The Office of the National Coordinator for Health Information Technology Health IT Playbook

Section 2

Certified Health IT

In this section


How can Certified Health IT and Certified EHR Technology help my practice?

The Office of the National Coordinator for Health Information Technology (ONC) oversees the Health IT Certification Program for health IT modules — including electronic health records (EHR) and health information exchanges. The certification program sets several nationwide standards including:

Certified EHR

  • Health IT standards
  • Implementation specifications
  • Certification criteria

Certified health IT plays a vital role in establishing a nationwide, connected, and interoperable health information infrastructure. An EHR that goes through ONC’s certification program earns a Certified Health IT Module designation and appears on ONC’s Certified Health IT Product List (CHPL).

How certified health IT benefits your practice

Certain health care payment programs, including the Centers for Medicare and Medicaid Services (CMS) EHR Incentive Program, (also known as “Meaningful Use”) and the Quality Payment Program, require you to use certified health IT. CMS refers to the set of health IT that eligible providers in the incentive program must have as Certified EHR Technology (CEHRT).

Using certified health IT improves care coordination through the electronic exchange of clinical-care documents. It provides a baseline assurance that the technology will perform clinical-care and data-exchange functions in accordance with interoperability standards and user-centered design. The benefits of standard data capture and interoperable exchange of information include enhanced patient safety, usability, privacy, and security.

Examples of ONC standards include vocabulary code sets, like SNOMED-CT®, that ensure consistent clinical terminology between systems. Standards for exchanging clinical content include Consolidated Clinical Document Architecture (C-CDA — which we discussed in section 1 of the Playbook). It allows different EHR systems to electronically send and receive a patient’s clinical care summary while retaining the same meaning across systems.

To date, ONC has issued 3 editions of health IT certification criteria:

Each edition builds upon the previous version by adopting newer standards and more advanced health IT functions. The goal: continually move toward nationwide interoperability, improved clinical care, and better health information exchange.

Certified health IT can help your practice offer:

  • Electronic prescribing
  • Patient-specific education resources
  • Secure e-messaging

Certified health IT can also help your practice:

  • Check drug-drug and drug-allergy interactions
  • Document patient social, psychological, and behavioral data
  • Denote sensitive electronic patient documents
  • Document patient care-plan preferences

Many programs and organizations encourage or require the use of health IT certified under the ONC Health IT Certification Program — in addition to the CMS quality reporting programs like the EHR Incentive Programs and the Merit Based Incentive Program (MIPS). These programs and organizations include, but are not limited to:

  • Hospital Inpatient Quality Reporting
  • Department of Defense Healthcare Management System Modernization Program
  • The Joint Commission for performance measurement initiative (“ORYX vendor” — eCQM for hospitals)
  • Prospective Payment System and Consolidated Billing for Skilled Nursing Facilities
  • Chronic care management services billing in the Medicare Physician Fee Schedule
  • Mechanized Claims Processing and Information Retrieval Systems (MMIS) requires that state MMIS systems align with adopted standards and allow for interoperability with health information exchanges
  • Under the Medicare Access and Chip Reauthorization Act of 2015 (MACRA), Advanced Alternative Payment Models (APMs) must require qualifying participants to use CEHRT in order to receive the APM bonus

Certification Program Overview

Public Health IT Certification Program Overview

Describes the ONC’s certification program; includes key players, operations, and structure

Who it’s for
Providers and health IT implementers

When it’s used
To learn the basics of the ONC’s health IT certification program

Download Certification Program Overview [PDF - 924 KB]

Understanding Certified Health IT

Understanding Certified Health IT

Interactive infographic of ONC’s 2015 Edition Health IT Certification Criteria

Who it’s for
Providers and health IT developers

When it’s used
To learn about ONC’s review of health IT products and how ONC determines if products meet recognized standards and functionality

Download the 2015 Edition Understanding Certified Health IT infographic [PDF – 2.7 MB]

How do ONC and CMS work together to help your practice?

In the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law on February 17, 2009, as a part of the American Recovery and Reinvestment Act (ARRA), Congress established the EHR Incentive Program (also known as “Meaningful Use”; now known as MIPS Advancing Care Information performance category). The HITECH Act also established ONC and its Certification Program as the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.

Administered by CMS, the incentive program encourages eligible professionals, hospitals, and critical access hospitals (CAH) to adopt, implement, and use CEHRT.

How to establish eligibility

To participate in the incentive program, providers must demonstrate their “meaningful use” of CEHRT. That means meeting certain requirements — such as attesting that you record patient information electronically using ONC standards and, where applicable, that you exchange patient information through a summary of care record.

