Oversight and Surveillance


Surveillance and oversight activities have a significant role in the ONC Health IT Certification Program (Certification Program) as they are critical to providing assurance that Certified Health IT Modules function as intended in a production environment and do not present safety and/or public health risks. As a requirement of certification, Certified Health IT Modules are subject to surveillance activities. The purpose of surveillance is to ensure that certified products and capabilities meet certification requirements, not just in a controlled testing environment, but also when they are used “in the field” (for example, in a clinician’s office or a hospital).

AN ONC-Authorized Certification Body (ONC-ACB) must conduct surveillance to determine if a Health IT Module it certified continues to function as required by its certification. In certain situations where a Certified Health IT Module has a potential or known non-conformity (i.e., does not meet the Certification Program requirements) that may present a serious risk to public health or safety or may pose special challenges for ONC-ACBs’ surveillance, ONC may choose to directly review the product’s conformity to Certification Program requirements; this process is called Direct Review. ONC’s Direct Review process complements ONC-ACB surveillance and is aimed at promoting developer accountability for the performance, reliability, and safety of health IT. ONC may also initiate Direct Review if it has a reasonable belief that a Certified Health IT Developer has not complied with a Condition or Maintenance of Certification requirement.

Certified Health IT Developer Responsibilities

Certified Health IT Developers have a responsibility to cooperate with ONC-ACB surveillance and ONC Direct Review. The goal of ONC-ACB surveillance and Direct Review is to help developers identify and address non-compliance to Conditions and Maintenance of Certification requirements and non-conformities in certified health IT that providers use to support patient care. ONC and ONC-ACBs will work with Certified Health IT Developers to remedy any non-conformities in a timely manner and across all customers.

End Users

If there are concerns regarding compliance with Certification Program requirements, there is a complaint process to reach an appropriate resolution. As a first step, ONC urges users to work directly with the Certified Health IT Developer to resolve any issues, as this will likely be the quickest and most efficient means of having concerns recognized, addressed, and resolved. If efforts between a user and the Certified Health IT Developer fail to resolve the concern, the ONC-ACB that certified the health IT may be able to provide further assistance. The appropriate ONC-ACB and its contact information can be found under the certified health IT product’s listing on the CHPL. If neither step successfully addresses the concerns, customers and users of certified health IT can submit a complaint directly to ONC through the Health IT Feedback and Inquiry Portal.

Additional Guidance

Certification Program Enforcement Outcomes

ONC-ACB Surveillance Resource

Certification Ban Guidance