Printer Friendly, PDF & Email Printer Friendly, PDF & Email

§170.315(b)(3) Electronic prescribing

Updated on 09-30-2025
Regulation Text
Regulation Text

§ 170.315(b)(3) Electronic prescribing.

(ii) For technology certified subsequent to June 30, 2020:

  1.  
    1. For the time period up to and including December 31, 2027, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standards specified in § 170.205(b)(1) or (2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2) if using the standard in § 170.205(b)(2).
    2. On and after January 1, 2028, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standard specified in § 170.205(b)(2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2).
    3. The prescription-related electronic transactions are as follows:
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. Request and receive medication history (RxHistoryRequest, RxHistoryResponse).
      7. Relay acceptance of transaction back to the sender (Status).
      8. Respond that there was a problem with the transaction (Error).
      9. Respond that a transaction requesting a return receipt has been received (Verify).
      10. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). These transactions are required if using the standard in 170.205(b)(2).
  2. Enable a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  3. For the following prescription-related transactions, the technology must be able to receive and transmit the diagnosis or diagnoses that are the reason for prescription:
    1. Required transactions
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Cancel prescriptions (CancelRx).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. [Reserved]
      7. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse and PACancelRequest, PACancelResponse, PANotification). These transactions are required if using the standard in § 170.205(b)(2).
    2. [Reserved]
  4. [Reserved]
  5. Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (that is, not cc).
  6. Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications. 
Standard(s) Referenced

Paragraph (b)(3)(ii)

§ 170.205(b)(1) NCPDP SCRIPT Standard Implementation Guide, Version 2017071, July 2017 (Adoption of this standard expires January 1, 2028)

§ 170.205(b)(2) NCPDP SCRIPT Standard, Implementation Guide, Version 2023011 (This standard is required by December 31, 2027)

§ 170.207(d)(1)(i) RxNorm, July 5, 2022 Full Monthly Release

§ 170.207(d)(1)(ii) RxNorm, December 4, 2023 Full Monthly Release

§ 170.207(d)(1)(iii) RxNorm, September 8, 2015 Full Release Update

§ 170.207(d)(2) National Drug Codes (NDC) (This standard is required by December 31, 2027)

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2027

Action to be taken: Developers certified to this criterion must update their certification to align with requirements outlined in NCPDP SCRIPT Standard Implementation Guide, Version 2023011 and the required transactions and data requirements associated with that standard. Developers with existing certification to this criterion must obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Certification Dependencies

Dependent Criteria

Any developer that obtains certification for the “electronic prescribing” certification criterion in 45 CFR 170.315(b)(3) must also obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of
Certification.

  • Note: For calendar year (CY) 2025, a developer is not expected to submit an annual Real World Testing plan to its ONC-Authorized Certification Body (ONC-ACB) for the 2026 Real World Testing year. For CY 2026, ASTP/ONC only expects a developer with a Health IT Module(s) certified to the (g)(7) through (10) certification criteria, as of August 31, 2024, to submit a CY 2025 Real World Testing results report to its ONC-ACB by March 2026. Please read the full notice outlining the details of the Real World Testing enforcement discretion.

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Safety-enhanced design (§ 170.315(g)(3)) must be explicitly demonstrated for this criterion.
  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(b)(3). As a result, an ONC Authorized Certification Body (ONC-ACB) must ensure that a product presented for certification to a § 170.315(b) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (b) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, an exception exists for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and § 170.315(e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Version # Description of Change Version Date
1.0

Initial publication
03-11-2024
1.1

Updated testing tool from NCPDP to new Electronic Prescribing (eRx) tool.
07-08-2024
2.0

Updated test procedure to support new HTI-4 Final Rule requirements.
10-01-2025
Regulation Text
Regulation Text

§ 170.315(b)(3) Electronic prescribing.

(ii) For technology certified subsequent to June 30, 2020:

  1.  
    1. For the time period up to and including December 31, 2027, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standards specified in § 170.205(b)(1) or (2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2) if using the standard in § 170.205(b)(2).
    2. On and after January 1, 2028, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standard specified in § 170.205(b)(2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2).
    3. The prescription-related electronic transactions are as follows:
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. Request and receive medication history (RxHistoryRequest, RxHistoryResponse).
      7. Relay acceptance of transaction back to the sender (Status).
      8. Respond that there was a problem with the transaction (Error).
      9. Respond that a transaction requesting a return receipt has been received (Verify).
      10. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). These transactions are required if using the standard in 170.205(b)(2).
  2. Enable a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  3. For the following prescription-related transactions, the technology must be able to receive and transmit the diagnosis or diagnoses that are the reason for prescription:
    1. Required transactions
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Cancel prescriptions (CancelRx).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. [Reserved]
      7. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse and PACancelRequest, PACancelResponse, PANotification). These transactions are required if using the standard in § 170.205(b)(2).
    2. [Reserved]
  4. [Reserved]
  5. Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (that is, not cc).
  6. Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications. 
Standard(s) Referenced

Paragraph (b)(3)(ii)

§ 170.205(b)(1) NCPDP SCRIPT Standard Implementation Guide, Version 2017071, July 2017 (Adoption of this standard expires January 1, 2028)

§ 170.205(b)(2) NCPDP SCRIPT Standard, Implementation Guide, Version 2023011 (This standard is required by December 31, 2027)

§ 170.207(d)(1)(i) RxNorm, July 5, 2022 Full Monthly Release

§ 170.207(d)(1)(ii) RxNorm, December 4, 2023 Full Monthly Release

§ 170.207(d)(1)(iii) RxNorm, September 8, 2015 Full Release Update

§ 170.207(d)(2) National Drug Codes (NDC) (This standard is required by December 31, 2027)

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2027

Action to be taken: Developers certified to this criterion must update their certification to align with requirements outlined in NCPDP SCRIPT Standard Implementation Guide, Version 2023011 and the required transactions and data requirements associated with that standard. Developers with existing certification to this criterion must obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Certification Dependencies

Dependent Criteria

Any developer that obtains certification for the “electronic prescribing” certification criterion in 45 CFR 170.315(b)(3) must also obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of
Certification.