ONC and CMS established these requirements so that providers can electronically send and receive patient-care information in a consistent, usable manner. Other programs that call for using CEHRT include the Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment models (APMs).

The 2015 Edition final rule updates the ONC Health IT Certification Program to support providers across the care continuum including a wide range of health care settings in their efforts to increase care coordination, engage with patients, and improve outcomes.

Improving provider access to these technical standards will help make important patient data consistently available to the appropriate people at the right time and place.

Learn more about how certified health IT can help you with:

What certified health IT will I need in order to participate in certain CMS programs in 2017?

Providers participating in the EHR Incentive Program in 2017 must:

  • Use health IT certified to the 2014 Edition or to the 2015 Edition (or a mix of both)
  • Understand that, beginning in calendar year 2018, you must have transitioned completely to health IT certified to the 2015 Edition

Providers participating in MIPS in 2017 need to understand the following:

  • MIPS replaces the EHR Incentive (Meaningful Use) Programs for Medicare-eligible professionals
  • Medicaid-eligible professionals, hospitals, and CAHs remain in the EHR Incentive Program
  • Your EHR technology must be certified to the 2014 Edition or to the 2015 Edition (or a mix of both)
  • If you participated in the incentive program in previous years, the updated certification may let you use existing technology to report for the 2017 performance period
  • Beginning in calendar year 2018, MIPS participants’ certified health IT must adhere only to the 2015 Edition

Compare health IT certification criteria

The 2014 Edition Health IT Certification Criteria (also referred to as the “2014 Edition”) is a collection of health IT certification criteria that the Office of the National Coordinator (ONC) adopted under the its Health IT Certification Program in 2012. ONC adopted the 2015 Edition —a more recent collection of certification criteria that builds upon the 2014 Edition — in 2015. Read more about the 2015 Edition Health IT Certification Criteria.

A certification criterion defines the specific function that the health IT, including the functionalities within an electronic health record (EHR), will perform. Sometimes certification criteria require that a functionality be performed using a specific standard. For example, the 2015 Edition “problem list” certification criterion must include a functionality that lets users record, change, and access a patient’s active-problem list using a specific version of SNOMED-CT®. Learn more about SNOMED-CT.

The 2015 Edition includes most of the health IT functionalities found in the 2014 Edition, but it upgrades standards and adds new functionalities that foster innovation and open new market opportunities. It also gives providers and patients more choices for electronic health information access and exchange.

The 2015 Edition also includes new certification criteria that would let your health IT (like an electronic health record) ) take advantage of Application Programming Interfaces (APIs) (see section 2.3). APIs let providers use many existing applications (or “apps”) that can use health data within the EHR to provide innovative clinical tools or to help engage patients.

The table below outlines the key certification criteria categories in the 2014 and 2015 Editions.

Categories of health IT certification criteria

Criteria Categories 2014 Edition 2015 Edition
Clinical X X
Care coordination X X
Clinical quality measures X X
Privacy and security X X
Patient engagement X X
Public health X X
Utilization X  
Design and performance   X
Transport methods and other protocols   X

In 2017, as outlined in the Merit-Based Incentive Payment System (MIPS) proposed rule, providers participating in MIPS must report on 6 objectives under the more streamlined Advancing Care Information performance category (formerly the “Meaningful Use” of EHRs).

Providers participating in MIPS and the EHR Incentive Program, respectively, must eventually upgrade to 2015 Edition certified health IT. The 2017 performance year of the EHR Incentive Program gives providers some flexibility in that they are encouraged, but not required, to use 2015 Edition certified health IT.

Providers participating in the EHR Incentive Program have 3 options in 2017:

  • Use health IT certified to the 2014 Edition
  • Use health IT certified to the 2015 Edition
  • Use a combination of health IT certified to the 2014 and health IT certified to the 2015 Edition

Starting with the 2018 performance year, all providers will be required to use 2015 Edition certified health IT.

In the MIPS notice of proposed rulemaking for the Quality Payment Program (April 27, 2016), the Centers for Medicare and Medicaid Services (CMS) proposed the same policies to apply for participants in MIPS. Read more about the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), MIPS, and the Quality Payment Program.

Learn more about the 2014 and 2015 Editions

The following downloadable guides will help you learn more about the 2014 and 2015 Editions, which detail the ONC health IT certification criteria that providers can use in 2017.

