B13. How does privacy and security certification work for Health Module certification?

EHR Module(s) shall be certified to all privacy and security certification criteria adopted by the Secretary, unless the EHR Module(s) is presented for certification in one of the following manners:

  1. The EHR Modules are presented for certification as a pre-coordinated, integrated bundle of EHR Modules, which would otherwise meet the definition of and constitute a Complete EHR, and one or more of the constituent EHR Modules is demonstrably responsible for providing all of the privacy and security capabilities for the entire bundle of EHR Modules; or
  2. An EHR Module is presented for certification, and the presenter can demonstrate and provide documentation to the ONC-Authorized Certification Body (ONC-ACB) that a privacy and security certification criterion is inapplicable or that it would be technically infeasible for the EHR Module to be certified in accordance with such certification criterion.
Content last reviewed on November 17, 2017
Was this page helpful?