§170.315(b)(10) Electronic Health Information export
§ 170.315 (b)(10) Electronic Health Information export-
- Single patient electronic health information export.
- Enable a user to timely create an export file(s) with all of a single patient’s electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
- Limit the ability of users who can create such export file(s) in at least one of these two ways:
- To a specific set of identified users
- As system administrator function.
- The export file(s) created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Patient population electronic health information export. Create an export of all the electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- The export created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Documentation. The export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date.
None
Conditions and Maintenance of Certification
Assurances: Developers must certify to the criterion in § 170.315(b)(10) if a health IT product electronically stores EHI as outlined in the Assurances Conditions and Maintenance of Certification requirements.
Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.
Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
- Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
- Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
§ 170.315(b)(10) and, consistent with the rationale provided in the 2015 Edition Final rule, (g)(1) through (6) are exempt from the privacy and security certification framework due to the capabilities included in these criteria, which do not implicate privacy and security concerns (80 FR 62707).
In general, please note that those who use Health IT Module(s) certified to the “EHI export” criterion remain responsible for safeguarding the security and privacy of individuals’ electronic health information (EHI) consistent with applicable laws and regulations related to health information privacy and security, including the Heath Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, 42 CFR part 2, and state laws. The existence of a technical capability to make EHI more accessible and useable by Health IT Module users does not alter or change any of their data protection responsibilities under applicable laws and regulations.
| Version # | Description of Change | Version Date |
|---|---|---|
| 1.0 |
Initial publication |
03-11-2024
|
- Regulation Text
-
Regulation Text
§ 170.315 (b)(10) Electronic Health Information export-
- Single patient electronic health information export.
- Enable a user to timely create an export file(s) with all of a single patient’s electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
- Limit the ability of users who can create such export file(s) in at least one of these two ways:
- To a specific set of identified users
- As system administrator function.
- The export file(s) created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Patient population electronic health information export. Create an export of all the electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- The export created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Documentation. The export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date.
- Single patient electronic health information export.
- Standard(s) Referenced
-
None
- Certification Dependencies
-
Conditions and Maintenance of Certification
Assurances: Developers must certify to the criterion in § 170.315(b)(10) if a health IT product electronically stores EHI as outlined in the Assurances Conditions and Maintenance of Certification requirements.
Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.
Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
- Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
- Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
- Privacy & Security Requirements
-
§ 170.315(b)(10) and, consistent with the rationale provided in the 2015 Edition Final rule, (g)(1) through (6) are exempt from the privacy and security certification framework due to the capabilities included in these criteria, which do not implicate privacy and security concerns (80 FR 62707).
In general, please note that those who use Health IT Module(s) certified to the “EHI export” criterion remain responsible for safeguarding the security and privacy of individuals’ electronic health information (EHI) consistent with applicable laws and regulations related to health information privacy and security, including the Heath Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, 42 CFR part 2, and state laws. The existence of a technical capability to make EHI more accessible and useable by Health IT Module users does not alter or change any of their data protection responsibilities under applicable laws and regulations.
- Revision History
-
Version # Description of Change Version Date 1.0 Initial publication
03-11-2024
This Test Procedure illustrates the test steps required to certify a Health IT Module to this criterion. Please consult the most recent ONC Final Rule on the Certification Regulations page for a detailed description of the certification criterion with which these testing steps are associated. ONC also encourages developers to consult the Certification Companion Guide in tandem with the test procedure as it provides clarifications that may be useful for product development and testing.
Note: The tests step order does not necessarily prescribe the order in which the tests should take place.
Testing components
Paragraph (b)(10)(i) Single patient electronic health information export
- The health IT developer attests a user of the Health IT Module can perform an electronic health information (EHI) export for a single patient at any time the user chooses without developer assistance and that the export file(s):
- Is created in a timely fashion;
- Includes all the EHI for a single patient as described in § 170.315(b)(10)(i)(A);
- Is electronic and in a computable format; and
- Includes a publicly accessible hyperlink of the export’s format.
- The health IT developer attests the Health IT Module can limit users who can perform an EHI export for a single patient using one of the following methods:
- Grant a set of users the ability to perform the export; or
- Grant system administrator(s) the ability to perform the export.
- The ONC-ACB verifies the health IT developer attests a user of the Health IT Module can perform an EHI export for a single patient at any time the user chooses without developer assistance, and that the export file(s):
- Is created in a timely fashion;
- Includes all the EHI for a single patient as described in § 170.315(b)(10)(i)(A);
- Is electronic and in a computable format;
- Includes a publicly accessible hyperlink of the export’s format.