Comparison of the 2014 Edition & 2015 Edition Certification Criteria

Comparison of the 2014 Edition & 2015 Edition Certification Criteria

Compares the 2014 and 2015 criteria in the following health IT certification categories: clinical, care coordination, clinical quality measures, privacy and security, patient engagement, public health, design and performance/utilization, transport methods, and other protocols

Who it’s for
Providers and health IT implementers

When it’s used
To learn about and understand the 2014 and 2015 Editions health IT certification criteria

Download Comparison of the 2014 Edition & 2015 Edition Certification Criteria [PDF - 512 KB]

2015 Edition Base EHR Definition

2015 Edition Base EHR Definition

The 2015 Edition Health IT Certification Criteria (2015 Edition) helps provide greater interoperability for several clinical health information purposes and enables health information exchange through new and enhanced certification criteria, standards, and implementation specifications. It also identifies the base EHR capabilities, such as medical history, clinical decision support, and physician-order entry

Who it’s for
Providers and health IT implementers

When it’s used
To plan and implement an EHR

Download 2015 Edition Base EHR Definition [PDF - 291 KB]

2014 Edition EHR Certification Criteria Required to Satisfy the Base EHR Definition

2014 Edition EHR Certification Criteria Required to Satisfy the Base EHR Definition

Lists base EHR capabilities with corresponding 2014 certification criteria

Who it’s for
Providers and health IT implementers

When it’s used
To plan and implement an EHR

Download 2014 Edition EHR Certification Criteria Required to Satisfy the Base EHR Definition [PDF - 242 KB]

Common Clinical Data Set: 2014 Edition Standard and 2015 Edition Standard

Common Clinical Data Set: 2014 Edition Standard and 2015 Edition Standard

Lists common data sets — including information like patient name, sex, date of birth — with their corresponding 2014 and 2015 standard requirements

Who it’s for
Providers and health IT implementers

When it’s used
To plan and implement an EHR

Download Common Clinical Data Set: 2014 Edition Standard and 2015 Edition Standard [PDF - 246 KB]

What is the ONC certified health IT product list?

The Certified Health IT Product List, or CHPL (pronounced “chapel”), is the authoritative and comprehensive list of health IT modules, which includes electronic health record (EHR) systems certified through the Office of the National Coordinator (ONC) Health IT Certification Program.

Health IT modules appear on CHPL after they’ve been tested and certified to the ONC Health IT Certification Program. Providers attesting that they’re using certified EHR technology (CEHRT) — for programs such as the EHR Incentive Program — can use CHPL to create a unique Centers for Medicare and Medicaid Services (CMS) EHR Certification ID to identify their certified Health IT Modules.

CHPL also lets providers look at the features in certified health IT products and make side-by-side comparisons.

What can CHPL do for you?

Updated in February 2016, CHPL provides a streamlined user interface, faster search functionality, improved product selection, refined user navigation, and the capability to compare health IT products.

CHPL also supports data accessibility of health IT certifications — in both human- and machine-readable formats. This includes publicly available data-surveillance results of certified products to ensure they continue performing as expected in real-world care settings.

Making surveillance-data results readily available offers providers another way to compare certified products and to see which ones have been surveilled and may or may not be performing as expected.

CHPL User Guide

CHPL User Guide

Download the CHPL user guide for a comprehensive listing of health information technology products — tested and certified under the ONC’s Health IT Certification Program.

Provides information on how to:

  • Create a CMS EHR Certification ID
  • Search for and compare certified health IT products
  • Identify and understand certified products listed in CHPL that do not comply with certification requirements and regulations
  • Register for a CHPL API key

Who it’s for
Providers and hospitals

When it’s used
To search for certified products

Download CHPL User Guide [PDF - 1.9 MB]

CHPL and your CMS EHR certification ID

Clinicians can use CHPL to identify the certified health IT modules they use and, if necessary, to generate the CMS EHR Certification ID required for participation in the CMS EHR Incentive Program.

During Meaningful Use attestation, eligible physicians and hospitals share their CMS EHR Certification ID with CMS. CHPL generates this number once the physician or hospital selects certified health IT products or modules that satisfy the base EHR definition.

Download the detailed instructions on how to generate a CMS EHR Certification ID [PDF - 762 KB] using the updated CHPL.

Understand the capabilities and limitations of certified health IT

A lack of reliable information about the costs, limitations, and trade-offs of competing health IT products makes it hard for health IT buyers to understand and estimate the various costs and potential implementation issues.

ONC now requires health IT developers (including EHR vendors) to comply with enhanced transparency requirements associated with their products. These new disclosures will help buyers and users better understand the capabilities and limitations of health IT products. Learn more about ONC transparency requirements.

ONC has created a transparency list (updated weekly) with hyperlinks to each developer’s mandatory disclosure statement; it also indicates each developer’s response to the transparency attestation. Learn more about the transparency attestation requirement.

