Skip to main content
Find a Lawyer

Code of Federal Regulations Title 45. Public Welfare § 45.170.550 Health IT Module certification

Current as of January 02, 2025 | Updated by Findlaw Staff

(a) Certification scope. When certifying Health IT Module(s), an ONC–ACB must certify in accordance with the applicable certification criteria adopted by the Secretary at subpart C of this part.

(b) Health IT product scope options. An ONC–ACB must provide the option for an Health IT Module(s) to be certified solely to the applicable certification criteria adopted by the Secretary at subpart C of this part.

(c) Gap certification. An ONC–ACB may provide the option for and perform gap certification of previously certified Health IT Module(s).

(d) Upgrades and enhancements. An ONC–ACB may provide an updated certification to a previously certified Health IT Module(s).

(e) Standards updates. ONC–ACBs must provide an option for certification of Health IT Modules consistent with § 171.405(b)(7) or (8) to any one or more of the criteria referenced in § 170.405(a) based on newer versions of standards included in the criteria which have been approved by the National Coordinator for use in certification.

(f) [Reserved by 85 FR 25952]

(g) Health IT module dependent criteria. When certifying a Health IT Module to the 2015 Edition health IT certification criteria, an ONC–ACB must certify the Health IT Module in accordance with the certification criteria at:

(1)Section 170.315(g)(3) if the Health IT Module is presented for certification to one or more listed certification criteria in § 170.315(g)(3);

(2)Section 170.315(g)(4);

(3)Section 170.315(g)(5);  and

(4)Section 170.315(g)(6) if the Health IT Module is presented for certification with C–CDA creation capabilities within its scope. If the scope of certification sought includes multiple certification criteria that require C–CDA creation, § 170.315(g)(6) need only be tested in association with one of those certification criteria and would not be expected or required to be tested for each. If the scope of certification sought includes multiple certification criteria that require C–CDA creation, § 170.315(g)(6) need only be tested in association with one of those certification criteria and would not be expected or required to be tested for each so long as all applicable C–CDA document templates have been evaluated as part of § 170.315(g)(6) for the scope of the certification sought.

(5)Section 170.315(b)(10) when a health IT developer presents a Health IT Module for certification that can store electronic health information at the time of certification by the product, of which the Health IT Module is a part.

(h) Privacy and security certification framework—

(1) General rule. When certifying a Health IT Module to the 2015 Edition health IT certification criteria, an ONC–ACB can only issue a certification to a Health IT Module if the privacy and security certification criteria in paragraphs (h)(3)(i) through (ix) of this section have also been met (and are included within the scope of the certification).

(2) Testing. In order to be issued a certification, a Health IT Module would only need to be tested once to each applicable privacy and security criterion in paragraphs (h)(3)(i) through (ix) of this section so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification, except for the following:

(i) A Health IT Module presented for certification to § 170.315(e)(1) must be separately tested to § 170.315(d)(9);  and

(ii) A Health IT Module presented for certification to § 170.315(e)(2) must be separately tested to § 170.315(d)(9).

(3) Applicability.

(i)Section 170.315(a)(1) through (3), (5), (12), (14), and (15) are also certified to the certification criteria specified in § 170.315(d)(1) through (7), (d)(12), and (13).

(ii)Section 170.315(a)(4), (9), (10), and (13) are also certified to the certification criteria specified in § 170.315(d)(1) through (3), and (d)(5) through (7), (d)(12), and (13).

(iii)Section 170.315(b)(1) through (3) and (6) through (9) are also certified to the certification criteria specified in § 170.315(d)(1) through (3) and (d)(5) through (8), (12), and (13);

(iv)Section 170.315(c) is also certified to the certification criteria specified in § 170.315(d)(1), (d)(2)(i)(A), (B), (d)(2)(ii) through (v), (d)(3), (5), (12), and (13);

(v)Section 170.315(e)(1) is also certified to the certification criteria specified in § 170.315(d)(1) through (3), (5), (7), (9), (12), and (13);

(vi)Section 170.315(e)(2) and (3) is also certified to the certification criteria specified in § 170.315(d)(1), (d)(2)(i)(A) and (B), (d)(2)(ii) through (v), (d)(3), (5), (9), (12), and (13);

(vii)Section 170.315(f) is also certified to the certification criteria specified in § 170.315(d)(1) through (3), (7), (12), and (13);

(viii)Section 170.315(g)(7) through (10) is also certified to the certification criteria specified in § 170.315(d)(1), (9), (12), and (13);  and (d)(2)(i)(A) and (B), (d)(2)(ii) through (v), or (d)(10);

(ix)Section 170.315(h) is also certified to the certification criteria specified in § 170.315(d)(1), (d)(2)(i)(A) and (B), (d)(2)(ii) through (v), (d)(3), (12), and (13);  and

(i) [Reserved]

(j) Direct Project transport method. An ONC–ACB can only issue a certification to a Health IT Module for § 170.315(h)(1) if the Health IT Module's certification also includes § 170.315(b)(1).

(k) Inherited certified status. An ONC–ACB must accept requests for a newer version of a previously certified Health IT Module(s) to inherit the certified status of the previously certified Health IT Module(s) without requiring the newer version to be recertified.

(1) Before granting certified status to a newer version of a previously certified Health IT Module(s), an ONC–ACB must review an attestation submitted by the developer(s) of the Health IT Module(s) to determine whether any change in the newer version has adversely affected the Health IT Module(s)' capabilities for which certification criteria have been adopted.

(2) An ONC–ACB may grant certified status to a newer version of a previously certified Health IT Module(s) if it determines that the capabilities for which certification criteria have been adopted have not been adversely affected.

(l) Conditions of certification attestations. Ensure that the health IT developer of the Health IT Module has met its responsibilities under subpart D of this part.

(m) Time-limited certification and certification status for certain 2015 Edition certification criteria. An ONC–ACB may only issue a certification to a Health IT Module and permit continued certified status for:

(1)Section 170.315(a)(10) and (13) and § 170.315(e)(2) for the period before January 1, 2022.

(2)Section 170.315(b)(6) for the period before December 31, 2023.

(3)Section 170.315(g)(8) for the period before December 31, 2022.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Code of Federal Regulations Title 45. Public Welfare § 45.170.550 Health IT Module certification - last updated January 02, 2025 | https://codes.findlaw.com/cfr/title-45-public-welfare/cfr-sect-45-170-550/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard