technology to their customers by the end of the year. If certified health IT developers face challenges with successfully testing to § 170.315(g)(10), they should communicate with their ONC Authorized Certification Body (ONC-ACB) as soon as possible and work with them to successfully test with an ONC Authorized Testing Lab (ONC-ATL) by the deadline.

Certified health IT developers with Health IT Modules certified to § 170.315(g)(8) who do not intend to update their Health IT Modules to § 170.315(g)(10) should engage their ONC-ACB to change their product(s) listing(s) on the Certified Health IT Product List (CHPL). This will ensure that the § 170.315(g)(8) criterion is removed from their active listed certificates before or by December 31, 2022. Any actions by a certified health IT developer after December 31, 2022, to reduce the scope of an applicable Health IT Module’s certification once it is non-compliant is prohibited (§ 170.523(o)) and could result in Certification Program consequences (such as a certification ban (§170.581(a)(1)(ii)-(iv))).

In the event a certified health IT developer has not properly updated or changed its product(s) certification(s), or certified to § 170.315(g)(10) and provided its upgraded API technology to its users by the end of the year, ONC may initiate a Direct Review (§170.580(a)(2)(iii)) for non-compliance with the API Maintenance of Certification requirement. ONC may also require the developer to submit and complete a Corrective Action Plan (CAP) that meets the requirements and return to compliance with the Certification Program requirements.

The ONC Certification Program enforcement and oversight approach is established in regulation and may be helpful for certified health IT developers in understanding what will be the outcome of potential non-conformities. Please take a moment to review the Certification Program Enforcement Outcomes fact sheet.


While participation in the Certification Program is voluntary for certified health IT developers, not complying with Certification Program requirements can negatively affect the continuity of certified health IT products for customers and impact end users’ ability to meet requirements from other Department of Health and Human Services (HHS) programs that do rely on and require the use of certified EHR technology (CEHRT), such as the Promoting Interoperability (PI) and Merit-based Incentive Payment System (MIPS) programs administered by the Centers for Medicare & Medicaid Services (CMS) or participation in various Alternative Payment Models (APMs) in 2023. For example, eligible hospitals and clinicians participating in these programs need to use certified API technology and enable patients to access all the data elements included as part of the United States Core Data for Interoperability (USCDI) version 1 through (e)(1) certified Health IT Modules. Certified health IT developers who allow their products to fall out of conformity and compliance with the Certification Program put their products and their participation in the Certification Program at risk, resulting in providers being unable to meet CMS requirements.

There is still time for certified health IT developers to meet the standards-based API requirement. Resources produced by ONC are available for the public to utilize as a roadmap going forward, including the API Certification Companion Guide and the API resource guide.

We hope the health IT developer community finds this information useful as the compliance deadline is fast approaching. As always, you may contact our Certification team through the ONC Health IT Feedback and Inquiry Portal for additional information.