Developers must also display their disclosures prominently on their websites and in their marketing materials. You’ll find more information, including developer compliance with these requirements, on ONC's Certified Health IT Product List.

Mandatory health IT developer disclosure statements

Under the ONC’s enhanced transparency requirements, health IT developers must fully disclose all known material types of costs and limitations that users could encounter when implementing or using their technology. This includes all technical and contractual restrictions.

Developers must describe this information — in detailed, plain language — on their websites and in their marketing materials. This lets providers and users identify and understand the specific limitations and types of costs that may apply.

Transparency attestation by health IT developers

Health IT developers must also submit a transparency attestation that states whether they’ll take additional, voluntary actions to promote transparency. These voluntary actions include:

  • Engaging in an open dialogue about their business practices
  • Making information available to potential customers and others in targeted, useful ways

Developers who attest their support for transparency will be expected to provide their disclosed product-and-service information to any requestor.

ONC encourages professional associations, product researchers, and other groups to take advantage of health IT developer disclosures and transparency attestations. Doing so can help you develop information and tools that providers can use to evaluate and compare health IT products more effectively.

Surveillance transparency in certified health IT

CHPL lets providers view the surveillance activities by ONC-ACBs, the results of surveillance, and corrective-action plans for health IT found to have non-conformities.

This additional transparency helps potential health IT buyers assess how products perform in real-world settings. It also alerts existing customers to potential issues — and the plans to resolve them.

When certified health IT products don’t perform as expected in real-world care settings

Three accredited certification bodies issue health IT certifications once they determine that products meet ONC Health IT Certification Program standards and certification criteria requirements. We refer to each accredited body as an ONC-Authorized Certification Body (ONC-ACB).

When an ONC-ACB determines that a health IT product doesn’t comply with its certification requirements, it deems that health IT product non-conforming. Working with their ONC-ACB, the product developer must:

  • Create an appropriate corrective-action plan
  • Fix the identified non-conformity or deficiency
  • Bring the product back into compliance

Nonconformities post on CHPL every week. Implementing their corrective action plans, developers resolve many non-conformities or deficiencies quickly, and CHPL will reflect that updated information. This includes the date and a description of how the developer resolved the problem.

If the developer can’t resolve the issue in accordance with the corrective action plan, an ONC-ACB will follow its procedures to suspend or terminate the product’s certification. Learn more about the corrective-action process.

Surveillance and the corrective-action process play a significant role in the ONC Health IT Certification Program. They provide vital transparency and accountability about certified health IT products, their capabilities, and the certification process itself.

We encourage providers to use this information to evaluate and compare products, and to monitor issues affecting their certified health IT.

How APIs can help your practice

If you’ve ever booked a flight, reserved a hotel room, or purchased a concert ticket online, you’ve used an Application Programming Interface (API). APIs have rapidly become an integral part of our personal and business worlds.

At their most basic level, APIs let one software application talk to another. When, for example, you go to an airline’s website to search for available flights, you’re using an API that IT developers built to let your web browser access the airline’s database and ticketing system.

Without that API-enabled website, you’d have to talk to a customer service rep every time you wanted to book a flight. APIs make booking travel more convenient and efficient.

When API meets EHR

Just as APIs have dramatically changed travel planning, an API-enabled electronic health record (EHR) can revolutionize the health care system and benefit both patients and providers; health-IT developers can use APIs to build apps and other innovative software products.

These apps will integrate information from multiple EHRs and precisely target clinicians’ needs — well beyond what’s currently available. Providers will have new and powerful apps that help them take care of their patients even more effectively.

Future health care payment programs — including alternative payment models — will depend on exchanging, aggregating, and analyzing health information. APIs will help providers exchange health information with other providers efficiently, and integrate the information from multiple sources in a scalable way. API-based tools will also play an important role in a provider’s ability to participate in health care payment programs.

Recognizing the growing importance of APIs, the Office of the National Coordinator (ONC) 2015 Edition of health IT certification includes several new API-based certification criteria. These will help providers access and exchange the health information in EHRs more easily.

The APIs will let providers access their patient’s health information individually — and as a summary of care document that they can exchange with other providers.

See the 2015 Edition Final Rule resource link below for additional information about API requirements and other criteria focused on expanding electronic health information access and exchange in the ONC 2015 Edition certification.

What’s a FHIR-based API?

Several leading EHR vendor organizations have jointly developed an API standard to help health IT developers build software products that integrate information from multiple EHR systems. It’s called Fast Healthcare Interoperability Resources or FHIR (pronounced “fire”), and buildingFHIR-based APIs helps provide better access to health information.