- The ONC-ACB verifies the health IT developer attests the Health IT Module can limit users who can perform an EHI export for a single patient using one of the following methods:
- Grant a set of users the ability to perform the export; or
- Grant system administrator(s) the ability to perform the export.
| System Under Test |
ONC-ACB Verification
|
|---|---|
|
|
Paragraph (b)(10)(ii) Patient population electronic health information export
The health IT developer attests the health IT developer can create an EHI export for all electronic health information, and that the export:
- Includes all the EHI for a patient population as described in § 170.315(b)(10)(ii);
- Is electronic and in a computable format; and
- Includes a publicly accessible hyperlink of the export’s format.
The ONC-ACB verifies the health IT developer attests the health IT developer can create an EHI export for all electronic health information, and that the export:
- includes all the EHI for a patient population as described in § 170.315(b)(10)(ii);
- is electronic and in a computable format; and
- includes a publicly accessible hyperlink of the export’s format.
| System Under Test |
ONC-ACB Verification
|
|---|---|
|
The health IT developer attests the health IT developer can create an EHI export for all electronic health information, and that the export:
|
The ONC-ACB verifies the health IT developer attests the health IT developer can create an EHI export for all electronic health information, and that the export:
|
Paragraph (b)(10)(iii) Documentation
The health IT developer attests the health IT developer has a process for keeping the export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section up-to-date.
The ONC-ACB verifies the health IT developer attests the health IT has a process for maintaining the export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section up-to-date.
| System Under Test |
ONC-ACB Verification
|
|---|---|
|
The health IT developer attests the health IT developer has a process for keeping the export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section up-to-date. |
The ONC-ACB verifies the health IT developer attests the health IT has a process for maintaining the export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section up-to-date. |
§ 170.315 (b)(10) Electronic Health Information export-
- Single patient electronic health information export.
- Enable a user to timely create an export file(s) with all of a single patient’s electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
- Limit the ability of users who can create such export file(s) in at least one of these two ways:
- To a specific set of identified users
- As system administrator function.
- The export file(s) created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Patient population electronic health information export. Create an export of all the electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- The export created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Documentation. The export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date.
None
Conditions and Maintenance of Certification
Assurances: Developers must certify to the criterion in § 170.315(b)(10) if a health IT product electronically stores EHI as outlined in the Assurances Conditions and Maintenance of Certification requirements.
Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.
Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
- Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
- Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
§ 170.315(b)(10) and, consistent with the rationale provided in the 2015 Edition Final rule, (g)(1) through (6) are exempt from the privacy and security certification framework due to the capabilities included in these criteria, which do not implicate privacy and security concerns (80 FR 62707).
In general, please note that those who use Health IT Module(s) certified to the “EHI export” criterion remain responsible for safeguarding the security and privacy of individuals’ electronic health information (EHI) consistent with applicable laws and regulations related to health information privacy and security, including the Heath Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, 42 CFR part 2, and state laws. The existence of a technical capability to make EHI more accessible and useable by Health IT Module users does not alter or change any of their data protection responsibilities under applicable laws and regulations.
| Version # | Description of Change | Version Date |
|---|---|---|
| 1.0 |
Initial publication |
03-11-2024
|
- Regulation Text
-
Regulation Text
§ 170.315 (b)(10) Electronic Health Information export-
- Single patient electronic health information export.
- Enable a user to timely create an export file(s) with all of a single patient’s electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
- Limit the ability of users who can create such export file(s) in at least one of these two ways:
- To a specific set of identified users
- As system administrator function.
- The export file(s) created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Patient population electronic health information export. Create an export of all the electronic health information that can be stored at the time of certification by the product, of which the Health IT Module is a part.
- The export created must be electronic and in a computable format.
- The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
- Documentation. The export format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date.
- Single patient electronic health information export.
- Standard(s) Referenced
-
None
- Certification Dependencies
-
Conditions and Maintenance of Certification
Assurances: Developers must certify to the criterion in § 170.315(b)(10) if a health IT product electronically stores EHI as outlined in the Assurances Conditions and Maintenance of Certification requirements.
Real World Testing: Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.
Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
- Quality management system (§ 170.315(g)(4)): When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
- Accessibility-centered design (§ 170.315(g)(5)): When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
- Privacy & Security Requirements
-
§ 170.315(b)(10) and, consistent with the rationale provided in the 2015 Edition Final rule, (g)(1) through (6) are exempt from the privacy and security certification framework due to the capabilities included in these criteria, which do not implicate privacy and security concerns (80 FR 62707).
