The Office of the National Coordinator for Health Information Technology Health IT Playbook

Section 2

Certified Health IT

What are Certified Health IT and Certified EHR Technology (CEHRT), and how can it help my practice?

The U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) is responsible for overseeing a certification program that provides for the certification and regulation of Health IT Modules, which includes technology such as Electronic Health Records (EHRs) and Health Information Exchanges (HIEs). The ONC’s certification program sets health IT standards, implementation specifications and certification criteria for these Health IT Modules nationwide. Certification of health IT can support the establishment of a connected, interoperable nationwide health information infrastructure. Once an EHR is certified by the ONC Health IT Certification Program, it is designated as a certified Health IT Module and will be listed on ONC’s Certified Health IT Product List (CHPL). Certain health care payment programs, including the CMS EHR Incentive Program (also known as the “Meaningful Use” Program), require providers to use health IT that has been certified under the ONC Health IT Certification Program to provide specific clinical care and data exchange functions. CMS refers to the set of health IT that an eligible provider in the EHR Incentive Program must have as Certified EHR Technology (CEHRT).

Certified EHR

The use of certified health IT in CMS programs and across the care delivery landscape provides a baseline level of assurance that the technology will perform clinical care and data exchange functions in accordance with interoperability-focused standards, user-centered design to enhance patient safety and usability, and privacy and security—which allows for the electronic exchange of clinical care documents for improved care coordination. For example, ONC has adopted standards that include vocabulary code sets like SNOMED-CT® that ensure continuity of clinical terminology from one system to the next. ONC has also adopted standards for exchanging clinical content, such as the Health Level 7 Consolidated Clinical Document Architecture (known to many as the C-CDA). The C-CDA is an electronic representation of a patient’s clinical care summary that can be sent and received by different EHR systems and retain the same meaning across systems. To-date, ONC has issued three “Editions”, or set of certification criteria – the 2011 Edition, the 2014 Edition, and the 2015 Edition. Each Edition has built upon the previous Edition incrementally by adopting newer standards and more advanced health IT functions to continually move toward improved clinical care, nationwide interoperability, and health information exchange.

Additional examples of what certified health IT, like EHRs, can do for your practice include:

  • Electronic Prescribing (E-Rx)
  • Drug-drug, drug allergy interaction checking
  • Patient-specific Education Resources
  • Secure e-Messaging
  • Document a patient’s social, psychological, and behavioral data
  • Denote “sensitive” electronic patient documents for privacy purposes
  • Document a patient’s care plan preferences
  • And other clinical decision support tools that assist providers in making evidence-based care decisions.

A number of programs and organizations encourage or require the use of health IT certified under the ONC Health IT Certification Program in addition to the CMS EHR Incentive Program. These programs and organizations include, but are not limited to:

  • Physician Self-Referral Law exception and Anti-kickback Statute safe harbor for certain EHR donations
  • Department of Defense Healthcare Management System Modernization Program
  • The Joint Commission for performance measurement initiative (“ORYX vendor” – eCQMs for hospitals)
  • Prospective Payment System and Consolidated Billing for Skilled Nursing Facilities for FY 2015 proposed rule (79 FR 45652)
  • For chronic care management services in CY 2016 Physician Fee Schedule final rule (80 FR 41796)
  • Mechanized Claims Processing and Information Retrieval Systems (MMIS) proposed rule (80 FR 20464) requires that state MMIS systems align with adopted standards and allow for interoperability with health information exchanges
  • Under the Medicare Access and Chip Reauthorization Act of 2015 (MACRA), Advanced Alternative Payment Models (APMs) must require their participants to use CEHRT in order for qualifying participants to receive the APM bonus

Certification Program Overview

Public Health IT Certification Program Overview

A description of ONC’s Certification Program including key players, operations and structure

Who it’s for
Providers, health IT implementers

When it’s used
To learn the basics of ONC’s Certification Program

Download Certification Program Overview [PDF - 924 KB]

How do ONC and CMS work together to help my practice?

In the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law on February 17, 2009, as a part of the American Recovery and Reinvestment Act (ARRA), Congress established the Medicare and Medicaid EHR Incentive Program (also known as the “Meaningful Use” Program) administered by CMS to encourage eligible professionals, eligible hospitals and critical access hospitals to adopt, implement and use certified EHR Technology (CEHRT). To participate in the program, providers must show that they are a “meaningful user” of certified EHR Technology by meeting certain requirements—such as attesting that they have recorded patient information electronically using standards set by ONC and, where applicable, exchanging patient information for care delivery through a summary of care record. Through these requirements, ONC and CMS have worked together to ensure that providers are not only able to send information electronically but are able to receive information from other providers in a way that is usable when received. There are other programs that call for the use of CEHRT. In the Medicare Access and Chip Reauthorization Act (MACRA), Congress called for the use of CEHRT in the Merit-based Incentive Payment System (MIPS) and for Advanced Alternative Payment models (APMs).