EHR technologies that support FHIR-based APIs can tap into the growing market of apps more readily than traditional health IT systems. ONC actively encourages the development of FHIR-based APIs.

2015 Edition Final Rule: Expanding Electronic Health Information Access and Exchange

2015 Edition Final Rule

Modifications to the ONC Certification Program to support other types of health IT, such as long-term post-acute care (LTPAC), behavioral health, and pediatrics

Who it’s for
Providers and health IT implementers

When it’s used
To support expanding health information exchange to other care settings

Download 2015 Edition Final Rule: Expanding Electronic Health Information Access and Exchange [PDF - 572 KB]

Help us stop information blocking

Help the Department of Health and Human Services (HHS) identify and stop instances of information blocking. Report complaints via email at, or fill out our online Health IT Complaint Form.

What is information blocking?

Information blocking (or data blocking) occurs when individuals or entities — such as health care providers or IT vendors — knowingly and unreasonably interfere with the exchange or use of electronic health information.

Information blocking is a serious problem, because it prevents timely access to information required to manage patients’ health conditions and to coordinate their care. It also prevents the appropriate people from using the information to improve health, to make care more affordable, and to research new treatments and cures.

Learn more: download and read the Office of the National Coordinator’s (ONC) Report on Health Information Blocking.

information blocking

How to identify information blocking

Information blocking happens when overt actions or policies prevent electronic health information from being shared or used appropriately for authorized purposes.

But it can also occur in more subtle ways, such as through contract terms, organizational policies, or technical limitations that make sharing and using information unnecessarily expensive or burdensome.

Not all actions that impede the exchange or use of electronic health information constitute information blocking; sometimes blocking may be necessary to protect patient safety, privacy, or other compelling interests.

Issues that may raise concerns about information blocking include:

  • Fees that make exchanging electronic health information cost prohibitive
  • Policies or contracts that prevent or limit sharing information with patients or their health care providers
  • Inappropriately citing the HIPAA Privacy Rule as a reason not to share information
  • Health care providers or IT vendors that limit or discourage sharing information with other providers and IT systems
  • Designing or implementing technology in non-standard ways that make it harder to exchange and use information with IT systems, services, or applications that follow nationally recognized standards
  • Locking patients or health care providers into a particular technology or health care network because they lack portable electronic health information


Depending on the nature of your complaint, we may contact you for additional information and, in some instances, we may share the information you provide with other appropriate federal and state government agencies, officials, and authorities.

Please understand that, while we will endeavor to keep the information you share with us confidential, federal or state laws may require us to disclose certain information in some circumstances.

While legal and administrative constraints prevent us from responding to every complaint, we carefully review and share all information with appropriate officials. We appreciate your feedback, as it helps us to improve our awareness and ability to address health IT-related issues and challenges.

How to address EHR complaints and issues

When providers have complaints about certified health IT products, the Office of the National Coordinator (ONC) recommends taking the following steps:

  1. Contact your health IT developer or electronic health record (EHR) vendor to resolve the issue
  2. If the issue remains unresolved, contact the ONC-Authorized Certification Body (ONC-ACB) — search the product name in the Certified Health IT Product List (CHPL) to find the issuing ONC-ACB
  3. Report any unresolved concerns about product performance or product certification using the ONC health IT complaint form

Provider Complaint Process

Step 1 Contact Developer
Work with developer to resolve issue.
If issue remains unresolved and is related to a certified capability go to step 2 - contact ONC-ACB.
Step 2 Contact ONC-ACB ONC-Authorized Certification Body
The ONC-ACB will check to see if the reported issue is applicable to one or more fertified capabilities.
The ONC-ACB will work with the complainant and developer to get more information. It may also perform surveillance to determine if non-conformities exist.
If non-conformities are found, the ONC-ACB will report findings on the CHPL and will require the developer to implement a corrective action plan. If this does not resolve your issue go to step 3 – Contact ONC.
Step 3 Contact ONC
ONC will check to see if product in question is certified. If it is, we will refer the matter to the appropriate ONC-ACB at Step 2.
If developer is unresponsive, contact ONC-ACB
If ONC-ACB is unresponsive, contact ONC
Centralized Complaints System


Section 2 Recap

Take steps towards improving your practice with certified health IT.

  • Learn about certification criteria
  • Review certified health IT products
  • Use APIs to ease information exchange
  • Understand information blocking
  • Report EHR issues

Join the conversation.

Do you have a tip or suggestion for using certified health IT that's worked well in your practice? Share it here!

Content last updated on: February 28, 2018