You are here: Home Home Hospital Information Systems Clinical Information Systems CCHIT Ambulatory EHR Certification Criteria

Mediformatica - The Medical Informatics Portal

Mediformatica - The Medical Informatics Portal

Latest Blog Articles

CCHIT Ambulatory EHR Certification Criteria

E-mail Print PDF
Image
CCHIT
The Certification Commission is a recognized certification body for electronic health records and their networks, and a private, nonprofit initiative. CCHIT Certified electronic health records (EHR) assure customers —physicians and other providers— and others in the marketplace —payers, purchasers and consumers— that certified products meet all basic criteria for functionality, interoperability and security.

Following are the Final Ambulatory EHR criteria...
 

Ambulatory – AM
Cardiovascular – CV
Child Health – CH
Emergency Department – ED
Foundation – FN
Inpatient – IP
Interoperability – IO
Privacy & Compliance – PC
Security – SC
Network Core – NC
Network Modular – NM

2008 Criteria Category Category Description Criteria
AM 01.01 Identify and maintain a patient record Key identifying information is stored and linked to the patient record.  Both static and dynamic data elements will be maintained.  A look up function uses this information to uniquely identify the patient. The system shall create a single patient record for each patient.
AM 01.02 Identify and maintain a patient record Key identifying information is stored and linked to the patient record.  Both static and dynamic data elements will be maintained.  A look up function uses this information to uniquely identify the patient. The system shall associate (store and link) key identifier information (e.g., system ID, medical record number) with each patient record.
AM 01.03 Identify and maintain a patient record Key identifying information is stored and linked to the patient record.  Both static and dynamic data elements will be maintained.  A look up function uses this information to uniquely identify the patient. The system shall provide the ability to store more than one identifier for each patient record.
AM 01.04 Identify and maintain a patient record Key identifying information is stored and linked to the patient record.  Both static and dynamic data elements will be maintained.  A look up function uses this information to uniquely identify the patient. The system shall provide a field which will identify patients as being exempt from reporting functions.
AM 01.05 Identify and maintain a patient record Key identifying information is stored and linked to the patient record.  Both static and dynamic data elements will be maintained.  A look up function uses this information to uniquely identify the patient. The system shall provide the ability to merge patient information from two patient records into a single patient record.
AM 02.01 Manage patient demographics Contact information including addresses and phone numbers, as well as key demographic information such as date of birth, gender, and other information is stored and maintained for reporting purposes and for the provision of care. The system shall provide the ability to include demographic information in reports.
AM 02.02 Manage patient demographics Contact information including addresses and phone numbers, as well as key demographic information such as date of birth, gender, and other information is stored and maintained for reporting purposes and for the provision of care. The system shall provide the ability to maintain and make available historic information for demographic data including prior names, addresses, phone numbers and email addresses.
AM 02.03 Manage patient demographics Contact information including addresses and phone numbers, as well as key demographic information such as date of birth, gender, and other information is stored and maintained for reporting purposes and for the provision of care. The system shall provide the ability to maintain at least two names or aliases for the same patient.
AM 02.04 Manage patient demographics Contact information including addresses and phone numbers, as well as key demographic information such as date of birth, gender, and other information is stored and maintained for reporting purposes and for the provision of care. The system shall provide the ability to modify demographic information about the patient.
AM 02.05 Manage patient demographics Contact information including addresses and phone numbers, as well as key demographic information such as date of birth, gender, and other information is stored and maintained for reporting purposes and for the provision of care. The system shall store demographic information in the patient medical record in separate discrete data fields, such that data extraction tools can retrieve these data.
AM 03.01 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to display all current problems associated with a patient.
AM 03.02 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to maintain a history of all problems associated with a patient.
AM 03.03 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to maintain the onset date of the problem.
AM 03.04 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to maintain the resolution date of the problem.
AM 03.05 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to record the chronicity (chronic, acute/self-limiting, etc.) of a problem.
AM 03.06 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to record the user ID and date of all updates to the problem list. 
AM 03.07 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to associate orders, medications, and notes with one or more problems.
AM 03.08 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to associate orders, medications and notes with one or more codified problems.
AM 03.09 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to maintain a coded list of problems. 
AM 03.10 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to display inactive and/or resolved problems.
AM 03.11 Manage problem list Create and maintain patient specific problem lists. The system shall provide the ability to separately display active problems from inactive/resolved problems.
AM 04.01 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability for the user to expressly indicate that the medication list has been reviewed; this must be stored as structured data.  The system must capture and display the ID of the user conducting the review, and the date of the review.  
AM 04.02 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to record the prescribing of medications including the identity of the prescriber.
AM 04.03 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to maintain medication ordering dates.
AM 04.04 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to maintain other dates associated with medications including start, modify, renewal and end dates as applicable.
