Skip to main content
U.S. flag

An official website of the United States government

Return to Search

B13. How does privacy and security certification work for Health Module certification?

Guidance for how privacy and security certifications works for Health Module certification

Final

Issued by: Office of the National Coordinator (ONC) of Health Information Technology

B13. How does privacy and security certification work for Health Module certification?

EHR Module(s) shall be certified to all privacy and security certification criteria adopted by the Secretary, unless the EHR Module(s) is presented for certification in one of the following manners:

  1. The EHR Modules are presented for certification as a pre-coordinated, integrated bundle of EHR Modules, which would otherwise meet the definition of and constitute a Complete EHR, and one or more of the constituent EHR Modules is demonstrably responsible for providing all of the privacy and security capabilities for the entire bundle of EHR Modules; or
  2. An EHR Module is presented for certification, and the presenter can demonstrate and provide documentation to the ONC-Authorized Certification Body (ONC-ACB) that a privacy and security certification criterion is inapplicable or that it would be technically infeasible for the EHR Module to be certified in accordance with such certification criterion.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.