In general, please note that those who use Health IT Module(s) certified to the “EHI export” criterion remain responsible for safeguarding the security and privacy of individuals’ electronic health information (EHI) consistent with applicable laws and regulations related to health information privacy and security, including the Heath Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, 42 CFR part 2, and state laws. The existence of a technical capability to make EHI more accessible and useable by Health IT Module users does not alter or change any of their data protection responsibilities under applicable laws and regulations.
- Revision History
-
Version # Description of Change Version Date 1.0 Initial Publication
03-11-20241.1 Added Design and Performance requirements under Certification Dependencies, as they were excluded in error from the initial publication.
03-27-2024
Certification Companion Guide: Electronic Health Information export
This Certification Companion Guide (CCG) is an informative document designed to assist with health IT product certification. The CCG is not a substitute for the requirements outlined in regulation and related ONC final rules. It extracts key portions of ONC final rules’ preambles and includes subsequent clarifying interpretations. To access the full context of regulatory intent please consult the Certification Regulations page for links to all ONC final rules or consult other regulatory references as noted. The CCG is for public use and should not be sold or redistributed.
The below table outlines whether this criterion has additional Maintenance of Certification dependencies, update requirements and/or eligibility for standards updates via SVAP. Review the Certification Dependencies and Required Update Deadline drop-downs above if this table indicates “yes” for any field.
| Base EHR Definition | Real World Testing | Insights Condition | SVAP | Requires Updates |
|---|---|---|---|---|
| Not Included | Yes | No | No | No |
Applies to Entire Criterion
Clarifications:
- EHI means “electronic protected health information” (ePHI) as defined in 45 CFR 160.103 to the extent that it would be included in a designated record set as defined in 45 CFR 164.501, regardless of whether the group of records are used or maintained by or for a covered entity. EHI does not include psychotherapy notes as defined in 45 CFR 164.501 or information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.
- The EHI definition represents the same ePHI that a patient would have the right to request a copy of pursuant to the HIPAA Privacy Rule.
- The criterion is specific to EHI, as defined above, that can be stored by the health IT product at the time the Health IT Module is presented for certification.
- Conformance “at the time of certification” means the combined data that is stored in and by the Health IT Module in its original form as presented for certification. It does not include within the certification criterion’s scope of export any data subsequently generated from unique post-certification deployments.
- The criterion does not specify transport method(s) or data standards that must be used.
- The criterion does not specify a predefined data set and will differ by developer and products of which the Health IT Module is a part. As a result, the amount of EHI that will need to be able to be exported in order to demonstrate conformance with this certification criterion will vary widely because of the diversity of products presented for certification.
- “Stored” data applies to all EHI and is agnostic as to whether the EHI is stored in or by the Certified Health IT Module or in or by any of the other “non-certified” capabilities of the health IT product of which the Certified Health IT Module is a part.
- “Can be stored by” refers to the EHI types stored in and by the health IT product, of which the Health IT Module is a part and is meant to be interpreted as the combination of EHI a heath IT product stores itself and in other data storage locations. Thus, the cumulative data covered by these storage techniques would be in the scope of data export.
- Any images, imaging information, and image elements that fall within this finalized scope of EHI that can be stored at the time of certification in or by the product, of which the Health IT Module is a part, will need to be exported under this certification criterion.
- In the context of imaging, if the only EHI stored in or by the product to which this certification criterion applies are links to images/imaging data (and not the images themselves, which may remain in a picture archiving and communication system (PACS)) then only such links must be part of what is exported.
- This certification criterion also does not prescribe how (i.e., media/medium) the exported information is to be made available to the user, as this may depend on the size and type of information to be exported.
- The export format need not be the same format used internally by the certified health IT, and the health IT developer does not need to make public its proprietary data model.
- The file formats and related definitions also are finalized as specific certification requirements, though developers are encouraged to continue to foster transparency and best practices for data sharing when they create and update their export format information. However, the export file(s) created must be electronic and in a computable format.
|
Clarifications:
|
Paragraph (b)(10)(i)(A) Single patient electronic health information export
Technical outcome – Enable a user to timely create an export file(s) with all of a single patient’s electronic health information stored at the time of certification by the product, of which the Health IT Module is a part.
Clarifications:
- “Timely” means near real-time, while being reasonable and prudent given the circumstances.
|
Technical outcome – Enable a user to timely create an export file(s) with all of a single patient’s electronic health information stored at the time of certification by the product, of which the Health IT Module is a part. Clarifications:
|
Paragraph (b)(10)(i)(B) Single patient electronic health information export
Technical outcome – A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
Clarifications:
- No additional clarifications.
|
Technical outcome – A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate. Clarifications:
|
Paragraph (b)(10)(i)(C) Single patient electronic health information export
Technical outcome – Limit the ability of users who can create export file(s) in at least one of these two ways: (1) To a specific set of identified users (2) As a system administrative function.