AM 04.05 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to display medication history for the patient.
AM 04.06 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to capture medications entered by authorized users other than the prescriber.
AM 04.07 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall store medication information in discrete data fields.  At a minimum, there must be one field for each of the following:
- medication name, form and strength;
- dispense quantity;
- refills; and
- sig.
AM 04.08 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall include standard medication codes associated with each medication in the list for medications in the vendor-provided medication database.
AM 04.09 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to enter uncoded or free text medications when medications are not on the vendor-provided medication database or information is insufficient to completely identify the medication.
AM 04.10 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to enter or further specify in a discrete field that the patient takes no medications.
AM 04.11 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to record the date of changes made to a patient's medication list and the identity of the user who made the changes.  
AM 04.12 Manage medication list Create and maintain patient specific medication lists- Please see DC.1.7.1 for medication ordering as there is some overlap. The system shall provide the ability to automatically exclude from the display of current medications a prescription whose duration has been exceeded or end date has passed.
AM 05.01 Manage allergy and adverse reaction list Create and maintain patient specific allergy and adverse reaction lists. The system shall provide the ability to capture and store lists of medications and other agents to which the patient has had an allergic or other adverse reaction in a standard coded form.
AM 05.02 Manage allergy and adverse reaction list Create and maintain patient specific allergy and adverse reaction lists. The system shall provide the ability to record the inactivation of items from the allergy list. 
AM 05.03 Manage allergy and adverse reaction list Create and maintain patient specific allergy and adverse reaction lists. The system shall provide the ability to display information which has been inactivated or removed from the allergy and adverse reaction list. 
AM 05.04 Manage allergy and adverse reaction list Create and maintain patient specific allergy and adverse reaction lists. The system shall provide the ability to distinguish between an allergy and an intolerance as discrete data.  
AM 06.01 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to capture, store, display, and manage patient history. 
AM 06.02 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to capture structured data in the patient history.  
AM 06.03 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to update a patient history by modifying, adding or removing items from the patient history as appropriate.
AM 06.04 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to capture patient history as both a presence and absence of conditions, i.e., the specification of the absence of a personal or family history of a specific diagnosis, procedure or health risk behavior.
AM 06.05 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to capture history collected from outside sources.
AM 06.06 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall provide the ability to capture patient history in a standard coded form.
AM 06.07 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall be capable of documenting current and past tobacco use in a quantitative fashion.
AM 06.08 Manage patient history Capture, review, and manage medical, procedural/surgical, social and family history including the capture of pertinent positive and negative histories, patient reported or externally available patient clinical history. The system shall be capable of documenting that tobacco cessation counseling was provided, including a date stamp.
AM 07.01 Summarize health record   The system shall provide the ability to create and display a summary list for each patient that includes, at a minimum, the active problem list, current medication list, medication allergies and adverse reactions
AM 08.01 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to create clinical documentation or notes (henceforth "documentation").
AM 08.02 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to display documentation.
AM 08.03 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to save a note in progress prior to finalizing the note.
AM 08.04 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to finalize a note, i.e., change the status of the note from in progress to complete so that any subsequent changes are recorded as such.
AM 08.05 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to record the identity of the user finalizing each note and the date and time of finalization.
AM 08.06 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to cosign a note and record the date and time of signature.
AM 08.07 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to addend and/or correct notes that have been finalized.
AM 08.08 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to identify the full content of a modified note, both the original content and the content resulting after any changes, corrections, clarifications, addenda, etc. to a finalized note.
AM 08.09 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to record and display the identity of the user who addended or corrected a note and the date and time of the change.
AM 08.10 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to enter free text notes.
AM 08.11 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to filter, search or order notes by the provider who finalized the note.
AM 08.12 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to filter, search or order notes by associated diagnosis within a patient record.
AM 08.13 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to capture patient vital signs, including blood pressure, heart rate, respiratory rate, height, and weight, as discrete data.
AM 08.14 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to capture and display temperature, weight and height in both metric and English units
AM 08.15 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall be capable of indicating to the user when a vital sign measurement falls outside a preset normal range as set by authorized users. 
AM 08.16 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to capture other clinical data elements as discrete data. 
AM 08.17 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to display other discrete numeric clinical data elements, such as peak expiratory flow rate or pain scores, in tabular and graphical form.