  • Note: For calendar year (CY) 2025, a developer is not expected to submit an annual Real World Testing plan to its ONC-Authorized Certification Body (ONC-ACB) for the 2026 Real World Testing year. For CY 2026, ASTP/ONC only expects a developer with a Health IT Module(s) certified to the (g)(7) through (10) certification criteria, as of August 31, 2024, to submit a CY 2025 Real World Testing results report to its ONC-ACB by March 2026. Please read the full notice outlining the details of the Real World Testing enforcement discretion.

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Safety-enhanced design (§ 170.315(g)(3)) must be explicitly demonstrated for this criterion.
  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(b)(3). As a result, an ONC Authorized Certification Body (ONC-ACB) must ensure that a product presented for certification to a § 170.315(b) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (b) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, an exception exists for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and § 170.315(e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Testing
Testing Tool

Electronic Prescribing (eRx) Testing Tool (tool has not yet been finalized to support new standards in testing) 

Criterion Subparagraph Test Data
(b)(3)

Refer to Electronic Prescribing (eRx) Testing Tool
Revision History
Version # Description of Change Version Date
1.0

Initial publication
03-11-2024
1.1

Updated testing tool from NCPDP to new Electronic Prescribing (eRx) tool.
07-08-2024
2.0

Updated test procedure to support new HTI-4 Final Rule requirements.
10-01-2025

This Test Procedure illustrates the test steps required to certify a Health IT Module to this criterion. Please consult the most recent ASTP/ONC Final Rule on the Certification Regulations page for a detailed description of the certification criterion with which these testing steps are associated. ASTP/ONC also encourages developers to consult the Certification Companion Guide in tandem with the test procedure as it provides clarifications that may be useful for product development and testing.

Note: The tests step order does not necessarily prescribe the order in which the tests should take place.

Testing components

No Documentation Icon Visual Inspection Icon Test Tool Icon ONC Supplied Test Data Icon No SVAP Icon

Paragraphs (b)(3)(ii)(A)(3)(i-v, vii-ix) Send and receive

System Under Test
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(ii) request and respond to change prescriptions (RxChangeRequest, RxChangeResponse), and (b)(3)(ii)(A)(3)(v) fill status notifications (RxFill).
  2. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iii) request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
  3. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iv) request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  4. The health IT developer relays acceptance of a transaction back to the sender (Status) in accordance with (b)(3)(ii)(A)(3)(vii).
  5. The health IT developer responds that there was a problem with the transaction (Error) in accordance with (b)(3)(ii)(A)(3)(viii).
  6. The health IT developer responds that a transaction requesting a return receipt has been received (Verify) in accordance with (b)(3)(ii)(A)(3)(ix).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(ii) request and respond to change prescriptions (RxChangeRequest, RxChangeResponse), and (b)(3)(ii)(A)(3)(v) fill status notifications (RxFill).
  2. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iii) request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
  3. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iv) request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  4. The health IT developer relays acceptance of a transaction back to the sender (Status) in accordance with (b)(3)(ii)(A)(3)(vii).
  5. The health IT developer responds that there was a problem with the transaction (Error) in accordance with (b)(3)(ii)(A)(3)(vii).
  6. The health IT developer responds that a transaction requesting a return receipt has been received (Verify) in accordance with (b)(3)(ii)(A)(3)(ix).
Test Lab Verification
Expires by January 1, 2028

The test lab verifies the following steps in accordance with the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive prescription change request (RxChangeRequest);
    3. Create and send prescription change response (RxChangeResponse); and
    4. Receive fill status notification (RxFill).
  2. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Send request to cancel prescription (CancelRx); and
    3. Receive response to request to cancel prescription (CancelRxResponse).
  3. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation reports for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive request to renew prescription (RxRenewalRequest); and
    3. Create and send response to renew prescription (RxRenewalResponse).
  4. The tester verifies the Health IT Module supports Status, Error and Verify transactions.
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive prescription change request (RxChangeRequest);
    3. Create and send prescription change response (RxChangeResponse); and
    4. Receive fill status notification (RxFill).
  2. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Send request to cancel prescription (CancelRx); and
    3. Receive response to request to cancel prescription (CancelRxResponse).
  3. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation reports for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive request to renew prescription (RxRenewalRequest); and
    3. Create and send response to renew prescription (RxRenewalResponse).
  4. The tester verifies the Health IT Module supports Status, Error and Verify transactions.
System Under Test Test Lab Verification
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(ii) request and respond to change prescriptions (RxChangeRequest, RxChangeResponse), and (b)(3)(ii)(A)(3)(v) fill status notifications (RxFill).
  2. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iii) request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
  3. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iv) request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  4. The health IT developer relays acceptance of a transaction back to the sender (Status) in accordance with (b)(3)(ii)(A)(3)(vii).
  5. The health IT developer responds that there was a problem with the transaction (Error) in accordance with (b)(3)(ii)(A)(3)(viii).
  6. The health IT developer responds that a transaction requesting a return receipt has been received (Verify) in accordance with (b)(3)(ii)(A)(3)(ix).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(ii) request and respond to change prescriptions (RxChangeRequest, RxChangeResponse), and (b)(3)(ii)(A)(3)(v) fill status notifications (RxFill).
  2. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iii) request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
  3. The health IT developer creates new prescriptions (NewRx) in accordance with (b)(3)(ii)(A)(3)(i) and (b)(3)(ii)(A)(3)(iv) request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  4. The health IT developer relays acceptance of a transaction back to the sender (Status) in accordance with (b)(3)(ii)(A)(3)(vii).
  5. The health IT developer responds that there was a problem with the transaction (Error) in accordance with (b)(3)(ii)(A)(3)(vii).
  6. The health IT developer responds that a transaction requesting a return receipt has been received (Verify) in accordance with (b)(3)(ii)(A)(3)(ix).
Expires by January 1, 2028