Additionally, the 2015 Edition final rule updates the ONC Health IT Certification Program to make it more open and accessible to other types of health IT and settings beyond those eligible for the EHR Incentive Program, including long term and post-acute care settings, behavioral health settings, private entities, and associations. These updates will improve provider access to technical standards that form an essential foundation for interoperability and help ensure that key data is consistently available to the right person, at the right place, and at the right time. Learn more about how ONC-certified health IT can help you by:

What certified health IT will I need to participate in certain CMS programs in 2017?

Providers participating in the EHR Incentive Program in 2017 may use EHR technology certified to either the 2014 Edition or the 2015 Edition (or a mix of both Editions). Participants in the EHR Incentive Program will be required to use only EHR technology certified to the 2015 Edition beginning in calendar year 2018.

In addition, under the MACRA, the meaningful use of certified EHR technology is one of four categories, known as “advancing care information” upon which a Medicare eligible clinician will be scored under the Merit-Based Incentive Payment Systems (MIPS). Under the MACRA, MIPS is intended to replace the EHR Incentive (Meaningful Use) Programs for Medicare eligible professionals while Medicaid eligible professionals, and all eligible hospitals and CAHs will continue to participate within the EHR Incentive Program. In an April 27, 2016 notice of proposed rulemaking, CMS proposed that providers participating in MIPS in 2017 will also be able to use health IT certified to either the 2014 Edition or the 2015 Edition (or a mix of both Editions)—which would allow providers who were EHR Incentive Program users in previous years to, in some cases, use their existing technology to report for the 2017 performance period.

Important health IT definitions to know for your practice:

The 2014 Edition Health IT Certification Criteria (also referred to as the “2014 Edition”) is a collection of health IT certification criteria that ONC adopted under the ONC Health IT Certification Program in 2012. The 2015 Edition is a more recent collection of health IT certification criteria that ONC adopted under the ONC Health IT Certification Program in 2015. A certification criterion defines the specific function the health IT, including the functionalities within EHRs, is expected to perform. Sometimes certification criteria require that a functionality is performed using a specific standard. For example, the 2015 Edition “problem list” certification criterion must include a functionality that enables a user to record, change, and access a patient’s active problem list using a specific version of SNOMED-CT®.

The 2015 Edition includes most of the same health IT functionalities as the 2014 Edition, but with upgraded standards and new functionalities to foster innovation, open new market opportunities, and provide providers and patients more choices for electronic health information access and exchange. For example, the 2015 Edition includes new certification criteria for health IT, like EHRs, to be able to interface with applications (or Application Programming Interfaces – APIs). This would allow providers to interface with many existing applications (or “apps”) that could use health data in the EHR to provide innovative clinical tools or help engage patients, as some examples. The table below outlines the key categories of certification criteria in the 2014 and 2015 Editions.

Categories of health IT certification criteria in the:

2014 Edition 2015 Edition
a. Clinical a. Clinical
b. Care coordination b. Care coordination
c. Clinical quality measures c. Clinical quality measures
d. Privacy and security d. Privacy and security
e. Patient engagement e. Patient engagement
f. Public health f. Public health
g. Utilization g. Design and performance
h. Transport methods and other protocols

In 2017 as proposed in the MIPS proposed rule, providers participating in the MIPS program would need to report on six objectives under the more streamlined advancing care information performance category (formerly the “meaningful use” of EHRs). The table below lists the proposed 2017 objectives for MIPS providers under the advancing care information category.

The vision is that providers participating in MIPS and the EHR Incentive Program, respectively, will eventually upgrade to 2015 Edition certified health IT. The 2017 performance year of the EHR Incentive Program provides flexibility to providers in that they are encouraged, but not required to use 2015 Edition certified health IT. Thus, providers participating in the EHR Incentive Program have three options in 2017:

  1. Use health IT certified to the 2014 Edition;
  2. Use health IT certified to the 2015 Edition; or
  3. Use a combination of health IT certified to the 2014 and health IT certified to the 2015 Edition.

Starting with the 2018 performance year, all providers would be required to use 2015 Edition certified health IT.

In the MIPS (April 27, 2016) notice of proposed rulemaking for the Quality Payment Programs, CMS proposed the same policies to apply for participants in the MIPS.