Clarifications:
- “User” is a health care professional or his or her office staff; or a software program or service that would interact directly with the certified health IT (see also 80 FR 62611, 77 FR 54168).
- The ability to limit the health IT users’ access to the single patient EHI export functionality in § 170.315(b)(10)(i) is intended to be used by and at the discretion of the organization implementing the technology. This cannot be used by health IT developers as a way to thwart or moot the overarching user-driven aspect of this capability (see also 80 FR 62646).
- This certification criterion does not require “direct-to-patient” functionality in order to demonstrate conformance. The capability to execute this certification criterion can be health care provider/health care organization initiated (presumably upon that organization receiving a request by patient for his or her EHI).
|
Technical outcome – Limit the ability of users who can create export file(s) in at least one of these two ways: (1) To a specific set of identified users (2) As a system administrative function. Clarifications:
|
Paragraph (b)(10)(i)(D) Single patient electronic health information export
Technical outcome – The export files(s) created must be electronic and in a computable format.
Clarifications:
- There is nothing that proscribes the use of PDF to meet the certification requirements for (b)(10) EHI Export, provided the requirement for "computable format" is met by the PDF produced. If it is necessary to produce a PDF for the purpose of meeting this provision, the PDF must be an interpretable, machine-readable output. While this may be possible for some PDFs, other PDFs, such as those that include EHI as images, generally might not be an interpretable, machine-readable output. One way a PDF could be a machine-readable format would be if it was structured so that the data it conveyed could be consumed or imported by another software program using consistent processing logic, consistent with the National Institute of Standards and Technology’s definition of “machine-readable.” If a data output format is structured so that the EHI it conveys is machine readable and computable, then that output format is a machine-readable and computable format, regardless of the file extension.
|
Technical outcome – The export files(s) created must be electronic and in a computable format. Clarifications:
|
Paragraph (b)(10)(i)(E) Single patient electronic health information export
Technical outcome – The publicly accessible hyperlink of the export’s format must be included with the exported file(s).
Clarifications:
- No additional clarifications.
|
Technical outcome – The publicly accessible hyperlink of the export’s format must be included with the exported file(s). Clarifications:
|
Paragraph (b)(10)(ii) Patient population electronic health information export
Technical outcome – Create an export of all the electronic health information that can be stored at the time of certification by product of which the Health IT Module is a part.
Clarifications:
- The patient population EHI export capability of this criterion could require action or support on the part of the health IT developer.
- For the (b)(10)(ii) requirements for patient population export, ONC does not specify requirements as to how the export must be initiated or processed. However, for (b)(10)(ii) conformance, developer must ensure that an export can be created for all the electronic health information that can be stored at the time of certification by the product of which the Health IT Module is a part. Note that developers are also required under the § 170.402 Assurances Condition of Certification to ensure full compliance and unrestricted implementation of the (b)(10) functionality, including patient population export.
- The documentation for the export format consists of information on the structure and syntax for how the EHI will be exported by the product such as, for example, Consolidated-Clinical Document Architecture (C-CDA) document(s) or data dictionary for comma separated values (csv) file(s), and not the actual EHI. This documentation must be made available through a publicly accessible hyperlink.
- Health IT developers must keep the documentation related to the export format “up-to-date.” For example, if the health IT developer had previously specified the C-CDA standard as the export format for meeting the criterion, but subsequently updated its product to use the FHIR® standard and stopped supporting C-CDA export format, then the documentation for export format, which is made available through the publicly accessible hyperlink, would need to be updated so that users are able to continue to accurately process the EHI exported by the product.
- The (b)(10) EHI export certification criterion does not prescribe how the exported information is to be made available to the user, as this may depend on the size and type of information to be exported.
|
Technical outcome – Create an export of all the electronic health information that can be stored at the time of certification by product of which the Health IT Module is a part. Clarifications:
|
Paragraph (b)(10)(iii) Documentation
Technical outcome – The exported format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date.
Clarifications:
- The developer’s clinical EHI export format should be made publicly available via a hyperlink as part of certification to the criterion, including keeping the hyperlink up-to-date with the current export format. Similar to the API documentation, this link will also be made available on the Certified Health IT Product List (CHPL).
- The hyperlink must allow any person to directly access the information without any preconditions or additional steps.
|
Technical outcome – The exported format(s) used to support paragraphs (b)(10)(i) and (ii) of this section must be kept up-to-date. Clarifications:
|