The test lab verifies the following steps in accordance with the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive prescription change request (RxChangeRequest);
    3. Create and send prescription change response (RxChangeResponse); and
    4. Receive fill status notification (RxFill).
  2. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Send request to cancel prescription (CancelRx); and
    3. Receive response to request to cancel prescription (CancelRxResponse).
  3. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation reports for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive request to renew prescription (RxRenewalRequest); and
    3. Create and send response to renew prescription (RxRenewalResponse).
  4. The tester verifies the Health IT Module supports Status, Error and Verify transactions.
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive prescription change request (RxChangeRequest);
    3. Create and send prescription change response (RxChangeResponse); and
    4. Receive fill status notification (RxFill).
  2. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Send request to cancel prescription (CancelRx); and
    3. Receive response to request to cancel prescription (CancelRxResponse).
  3. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation reports for the following required transactions:
    1. Create and send new prescription (NewRx);
    2. Receive request to renew prescription (RxRenewalRequest); and
    3. Create and send response to renew prescription (RxRenewalResponse).
  4. The tester verifies the Health IT Module supports Status, Error and Verify transactions.

Paragraph (b)(3)(ii)(A)(3)(vi) Send and receive - medication history

System Under Test
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The health IT developer requests and receives a patient’s medication history (RxHistoryRequest, RxHistoryResponse) in accordance with (b)(3)(ii)(A)(3)(vi).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer requests and receives a patient’s medication history (RxHistoryRequest, RxHistoryResponse) in accordance with (b)(3)(ii)(A)(3)(vi).
Test Lab Verification
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Send a request for a medication history (RxHistoryRequest); and
    2. Receive a response to a request for a medication history (RxHistoryResponse); or
    3. Receive a Status message (Status) in response to a request for a medication history (RxHistoryRequest) and receive a response to a request for a medication history (RxHistoryResponse).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Send a request for a medication history (RxHistoryRequest); and
    2. Receive a response to a request for a medication history (RxHistoryResponse); or
    3. Receive a Status message (Status) in response to a request for a medication history (RxHistoryRequest) and receive a response to a request for a medication history (RxHistoryResponse).
System Under Test Test Lab Verification
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The health IT developer requests and receives a patient’s medication history (RxHistoryRequest, RxHistoryResponse) in accordance with (b)(3)(ii)(A)(3)(vi).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer requests and receives a patient’s medication history (RxHistoryRequest, RxHistoryResponse) in accordance with (b)(3)(ii)(A)(3)(vi).
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Send a request for a medication history (RxHistoryRequest); and
    2. Receive a response to a request for a medication history (RxHistoryResponse); or
    3. Receive a Status message (Status) in response to a request for a medication history (RxHistoryRequest) and receive a response to a request for a medication history (RxHistoryResponse).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following required transactions:
    1. Send a request for a medication history (RxHistoryRequest); and
    2. Receive a response to a request for a medication history (RxHistoryResponse); or
    3. Receive a Status message (Status) in response to a request for a medication history (RxHistoryRequest) and receive a response to a request for a medication history (RxHistoryResponse).

Paragraph (b)(3)(ii)(A)(3)(x) Electronic prior authorization transactions

System Under Test
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer completes the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification) in accordance with (b)(3)(ii)(A)(3)(x).
Test Lab Verification
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following transactions:
    1. Create and send PA Initiation Request (PAInitiationRequest);
    2. Receive PA Initiation Response (PAInitiationResponse);
    3. Create and send PA Request (PARequest);
    4. Receive PA Response (PAResponse);
    5. Create and send PA Appeal Request (PAAppealRequest);
    6. Receive PA Appeal Response (PAAppealResponse);
    7. Create and send PA Cancel Request (PACancelRequest);
    8. Receive PA Cancel Response (PACancelResponse);
    9. Receive PA Notification (PANotification)
System Under Test Test Lab Verification
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The health IT developer completes the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification) in accordance with (b)(3)(ii)(A)(3)(x).
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the following transactions and completes all required test tool interaction steps and verifies the validation report for the following transactions:
    1. Create and send PA Initiation Request (PAInitiationRequest);
    2. Receive PA Initiation Response (PAInitiationResponse);
    3. Create and send PA Request (PARequest);
    4. Receive PA Response (PAResponse);
    5. Create and send PA Appeal Request (PAAppealRequest);
    6. Receive PA Appeal Response (PAAppealResponse);
    7. Create and send PA Cancel Request (PACancelRequest);
    8. Receive PA Cancel Response (PACancelResponse);
    9. Receive PA Notification (PANotification)

Paragraph (b)(3)(ii)(B)(1-4) Exchange race and ethnicity information

System Under Test
Required by December 31, 2027
  1. The health IT developer enables a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse). 
Test Lab Verification
Required by December 31, 2027
  1. The tester verifies the Health IT Module enables a user to exchange race and ethnicity information when performing the following transactions:
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse). 
System Under Test Test Lab Verification
Required by December 31, 2027
  1. The health IT developer enables a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse). 
Required by December 31, 2027
  1. The tester verifies the Health IT Module enables a user to exchange race and ethnicity information when performing the following transactions:
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse). 

