45 CFR 170.302 - General certification criteria for Complete EHRs or EHR Modules.

Status message

There is 1 rule appearing in the Federal Register for 45 CFR 170. View below or at eCFR (GPOAccess)
§ 170.302 General certification criteria for Complete EHRs or EHR Modules.
The Secretary adopts the following general certification criteria for Complete EHRs or EHR Modules. Complete EHRs or EHR Modules must include the capability to perform the following functions electronically, unless designated as optional, and in accordance with all applicable standards and implementation specifications adopted in this part:
(a) Drug-drug, drug-allergy interaction checks—(1) Notifications. Automatically and electronically generate and indicate in real-time, notifications at the point of care for drug-drug and drug-allergy contraindications based on medication list, medication allergy list, and computerized provider order entry (CPOE).
(2) Adjustments. Provide certain users with the ability to adjust notifications provided for drug-drug and drug-allergy interaction checks.
(b) Drug-formulary checks. Enable a user to electronically check if drugs are in a formulary or preferred drug list.
(c) Maintain up-to-date problem list. Enable a user to electronically record, modify, and retrieve a patient's problem list for longitudinal care in accordance with:
(1) The standard specified in § 170.207(a)(1); or
(2) At a minimum, the version of the standard specified in § 170.207(a)(2).
(d) Maintain active medication list. Enable a user to electronically record, modify, and retrieve a patient's active medication list as well as medication history for longitudinal care.
(e) Maintain active medication allergy list. Enable a user to electronically record, modify, and retrieve a patient's active medication allergy list as well as medication allergy history for longitudinal care.
(f) Record and chart vital signs—(1) Vital signs. Enable a user to electronically record, modify, and retrieve a patient's vital signs including, at a minimum, height, weight, and blood pressure.
(2) Calculate body mass index. Automatically calculate and display body mass index (BMI) based on a patient's height and weight.
(3) Plot and display growth charts. Plot and electronically display, upon request, growth charts for patients 2-20 years old.
(g) Smoking status. Enable a user to electronically record, modify, and retrieve the smoking status of a patient. Smoking status types must include: current every day smoker; current some day smoker; former smoker; never smoker; smoker, current status unknown; and unknown if ever smoked.
(h) Incorporate laboratory test results—
(1) Receive results. Electronically receive clinical laboratory test results in a structured format and display such results in human readable format.
(2) Display test report information. Electronically display all the information for a test report specified at 42 CFR 493.1291(c)(1) through (7).
(3) Incorporate results. Electronically attribute, associate, or link a laboratory test result to a laboratory order or patient record.
(i) Generate patient lists. Enable a user to electronically select, sort, retrieve, and generate lists of patients according to, at a minimum, the data elements included in:
(1) Problem list;
(2) Medication list;
(3) Demographics; and
(4) Laboratory test results.
(j) Medication reconciliation. Enable a user to electronically compare two or more medication lists.
(k) Submission to immunization registries. Electronically record, modify, retrieve, and submit immunization information in accordance with:
(1) The standard (and applicable implementation specifications) specified in § 170.205(e)(1) or § 170.205(e)(2); and
(2) At a minimum, the version of the standard specified in § 170.207(e).
(l) Public health surveillance. Electronically record, modify, retrieve, and submit syndrome-based public health surveillance information in accordance with the standard specified in § 170.205(d)(1) or § 170.205(d)(2).
(m) Patient-specific education resources. Enable a user to electronically identify and provide patient-specific education resources according to, at a minimum, the data elements included in the patient's: problem list; medication list; and laboratory test results; as well as provide such resources to the patient.
(n) Automated measure calculation. For each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure.
(o) Access control. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information.
(p) Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency.
(q) Automatic log-off. Terminate an electronic session after a predetermined time of inactivity.
(r) Audit log—
(1) Record actions. Record actions related to electronic health information in accordance with the standard specified in § 170.210(b).
(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at § 170.210(b).
(s) Integrity.
(1) Create a message digest in accordance with the standard specified in § 170.210(c).
(2) Verify in accordance with the standard specified in § 170.210(c) upon receipt of electronically exchanged health information that such information has not been altered.
(3) Detection. Detect the alteration of audit logs.
(t) Authentication. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information.
(u) General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in § 170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology.
(v) Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in § 170.210(a)(2).
(w) Optional. Accounting of disclosures. Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in § 170.210(d).
[75 FR 44651, July 28, 2010, as amended at 75 FR 62690, Oct. 13, 2010]

Title 45 published on 2013-10-01

The following are only the Rules published in the Federal Register after the published date of Title 45.

For a complete list of all Rules, Proposed Rules, and Notices view the Rulemaking tab.

  • 2013-11-04; vol. 78 # 213 - Monday, November 4, 2013
    1. 78 FR 65884 - 2014 Edition Electronic Health Record Certification Criteria: Revision to the Definition of “Common Meaningful Use (MU) Data Set”
      GPO FDSys XML | Text
      DEPARTMENT OF HEALTH AND HUMAN SERVICES, Office of the Secretary
      Interim final rule with comment period.
      Effective date: This regulation is effective on December 4, 2013. Comment date: To be assured consideration, comments must be received at one of the addresses provided below, no later than 5 p.m. on January 3, 2014.
      45 CFR Part 170

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code

Title 45 published on 2013-10-01

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 45 CFR 170 after this date.

  • 2014-05-23; vol. 79 # 100 - Friday, May 23, 2014
    1. 79 FR 29732 - Medicare and Medicaid Programs; Modifications to the Medicare and Medicaid Electronic Health Record Incentive Programs for 2014; and Health Information Technology: Revisions to the Certified EHR Technology Definition
      GPO FDSys XML | Text
      DEPARTMENT OF HEALTH AND HUMAN SERVICES, Office of the Secretary, Centers for Medicare & Medicaid Services
      Proposed rule.
      To be assured consideration, comments must be received at one of the addresses provided below, no later than 5 p.m. on July 21, 2014.
      42 CFR Part 495