Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 45 - Public Welfare |
Subtitle A - Department of Health and Human Services |
SubChapter D - Health Information Technology |
Part 170 - Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology |
Subpart C - Certification Criteria for Health Information Technology |
§ 170.302 - General certification criteria for Complete EHRs or EHR Modules.
-
Link to an amendment published at 79 FR 54478, Sept. 11, 2014.
The Secretary adopts the following general certification criteria for Complete EHRs or EHR Modules. Complete EHRs or EHR Modules must include the capability to perform the following functions electronically, unless designated as optional, and in accordance with all applicable standards and implementation specifications adopted in this part:
(a) Drug-drug, drug-allergy interaction checks—(1) Notifications. Automatically and electronically generate and indicate in real-time, notifications at the point of care for drug-drug and drug-allergy contraindications based on medication list, medication allergy list, and computerized provider order entry (CPOE).
(2) Adjustments. Provide certain users with the ability to adjust notifications provided for drug-drug and drug-allergy interaction checks.
(b) Drug-formulary checks. Enable a user to electronically check if drugs are in a formulary or preferred drug list.
(c) Maintain up-to-date problem list. Enable a user to electronically record, modify, and retrieve a patient's problem list for longitudinal care in accordance with:
(1) The standard specified in §170.207(a)(1); or
(2) At a minimum, the version of the standard specified in §170.207(a)(2).
(d) Maintain active medication list. Enable a user to electronically record, modify, and retrieve a patient's active medication list as well as medication history for longitudinal care.
(e) Maintain active medication allergy list. Enable a user to electronically record, modify, and retrieve a patient's active medication allergy list as well as medication allergy history for longitudinal care.
(f) Record and chart vital signs—(1) Vital signs. Enable a user to electronically record, modify, and retrieve a patient's vital signs including, at a minimum, height, weight, and blood pressure.
(2) Calculate body mass index. Automatically calculate and display body mass index (BMI) based on a patient's height and weight.
(3) Plot and display growth charts. Plot and electronically display, upon request, growth charts for patients 2-20 years old.
(g) Smoking status. Enable a user to electronically record, modify, and retrieve the smoking status of a patient. Smoking status types must include: current every day smoker; current some day smoker; former smoker; never smoker; smoker, current status unknown; and unknown if ever smoked.
(h) Incorporate laboratory test results—(1) Receive results. Electronically receive clinical laboratory test results in a structured format and display such results in human readable format.
(2) Display test report information. Electronically display all the information for a test report specified at 42 CFR 493.1291(c)(1) through (7).
(3) Incorporate results. Electronically attribute, associate, or link a laboratory test result to a laboratory order or patient record.
(i) Generate patient lists. Enable a user to electronically select, sort, retrieve, and generate lists of patients according to, at a minimum, the data elements included in:
(1) Problem list;
(2) Medication list;
(3) Demographics; and
(4) Laboratory test results.
(j) Medication reconciliation. Enable a user to electronically compare two or more medication lists.
(k) Submission to immunization registries. Electronically record, modify, retrieve, and submit immunization information in accordance with:
(1) The standard (and applicable implementation specifications) specified in §170.205(e)(1) or §170.205(e)(2); and
(2) At a minimum, the version of the standard specified in §170.207(e).
(l) Public health surveillance. Electronically record, modify, retrieve, and submit syndrome-based public health surveillance information in accordance with the standard specified in §170.205(d)(1) or §170.205(d)(2).
(m) Patient-specific education resources. Enable a user to electronically identify and provide patient-specific education resources according to, at a minimum, the data elements included in the patient's: problem list; medication list; and laboratory test results; as well as provide such resources to the patient.
(n) Automated measure calculation. For each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure.
(o) Access control. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information.
(p) Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency.
(q) Automatic log-off. Terminate an electronic session after a predetermined time of inactivity.
(r) Audit log—(1) Record actions. Record actions related to electronic health information in accordance with the standard specified in §170.210(b).
(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at §170.210(b).
(s) Integrity. (1) Create a message digest in accordance with the standard specified in §170.210(c).
(2) Verify in accordance with the standard specified in §170.210(c) upon receipt of electronically exchanged health information that such information has not been altered.
(3) Detection. Detect the alteration of audit logs.
(t) Authentication. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information.
(u) General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology.
(v) Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2).
(w) Optional. Accounting of disclosures. Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in §170.210(d).
[75 FR 44651, July 28, 2010, as amended at 75 FR 62690, Oct. 13, 2010]