Paragraph (b)(3)(ii)(C)(1)(i-v) Trasmit and receive - diagnosis

System Under Test
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The Health IT Module is able to transmit and receive the reason for the prescription using the <Diagnosis><Primary> or <Secondary> diagnosis elements  for the following transactions in accordance with (b)(3)(ii)(C)(1):
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill); 
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The Health IT Module is able to transmit and receive the diagnosis or diagnoses that are the reason for the prescription for the following transactions in accordance with (b)(3)(ii)(C)(1):
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)
Test Lab Verification
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the reason for the prescription using the <Diagnosis><Primary> or <Secondary> diagnosis elements for all transactions, using the test data specified with the selected test case via the test tool:
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the diagnosis or diagnoses that are the reason for the prescription for all transactions, using the test data specified with the selected test case via the test tool:
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)
System Under Test Test Lab Verification
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The Health IT Module is able to transmit and receive the reason for the prescription using the <Diagnosis><Primary> or <Secondary> diagnosis elements  for the following transactions in accordance with (b)(3)(ii)(C)(1):
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill); 
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The Health IT Module is able to transmit and receive the diagnosis or diagnoses that are the reason for the prescription for the following transactions in accordance with (b)(3)(ii)(C)(1):
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)
Expires on January 1, 2028

Complete the following steps using the NCPDP SCRIPT Standard Version 2017071.

  1. The tester verifies the Health IT Module sends and receives the reason for the prescription using the <Diagnosis><Primary> or <Secondary> diagnosis elements for all transactions, using the test data specified with the selected test case via the test tool:
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)
Required by December 31, 2027

Complete the following steps using the NCPDP SCRIPT Standard Version 2023011.

  1. The tester verifies the Health IT Module sends and receives the diagnosis or diagnoses that are the reason for the prescription for all transactions, using the test data specified with the selected test case via the test tool:
    1. Create new prescriptions (NewRx);
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse);
    3. Request to cancel prescriptions (CancelRx);
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse); and
    5. Receive fill status notifications (RxFill)

Paragraph (b)(3)(ii)(C)(1)(vii) Transmit and receive - diagnosis - electronic prior authorization transactions

System Under Test
Required by December 31, 2027
  1. The Health IT Module is able to receive and transmit the diagnosis or diagnoses that are the reason for prescription for the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification).
Test Lab Verification
Required by December 31, 2027
  1. The tester verifies the Health IT Module receives and transmits the diagnosis or diagnoses that are the reason for prescription for the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification).
System Under Test Test Lab Verification
Required by December 31, 2027
  1. The Health IT Module is able to receive and transmit the diagnosis or diagnoses that are the reason for prescription for the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification).
Required by December 31, 2027
  1. The tester verifies the Health IT Module receives and transmits the diagnosis or diagnoses that are the reason for prescription for the electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, PANotification).

Paragraph (b)(3)(ii)(E) Liquid medications

System Under Test
Expires on January 1, 2028
  1. The Health IT Module is able to prescribe all oral liquid medications in only the metric standard units of milliliter (mL) (i.e., not cubic centimeter (cc) or teaspoon) in accordance with (b)(3)(ii)(E).
  2. Negative Testing: The health IT developer attempts to prescribe an oral liquid medication using non-metric standard units.
Required by December 31, 2027
  1. The Health IT Module is able to prescribe all oral liquid medications in only the metric standard units of milliliter (mL) (i.e., not cubic centimeter (cc) or teaspoon) in accordance with (b)(3)(ii)(E).
  2. Negative Testing: The health IT developer attempts to prescribe an oral liquid medication using non-metric standard units.
Test Lab Verification
Expires on January 1, 2028
  1. The tester verifies the Health IT Module limits the ability to prescribe all oral liquid medications in metric standard units of milliliter (mL).
  2. Negative Testing: The tester verifies through visual inspection of the System Under Test that the Health IT Module does not have the ability to prescribe oral liquid medications using non-metric standard units (i.e., cubic centimeter (cc), teaspoon).
Required by December 31, 2027
  1. The tester verifies the Health IT Module limits the ability to prescribe all oral liquid medications in metric standard units of milliliter (mL).
  2. Negative Testing: The tester verifies through visual inspection of the System Under Test that the Health IT Module does not have the ability to prescribe oral liquid medications using non-metric standard units (i.e., cubic centimeter (cc), teaspoon).
System Under Test Test Lab Verification
Expires on January 1, 2028
  1. The Health IT Module is able to prescribe all oral liquid medications in only the metric standard units of milliliter (mL) (i.e., not cubic centimeter (cc) or teaspoon) in accordance with (b)(3)(ii)(E).
  2. Negative Testing: The health IT developer attempts to prescribe an oral liquid medication using non-metric standard units.
Required by December 31, 2027
  1. The Health IT Module is able to prescribe all oral liquid medications in only the metric standard units of milliliter (mL) (i.e., not cubic centimeter (cc) or teaspoon) in accordance with (b)(3)(ii)(E).
  2. Negative Testing: The health IT developer attempts to prescribe an oral liquid medication using non-metric standard units.
Expires on January 1, 2028
  1. The tester verifies the Health IT Module limits the ability to prescribe all oral liquid medications in metric standard units of milliliter (mL).
  2. Negative Testing: The tester verifies through visual inspection of the System Under Test that the Health IT Module does not have the ability to prescribe oral liquid medications using non-metric standard units (i.e., cubic centimeter (cc), teaspoon).
Required by December 31, 2027
  1. The tester verifies the Health IT Module limits the ability to prescribe all oral liquid medications in metric standard units of milliliter (mL).
  2. Negative Testing: The tester verifies through visual inspection of the System Under Test that the Health IT Module does not have the ability to prescribe oral liquid medications using non-metric standard units (i.e., cubic centimeter (cc), teaspoon).