Read more about the EHR Incentive Program:

Read more about MACRA and the proposed rule for the Quality Payment Program and MIPS:

Read more about the ONC 2014 and 2015 Editions of health IT certification criteria:

How do I find out more about the 2014 and 2015 Editions?

To find out more about the 2014 and 2015 Editions, which detail the ONC health IT certification criteria that providers can use in 2017, read the following downloadable guides.

2015 Edition Base EHR Definition [PDF - 291 KB]
Lists base EHR capabilities (like medical history, clinical decision support, and physician order entry) and identifies new certification criteria for 2015.

2014 Edition EHR Certification Criteria Required to Satisfy the Base EHR Definition [PDF - 242 KB]
Lists base EHR capabilities with corresponding 2014 certification criteria.

Comparison of the 2014 Edition & 2015 Edition Certification Criteria [PDF - 512 KB]
Compares the 2014 and 2015 criteria in the following health IT certification categories: clinical, care coordination, clinical quality measures, privacy and security, patient engagement, public health, design and performance/utilization, and transport methods and other protocols.

Common Clinical Data Set: 2014 Edition Standard and 2015 Edition Standard [PDF - 246 KB]
Lists common data sets, including information like patient name, sex, and date of birth, with their corresponding 2014 and 2015 standard requirements.

What is an API and how can that help my practice?

Summary: If anytime in the past you have used your web browser to surf the web, perhaps to book a hotel or buy an air ticket, you have already used and benefited from API. APIs are rapidly becoming an integral part of our personal and business worlds, with or without us knowing.

APIs, also known as Application Programming Interfaces, at their most basic level, allows one application to talk to another application. When you open in your browser and fill in your desired travel information to search for available seats, you are in fact using API built by United that lets the web browser access United’s database and ticketing system. If United had not provided this API which enabled IT developers to build the web site, the only alternative would have been to talk to the customer support personnel every time you wanted to book a flight on United. Imagine how inconvenient that would make our travel planning and inefficient for the airlines!

Similar to how APIs have made travel planning easier, EHRs that provide APIs can revolutionize our healthcare system for the benefit of patients and providers. Using APIs, health IT developers will be able to develop apps and other innovative software products that integrate information from multiple EHRs and precisely target clinicians’ needs well beyond what is currently available to the providers. And, providers will have access to new and powerful apps that enable them to take care of their patients even more effectively.

Many of the future health care payment programs including alternative payment models all depend on being able to exchange, aggregate and analyze health information. APIs will enable providers to exchange health information with other providers efficiently and integrate information from multiple sources in a scalable way. The tools built using the APIs will play a key role in providers’ ability to participate in the programs.

In anticipation of the growing demand and importance of APIs, ONC’s 2015 Edition of health IT certification includes several new API based certification criteria that would enable the providers’ to more easily access and exchange the health information in the EHRs. The APIs will provide providers’ ability to access patient’s health information individually and also, as a summary of care document that can be exchanged with other providers. See the link below for additional information about API requirements and other criteria focused on expanding electronic health information access and exchange in the ONC 2015 Edition certification:

2015 Edition Final Rule: Expanding Electronic Health Information Access and Exchange

2015 Edition Final Rule

Modifications to ONC Certification Program to support other types of health IT such as LTPAC, behavioral health and pediatrics

Who it’s for
Providers, health IT implementers

When it’s used
When seeking criteria that support expansion of health information exchange to other care settings

Download 2015 Edition Final Rule: Expanding Electronic Health Information Access and Exchange [PDF - 572 KB]

It is anticipated that newer versions of certified health IT systems that will be deployed in 2016 onwards will provide this capability.

What is FHIR-based API?

In order to make it easier for health IT developers to build software products that integrate information from multiple EHRs, several leading EHR vendor organizations have come together to develop a standard API for healthcare, called Fast Healthcare Interoperability Resources (FHIR®), and are building FHIR-based APIs to provide access to health information. EHR technologies that support FHIR-based APIs would be able to tap more readily into the growing market of apps than traditional health IT systems. ONC is actively encouraging the development of FHIR-based API.

Help Us Stop Information Blocking

information blocking

The Department of Health and Human Services is working to identify and stop instances of information blocking. You can help by reporting complaints about information blocking to us here:

What is information blocking? Information blocking (or data blocking) occurs when individuals or entities — such as healthcare providers or IT vendors — knowingly and unreasonably interfere with the exchange or use of electronic health information.1

Information blocking is a serious problem because it can prevent timely access to information needed to manage patients’ health conditions and coordinate their care. Further, it can prevent information from being used to improve health, make care more affordable, and research new treatments and cures.