Paragraph (b)(3)(ii)(F) Leading zeroes

System Under Test
Expires on January 1, 2028
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
Required by December 31, 2027
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
Test Lab Verification
Expires on January 1, 2028
  1. The tester verifies through visual inspection of the System Under Test that leading zeroes are inserted before the decimal point for all amounts less than one when a prescriber prescribes medication.
  2. The tester verifies through visual inspection of the System Under Test that there are no trailing zeroes after a decimal point when a prescriber prescribes medication.
Required by December 31, 2027
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
System Under Test Test Lab Verification
Expires on January 1, 2028
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
Required by December 31, 2027
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
Expires on January 1, 2028
  1. The tester verifies through visual inspection of the System Under Test that leading zeroes are inserted before the decimal point for all amounts less than one when a prescriber prescribes medication.
  2. The tester verifies through visual inspection of the System Under Test that there are no trailing zeroes after a decimal point when a prescriber prescribes medication.
Required by December 31, 2027
  1. The Health IT Module inserts leading zeroes before the decimal point for all amounts less than one when a prescriber prescribes medication in accordance with (b)(3)(ii)(F).
  2. The Health IT Module does not allow trailing zeroes after a decimal point when a prescriber prescribes medication.
Updated on 09-30-2025
Regulation Text
Regulation Text

§ 170.315(b)(3) Electronic prescribing.

(ii) For technology certified subsequent to June 30, 2020:

  1.  
    1. For the time period up to and including December 31, 2027, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standards specified in § 170.205(b)(1) or (2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2) if using the standard in § 170.205(b)(2).
    2. On and after January 1, 2028, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standard specified in § 170.205(b)(2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2).
    3. The prescription-related electronic transactions are as follows:
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. Request and receive medication history (RxHistoryRequest, RxHistoryResponse).
      7. Relay acceptance of transaction back to the sender (Status).
      8. Respond that there was a problem with the transaction (Error).
      9. Respond that a transaction requesting a return receipt has been received (Verify).
      10. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). These transactions are required if using the standard in 170.205(b)(2).
  2. Enable a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  3. For the following prescription-related transactions, the technology must be able to receive and transmit the diagnosis or diagnoses that are the reason for prescription:
    1. Required transactions
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Cancel prescriptions (CancelRx).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. [Reserved]
      7. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse and PACancelRequest, PACancelResponse, PANotification). These transactions are required if using the standard in § 170.205(b)(2).
    2. [Reserved]
  4. [Reserved]
  5. Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (that is, not cc).
  6. Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications. 
Standard(s) Referenced

Paragraph (b)(3)(ii)

§ 170.205(b)(1) NCPDP SCRIPT Standard Implementation Guide, Version 2017071, July 2017 (Adoption of this standard expires January 1, 2028)

§ 170.205(b)(2) NCPDP SCRIPT Standard, Implementation Guide, Version 2023011 (This standard is required by December 31, 2027)

§ 170.207(d)(1)(i) RxNorm, July 5, 2022 Full Monthly Release

§ 170.207(d)(1)(ii) RxNorm, December 4, 2023 Full Monthly Release

§ 170.207(d)(1)(iii) RxNorm, September 8, 2015 Full Release Update

§ 170.207(d)(2) National Drug Codes (NDC) (This standard is required by December 31, 2027)

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2027

Action to be taken: Developers certified to this criterion must update their certification to align with requirements outlined in NCPDP SCRIPT Standard Implementation Guide, Version 2023011 and the required transactions and data requirements associated with that standard. Developers with existing certification to this criterion must obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Certification Dependencies

Dependent Criteria

Any developer that obtains certification for the “electronic prescribing” certification criterion in 45 CFR 170.315(b)(3) must also obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of
Certification.

  • Note: For calendar year (CY) 2025, a developer is not expected to submit an annual Real World Testing plan to its ONC-Authorized Certification Body (ONC-ACB) for the 2026 Real World Testing year. For CY 2026, ASTP/ONC only expects a developer with a Health IT Module(s) certified to the (g)(7) through (10) certification criteria, as of August 31, 2024, to submit a CY 2025 Real World Testing results report to its ONC-ACB by March 2026. Please read the full notice outlining the details of the Real World Testing enforcement discretion.

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Safety-enhanced design (§ 170.315(g)(3)) must be explicitly demonstrated for this criterion.
  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(b)(3). As a result, an ONC Authorized Certification Body (ONC-ACB) must ensure that a product presented for certification to a § 170.315(b) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (b) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, an exception exists for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and § 170.315(e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Version # Description of Change Version Date
1.0

Initial publication
03-11-2024
1.1

Updated testing tool from NCPDP to new Electronic Prescribing (eRx) tool.
07-08-2024
2.0

Updated test procedure to support new HTI-4 Final Rule requirements.
10-01-2025
Regulation Text
Regulation Text

§ 170.315(b)(3) Electronic prescribing.

(ii) For technology certified subsequent to June 30, 2020:

  1.  
    1. For the time period up to and including December 31, 2027, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standards specified in § 170.205(b)(1) or (2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2) if using the standard in § 170.205(b)(2).
    2. On and after January 1, 2028, enable a user to perform the prescription-related electronic transactions specified in paragraph (b)(3)(ii)(A)( 3) of this section in accordance with the standard specified in § 170.205(b)(2).
      1. At a minimum, at least one of the versions of the standard adopted in § 170.207(d)(1).
      2. The standard in § 170.207(d)(2).
    3. The prescription-related electronic transactions are as follows:
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Request and respond to cancel prescriptions (CancelRx, CancelRxResponse).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. Request and receive medication history (RxHistoryRequest, RxHistoryResponse).
      7. Relay acceptance of transaction back to the sender (Status).
      8. Respond that there was a problem with the transaction (Error).
      9. Respond that a transaction requesting a return receipt has been received (Verify).
      10. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). These transactions are required if using the standard in 170.205(b)(2).
  2. Enable a user to exchange race and ethnicity information when performing the following prescription-related electronic transactions, if using the standard in § 170.205(b)(2):
    1. Receive fill status notifications (RxFill).
    2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
    3. Request to cancel prescriptions (CancelRx).
    4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
  3. For the following prescription-related transactions, the technology must be able to receive and transmit the diagnosis or diagnoses that are the reason for prescription:
    1. Required transactions
      1. New prescriptions (NewRx).
      2. Request and respond to change prescriptions (RxChangeRequest, RxChangeResponse).
      3. Cancel prescriptions (CancelRx).
      4. Request and respond to renew prescriptions (RxRenewalRequest, RxRenewalResponse).
      5. Receive fill status notifications (RxFill).
      6. [Reserved]
      7. Electronic prior authorization transactions (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse and PACancelRequest, PACancelResponse, PANotification). These transactions are required if using the standard in § 170.205(b)(2).
    2. [Reserved]
  4. [Reserved]
  5. Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (that is, not cc).
  6. Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications. 
Standard(s) Referenced

Paragraph (b)(3)(ii)

§ 170.205(b)(1) NCPDP SCRIPT Standard Implementation Guide, Version 2017071, July 2017 (Adoption of this standard expires January 1, 2028)

§ 170.205(b)(2) NCPDP SCRIPT Standard, Implementation Guide, Version 2023011 (This standard is required by December 31, 2027)

§ 170.207(d)(1)(i) RxNorm, July 5, 2022 Full Monthly Release

§ 170.207(d)(1)(ii) RxNorm, December 4, 2023 Full Monthly Release

§ 170.207(d)(1)(iii) RxNorm, September 8, 2015 Full Release Update

§ 170.207(d)(2) National Drug Codes (NDC) (This standard is required by December 31, 2027)

Required Update Deadlines

The following outlines deadlines for required updates for this criterion as they relate to changes published in recent ONC final rules. Developers must update their products to the requirements outlined and provide them to their customers by the stated deadlines. These represent one-time deadlines as set by recent regulatory updates and do not encompass ongoing deadlines related to the Conditions and Maintenance of Certification. Please review those requirements for additional compliance activities related to one’s certification under Certification Dependencies.

Deadline: December 31, 2027

Action to be taken: Developers certified to this criterion must update their certification to align with requirements outlined in NCPDP SCRIPT Standard Implementation Guide, Version 2023011 and the required transactions and data requirements associated with that standard. Developers with existing certification to this criterion must obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Certification Dependencies

Dependent Criteria

Any developer that obtains certification for the “electronic prescribing” certification criterion in 45 CFR 170.315(b)(3) must also obtain certification for the “real-time prescription benefit” criterion in 45 CFR 170.315(b)(4).  

Conditions and Maintenance of Certification Requirements

Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of
Certification.

  • Note: For calendar year (CY) 2025, a developer is not expected to submit an annual Real World Testing plan to its ONC-Authorized Certification Body (ONC-ACB) for the 2026 Real World Testing year. For CY 2026, ASTP/ONC only expects a developer with a Health IT Module(s) certified to the (g)(7) through (10) certification criteria, as of August 31, 2024, to submit a CY 2025 Real World Testing results report to its ONC-ACB by March 2026. Please read the full notice outlining the details of the Real World Testing enforcement discretion.

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • Safety-enhanced design (§ 170.315(g)(3)) must be explicitly demonstrated for this criterion.
  • Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
  • Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Privacy & Security Requirements

This certification criterion was adopted at § 170.315(b)(3). As a result, an ONC Authorized Certification Body (ONC-ACB) must ensure that a product presented for certification to a § 170.315(b) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (b) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, an exception exists for § 170.315(e)(1) “View, download, and transmit to 3rd party (VDT)” and § 170.315(e)(2) “Secure messaging,” which are explicitly stated.

For more information on the approaches to meet these Privacy and Security requirements, please review the Privacy and Security CCG.

Revision History
Version # Description of Change Version Date
1.0

Initial publication
03-11-2024
1.1

Updated to reflect new Electronic Prescribing (eRx) tool.
07-08-2024
1.2

Added update to Certification Dependencies section to reflect recent Real World Testing enforcement discretion notice.
07-23-2025
2.0

Updated to reflect revisions made in HTI-4 Final Rule.
09-30-2025
Testing
Testing Tool

Electronic Prescribing (eRx) Testing Tool (tool has not yet been finalized to support new standards in testing) 

Criterion Subparagraph Test Data
(b)(3)

Refer to Electronic Prescribing (eRx) Testing Tool

Certification Companion Guide: Electronic prescribing

This Certification Companion Guide (CCG) is an informative document designed to assist with health IT product certification. The CCG is not a substitute for the requirements outlined in regulation and related ASTP/ONC final rules. It extracts key portions of ASTP/ONC final rules’ preambles and includes subsequent clarifying interpretations. To access the full context of regulatory intent please consult the Certification Program Regulations page for links to all final rules or consult other regulatory references as noted. The CCG is for public use and should not be sold or redistributed.