Identifying information blocking: Information blocking can happen as a result of overt actions or policies that prevent electronic health information from being appropriately shared or used for authorized purposes. It can also occur in more subtle ways, such as through contract terms, organizational policies, or technical limitations that discourage or make it unnecessarily costly or burdensome to share and use information. Not all actions that impede the exchange or use of electronic health information constitute information blocking: sometimes the “blocking” may be necessary to protect patient safety, privacy, or other compelling interests.

Some examples of conduct that may raise information blocking concerns include:

  • Fees are imposed that make exchanging electronic health information cost prohibitive.
  • An organization’s policies or contractual arrangements prevent sharing or limit how information is shared with patients or their healthcare providers.
  • The HIPAA Privacy Rule is inappropriately cited as a reason not to share information.
  • Healthcare providers or IT vendors limit or discourage sharing information with other providers or with users of other IT systems.
  • Technology is designed or implemented in non-standard ways that lessen the ability to exchange and use information with other IT systems, services, or applications that follow nationally recognized standards.
  • Patients or healthcare providers become “locked in” to a particular technology or healthcare network because their electronic health information is not portable.

Help us stop information blocking and move toward nationwide interoperability by reporting information blocking via or via email at

NOTICE: Depending on the nature of your complaint, we may contact you for additional information and, in some instances, may share the information you provide with other appropriate federal and state government agencies, officials, and authorities. Please note that while we will endeavor to keep the information you share with us confidential, federal or state laws may require us to disclose certain information in some circumstances. While legal and administrative constraints prevent us from responding to every complaint, all information is carefully reviewed and shared with appropriate officials. Your feedback is appreciated and helps us to improve our awareness and ability to address health IT-related issues and challenges.

1 Office of the National Coordinator for Health Information Technology, Report to Congress on Health Information Blocking (April 2015), available at

ONC Certified Health IT Product List (CHPL pronounced “Chapel”)

The Certified Health IT Product List (CHPL) is the authoritative and comprehensive listing of Health IT Modules, including electronic health records certified through the ONC Health IT Certification Program. Health IT Modules are listed on the CHPL after they have been successfully tested and certified to the ONC Health IT Certification Program. Providers attesting that they are using certified EHR technology (CEHRT) for programs such as the EHR Incentive Program (“meaningful use”) can use the CHPL to create a unique ID (CMS EHR Certification ID) to identify the certified Health IT Modules they use. The CHPL is also a tool that allows providers to compare the features offered by certified health IT products side-by-side.

In February 2016, ONC released a new version of the CHPL. The new ONC CHPL incorporates a new streamlined user interface which will allow for faster search functionality, improved product selection, refined user navigation and the ability to compare health IT products such as EHRs. This new version also supports the accessibility of data on health IT certifications in user and machine-readable formats, including publicly available results of surveillance of certified products to ensure they continue to perform as expected in real-world care settings. The availability of surveillance data provides another way for providers to compare products and see which certified products may not be performing as expected (see more below).

The CHPL user guide below provides more detailed information on:

  • How to create a CMS EHR Certification ID
  • How to search for and compare certified health IT products
  • How to identify and understand certified products that are listed in the CHPL that do not comply with certification requirements and regulations
  • How to Register for a CHPL API Key

CHPL User Guide

CHPL User Guide

Comprehensive listing of health information technology products that have been tested and certified under the Health IT Certification Program administered by ONC

Who it’s for
Providers, Hospitals

When it’s used
When searching for certified products

Download CHPL User Guide [PDF - 1.9 MB]

Why would I need to use the CHPL in my practice?

CMS EHR Certification ID
Clinicians can use the CHPL to identify the certified Health IT Modules, such as EHRs they use and, if necessary, generate the CMS EHR Certification ID required for use in the Center for Medicare and Medicaid Services EHR Incentive Program. During meaningful use attestation, Eligible Physicians and Hospitals share their CMS EHR Certification Identification Number (CMS EHR Certification ID) with CMS. This number is generated by the CHPL once the eligible Physician or Hospital selects a certified health IT product that meets 100% of the requirements for a complete EHR or compiles multiple certified health IT products (Modules) to create a complete EHR product suite, as indicated in the CHPL cart. Detailed instructions on how to obtain a CMS EHR Certification ID are available below.

Please use this link to access a walkthrough document to generate a CMS EHR Certification ID using the updated CHPL [PDF -762 KB].

*If there are any questions or concerns regarding CMS EHR Certification ID generation, please email for additional information.


IMPORTANT NOTE: Providers and hospitals participating in the CMS EHR Incentive Program will continue to use the ONC CHPL 4.0 linked here ( for generation of CMS EHR Certification ID numbers used for participation in CMS and State EHR Incentive Program for 2015 attestations. Once the attestation period ends, the CHPL 4.0 will sunset.

Helping Providers Better Understand the Capabilities and Limitations of Certified Health IT Products

The health IT landscape has lacked reliable information about the costs, limitations, and trade-offs of competing health IT products and services. Without this information, health IT purchasers may find it hard to effectively understand and estimate the kinds of costs and implementation issues they may face. ONC now requires that health IT developers (which includes health IT and EHR vendors) must comply with enhanced transparency requirements associated with their products. These new disclosures are designed to help purchasers and users better understand the capabilities and limitations of their health IT products. Read more here.

In addition, ONC has created a transparency list which is updated weekly that provides hyperlinks to each developer’s mandatory disclosure statement and indicates the developer’s response to the Transparency Attestation. Developers’ disclosures must also display prominently on their websites and in their marketing materials. Additional information, including information about developers’ compliance with these requirements, is available on ONC's Certified Health IT Product List.

Mandatory Health IT Developer Disclosure Statements
Under the ONC Health IT Certification Program’s enhanced transparency requirements, health IT developers such as EHR vendors must fully disclose all known material types of costs and limitations—including technical and contractual restrictions—that a user may encounter when implementing or using the developer’s technology. Developers must describe this information on their websites and in their marketing materials. These descriptions must use detailed, plain language that will allow providers and users to identify and understand the specific limitations and types of costs that may apply.

Transparency Attestation by Health IT Developers
In addition to making mandatory product disclosures, health IT developers must also submit a transparency attestation that states whether they will take additional, voluntary actions to promote transparency. These voluntary actions include engaging in an open dialogue about their business practices and making such information available to potential customers and others in more targeted and useful ways. Developers or vendors who attest their support for transparency would be expected to provide any requestor with the information disclosed about their products and service offerings.

ONC has encouraged professional associations, product researchers, and other groups to take advantage of the health IT developers’ disclosures and transparency attestations to develop information and tools that providers can use to more effectively evaluate and compare health IT products.

Additional Transparency for Users of Certified Health IT: Surveillance/Corrective Action Plans
The CHPL allows providers to view surveillance results for health IT products and developers that have been found at any time not to comply with any requirements of the ONC Health IT Certification Program. This additional transparency will help potential health IT purchasers assess how products perform in real-world settings and will alert existing customers and users to potential issues, and plans to resolve them.

What happens when certified health IT products are not performing as expected in “real-world” care settings?

ONC has designated three accredited certification bodies to determine and issue health IT products certifications when they have met the requirements of the ONC Health IT Certification Program standards and certification criteria. These accredited certification bodies are known as ONC Authorized Certification Bodies (ONC-ACBs).

When an ONC-ACB determines that a product does not comply with certification requirements, the product is considered non-conforming. Developers must work with their ONC-ACB on an appropriate corrective action plan to cure the identified non-conformity or deficiency and bring the product back into compliance.

Corrective action plans will be posted on the CHPL weekly. Because many non-conformities or deficiencies are resolved quickly by the developer, the CHPL also will reflect updated information—including the date and a description of how the non-conformity or deficiency was resolved. If the non-conformities or deficiencies are not resolved in accordance with the corrective action plan, an ONC-ACB will follow its procedures to suspend or terminate the product’s certification. For more information on the corrective action process please read more here:

Surveillance of certified products and the corrective action plan process is central to ONC’s Health IT Certification Program, as it provides vital transparency and accountability about certified products and capabilities and the certification process itself. We encourage providers to make use of this information as they evaluate and compare products as well as monitor issues affecting their certified health IT.

What should I do if I have a complaint or an issue with my EHR?

When providers have complaints about certified health IT products, ONC encourages providers to first contact their health IT developer or EHR vendor to resolve the issue. If the issue remains unresolved, providers should then contact the ONC-Authorized Certification Body (ONC-ACB) that issued the certification to the product. A provider can find out which ONC-ACB issued the product certification through the CHPL by searching for the product name. Any remaining unresolved concerns about the performance or certification of a product can then be reported to ONC health IT using the ONC health IT complaint form.

provider complaint

Download Image [PDF - 542 KB]

Section 2 Recap

Take steps towards improving your practice with certified health IT.

  • Learn about certification criteria
  • Use APIs to ease information exchange
  • Understand information blocking
  • Compare certified health IT products
  • Report EHR issues

Join the conversation.

Let us know how we can improve and expand on Certified Health IT.

Content last updated on: January 23, 2017