The below table outlines whether this criterion has additional Maintenance of Certification dependencies, update requirements and/or eligibility for standards updates via SVAP. Review the Certification Dependencies and Required Update Deadline drop-downs above if this table indicates “yes” for any field.

 

Base EHR Definition Real World Testing Insights Condition SVAP Requires Updates
Not Included Yes No No Yes
Certification Requirements
Technical Explanations and Clarifications

Applies to entire criterion

Clarifications:

  • The intended scope of this certification criterion is the ability of health IT to electronically exchange information with external recipients.
  • The criterion does not require prescriptions of controlled substances to be supported to demonstrate compliance with its requirements. Drugs and other substances that are considered controlled substances under the Controlled Substances Act (CSA) have been removed from the test data.
  • With the exception of which test data elements might be required, this certification criterion applies equally to both inpatient and ambulatory settings.
  • Errors received during testing related to the max field requirement can be treated as a warning. This does not remove the requirement from a surveillance perspective nor the general need for mandatory fields to be populated with data as required by the standard. Please consult with ONC regarding the Electronic Prescribing (eRx) tool's interpretive requirements.
  • It is beyond the scope of this certification criterion to require the capability to ensure that a provider is actively alerted when an electronic prescription fails. [see also 77 FR 54200] Health IT developers are advised, but not required, to include in its disclosures whether and how failed electronic prescriptions are presented to the end-user. Health IT developers are also advised to incorporate how failed electronic prescriptions are presented to the end-user in its end-user training materials.

Clarifications:

  • The intended scope of this certification criterion is the ability of health IT to electronically exchange information with external recipients.
  • The criterion does not require prescriptions of controlled substances to be supported to demonstrate compliance with its requirements. Drugs and other substances that are considered controlled substances under the Controlled Substances Act (CSA) have been removed from the test data.
  • With the exception of which test data elements might be required, this certification criterion applies equally to both inpatient and ambulatory settings.
  • Errors received during testing related to the max field requirement can be treated as a warning. This does not remove the requirement from a surveillance perspective nor the general need for mandatory fields to be populated with data as required by the standard. Please consult with ONC regarding the Electronic Prescribing (eRx) tool's interpretive requirements.
  • It is beyond the scope of this certification criterion to require the capability to ensure that a provider is actively alerted when an electronic prescription fails. [see also 77 FR 54200] Health IT developers are advised, but not required, to include in its disclosures whether and how failed electronic prescriptions are presented to the end-user. Health IT developers are also advised to incorporate how failed electronic prescriptions are presented to the end-user in its end-user training materials.

Paragraph (b)(3)(ii)(A)(1-2) Prescription-related electronic transactions

Technical outcome – A user can send and receive the specified prescription transactions electronically per the SCRIPT Standard Implementation Guide and using RxNorm and NDC vocabulary codes, if appropriate for the standard leveraged.

Clarifications:

  • RxNorm is considered a minimum standard code set under the Certification Program, and developers are permitted to upgrade their products to comply with a newer version of RxNorm without adversely affecting a product’s certification status pursuant to 45 CFR 170.555(b)(2) as long as no other law prohibits such action. [see 85 FR 25680]
  • ONC intends for the RxNorm concept unique identifiers (RXCUIs) to be used as drug qualifiers. [see also 77 FR 54199]
  • All medications may not yet have an equivalent RxNorm code. Where no RxNorm code exists, nothing prohibits another allowable code from being used. However, where corresponding RxNorm codes exist, health IT must be able to use those codes. [see also 77 FR 54199]
  • Health IT developers have flexibility in determining how message notifications are presented to users. ONC recommends health IT developers and providers work together to determine whether batch-notification is preferable to real-time messaging alerts. Note that the notifications will differ based on the message type. [see also 80 FR 62642]
  • Errors received during testing related to synonymous RxNorm term types can be treated as a warning.
  • The scope of the medication history transaction requires sending a single request and receiving a single response to a request. Multiple medication history requests/responses are not required in the technical outcome.
  • Health IT modules certified to the § 170.315(b)(3) criterion must have the capacity to enable a user to receive and transmit the following medication renewal transactions (NewRx, RxRenewalRequest and RxRenewalResponse) and verify their validation reports. If the application meets these requirements, then a notable exception is granted to use a Replace instead of Approved response and the system should pass certification.
  • Health IT developers that present a Health IT Module for certification using the NCPDP SCRIPT standard version 2023011 as outlined in 170.205(b)(2) must support electronic prior authoriziation transactions previously listed as optional within the criterion (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). [see also 90 FR 37137

Technical outcome – A user can send and receive the specified prescription transactions electronically per the SCRIPT Standard Implementation Guide and using RxNorm and NDC vocabulary codes, if appropriate for the standard leveraged.

Clarifications:

  • RxNorm is considered a minimum standard code set under the Certification Program, and developers are permitted to upgrade their products to comply with a newer version of RxNorm without adversely affecting a product’s certification status pursuant to 45 CFR 170.555(b)(2) as long as no other law prohibits such action. [see 85 FR 25680]
  • ONC intends for the RxNorm concept unique identifiers (RXCUIs) to be used as drug qualifiers. [see also 77 FR 54199]
  • All medications may not yet have an equivalent RxNorm code. Where no RxNorm code exists, nothing prohibits another allowable code from being used. However, where corresponding RxNorm codes exist, health IT must be able to use those codes. [see also 77 FR 54199]
  • Health IT developers have flexibility in determining how message notifications are presented to users. ONC recommends health IT developers and providers work together to determine whether batch-notification is preferable to real-time messaging alerts. Note that the notifications will differ based on the message type. [see also 80 FR 62642]
  • Errors received during testing related to synonymous RxNorm term types can be treated as a warning.
  • The scope of the medication history transaction requires sending a single request and receiving a single response to a request. Multiple medication history requests/responses are not required in the technical outcome.
  • Health IT modules certified to the § 170.315(b)(3) criterion must have the capacity to enable a user to receive and transmit the following medication renewal transactions (NewRx, RxRenewalRequest and RxRenewalResponse) and verify their validation reports. If the application meets these requirements, then a notable exception is granted to use a Replace instead of Approved response and the system should pass certification.
  • Health IT developers that present a Health IT Module for certification using the NCPDP SCRIPT standard version 2023011 as outlined in 170.205(b)(2) must support electronic prior authoriziation transactions previously listed as optional within the criterion (PAInitiationRequest, PAInitiationResponse, PARequest, PAResponse, PAAppealRequest, PAAppealResponse, PACancelRequest, PACancelResponse, and PANotification). [see also 90 FR 37137

Paragraphs (b)(3)(ii)(B) Race and ethnicity information

Technical outcome –  A user can exchange race and ethnicity information when performing prescription-related electronic transactions if using the NCPDP SCRIPT standard version 2023011. 

Clarifications:

  • The ability to exchange race and ethnicity information is required for Health IT Modules certifiying using the NCPDP SCRIPT standard version 2023011 as outlined in 170.205(b)(2). This standard references reporting of race and ethnicity using the CDCREC 1.2 associated value set “PHVS_Race_CDC” version 2 (December 2018) from the code system code “PH_RaceAndEthnicity_CDC” as optional for certain transactions within the standard.  This aligns with the code system code in CDCREC 1.2 which is “PH_RaceAndEthnicity_CDC,” and is available on the Public Health Information Network (PHIN) Vocabulary Access and Distribution System (PHIN VADS).  [see also 90 FR 37144

Technical outcome –  A user can exchange race and ethnicity information when performing prescription-related electronic transactions if using the NCPDP SCRIPT standard version 2023011. 

Clarifications:

  • The ability to exchange race and ethnicity information is required for Health IT Modules certifiying using the NCPDP SCRIPT standard version 2023011 as outlined in 170.205(b)(2). This standard references reporting of race and ethnicity using the CDCREC 1.2 associated value set “PHVS_Race_CDC” version 2 (December 2018) from the code system code “PH_RaceAndEthnicity_CDC” as optional for certain transactions within the standard.  This aligns with the code system code in CDCREC 1.2 which is “PH_RaceAndEthnicity_CDC,” and is available on the Public Health Information Network (PHIN) Vocabulary Access and Distribution System (PHIN VADS).  [see also 90 FR 37144

Paragraph (b)(3)(ii)(C) Receive and transmit

Technical outcome – For all transactions in provision (b)(3)(ii)(C), health IT can receive and transmit the diagnosis or diagnoses that are the reason for the prescription.

Clarifications:

  • NCPDP SCRIPT Standard Version 2023011 no longer utilizes the current <Diagnosis> <Primary> or <Secondary> diagnosis elements previously identified in this subparagraph. [see also 90 FR 37143]
  • The Health IT Module is required to support the diagnosis or diagnoses associated with the medication being prescribed. ASTP/ONC has not finalized any requirements under the “electronic prescribing” criterion that Health IT Modules must support diagnosis elements that are not related to the medication being prescribed. [see also 90 FR 37143]

 

Technical outcome – For all transactions in provision (b)(3)(ii)(C), health IT can receive and transmit the diagnosis or diagnoses that are the reason for the prescription.

Clarifications:

  • NCPDP SCRIPT Standard Version 2023011 no longer utilizes the current <Diagnosis> <Primary> or <Secondary> diagnosis elements previously identified in this subparagraph. [see also 90 FR 37143]
  • The Health IT Module is required to support the diagnosis or diagnoses associated with the medication being prescribed. ASTP/ONC has not finalized any requirements under the “electronic prescribing” criterion that Health IT Modules must support diagnosis elements that are not related to the medication being prescribed. [see also 90 FR 37143]

 

Paragraph (b)(3)(ii)(E) Liquid medications

Technical outcome – Oral liquid medications can only be electronically prescribed using “mL” units.

Clarifications:

  • ONC clarifies that the volume for oral liquid medications must be prescribed using “mL” units. Testing and certification do not address the concentration of active ingredients, which is the amount of active ingredient per unit of volumetric measure (e.g., 5 mg per mL). When needed, health IT developers should represent concentrations of active ingredients using the appropriate units of measurement. E-prescribing of oral liquid medications using cc units will not be allowed for certification. [see also 80 FR 62643]

Technical outcome – Oral liquid medications can only be electronically prescribed using “mL” units.

Clarifications:

  • ONC clarifies that the volume for oral liquid medications must be prescribed using “mL” units. Testing and certification do not address the concentration of active ingredients, which is the amount of active ingredient per unit of volumetric measure (e.g., 5 mg per mL). When needed, health IT developers should represent concentrations of active ingredients using the appropriate units of measurement. E-prescribing of oral liquid medications using cc units will not be allowed for certification. [see also 80 FR 62643]

Paragraph (b)(3)(ii)(F) Leading zeroes

Technical outcome – For all e-prescribed medications, the health IT always inserts leading zeroes before the decimal point for amounts less than one and never allows trailing zeroes after a decimal point.

Clarifications:

  • No additional clarifications.

Technical outcome – For all e-prescribed medications, the health IT always inserts leading zeroes before the decimal point for amounts less than one and never allows trailing zeroes after a decimal point.

Clarifications:

  • No additional clarifications.

Archived Version:

2015 Edition Archived CCG