AM 08.18 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to capture and store discrete data regarding symptoms, signs and clinical history, from a clinical encounter and to associate that data with codes from standardized nomenclatures.
AM 08.19 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide templates for inputting data in a structured format as part of clinical documentation.
AM 08.20 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to customize clinical templates.
AM 08.21 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall be capable of recording comments by the patient or the patient's representative regarding the accuracy or veracity of information in the patient record (henceforth 'patient annotations').
AM 08.22 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall display patient annotations in a manner which distinguishes them from other content in the system.
AM 08.23 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to identify and maintain patient or patient proxy completed clinical information.
AM 08.24 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to graph height and weight over time.
AM 08.25 Manage clinical documents and notes Create, correct, authenticate and close, as needed, transcribed or directly entered clinical information. The system shall provide the ability to calculate and graph body mass index (BMI) over time.
AM 09.01 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to capture and store external documents.
AM 09.02 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to receive, store in the patient's record, and display discrete lab results received through an electronic interface. 
AM 09.03 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to save scanned documents as images.
AM 09.04 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to receive, store in the patient's record, and display text-based outside reports.
AM 09.05 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to index and retrieve scanned documents based on the document type, the date of the original document.
AM 09.06 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide access to clinical images.  They must be accessible from within the patient's chart and labeled and date-time stamped or included in a patient encounter document.  These images may be stored within the system or be provided through direct linkage to external sources.
AM 09.07 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to accept, store in the patient's record, and display clinical results received through an interface with an external source.
AM 09.08 Capture external clinical documents Incorporate clinical documentation from external sources The system shall provide the ability to accept, store in the patient's record, and display medication details from an external source.
AM 10.01 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall provide access to patient instructions and patient educational materials, which may reside within the system or be provided through links to external sources.
AM 10.02 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall have the ability to provide access to test and procedure instructions that can be customized by the physician or health organization. These instructions may reside within the system or be provided through links to external sources. 
AM 10.03 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall have the ability to provide access to patient-specific test and procedure instructions that can be customized by the physician or health organization; these instructions are to be given to the patient.  These instructions may reside within the system or be provided through links to external sources.
AM 10.04 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall have the ability to provide access to patient-specific test and procedure instructions that can be customized by the physician or health organization; these instructions are to be given to the filler of the order.  These instructions may reside within the system or be provided through links to external sources.
AM 10.05 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall provide the ability to record that patient specific instructions or educational material were provided to the patient.
AM 10.06 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall provide the ability to create patient specific instructions.
AM 10.07 Generate and record patient-specific instructions Generate and record patient-specific instructions as clinically indicated The system shall provide the ability to specify, modify and access a patient-specific care plan, e.g. an Asthma Action Plan, including the ability to specify medications and patient instructions.
AM 11.01 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to create prescription or other medication orders with sufficient information for correct filling and dispensing by a pharmacy.
AM 11.02 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to record user and date stamp for prescription related events, such as initial creation, renewal, refills, discontinuation, and cancellation of a prescription.
AM 11.03 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to capture the identity of the prescribing provider for all medication orders.
AM 11.04 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to capture common content for prescription details including strength, sig, quantity, and refills to be selected by the ordering clinician.
AM 11.05 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to receive and display information received through electronic prescription eligibility checking.
AM 11.06 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to display information received through health plan/payer formulary checking. 
AM 11.07 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to reorder a prior prescription without re-entering previous data (e.g. administration schedule, quantity).
AM 11.08 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to print and electronically fax prescriptions.
AM 11.09 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to re-print and re-fax prescriptions. 
AM 11.10 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to submit prescriptions electronically.
AM 11.11 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to display a dose calculator for patient-specific dosing based on weight.
AM 11.12 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to identify medication samples dispensed, including lot number and expiration date.
AM 11.13 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to prescribe fractional amounts of medication (e.g. 1/2 tsp, 1/2 tablet).
AM 11.14 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to alert the user if the drug interaction information is outdated.
AM 11.15 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to allow the user to configure prescriptions to incorporate fixed text according to the user's specifications and to customize the printed output of the prescription.
AM 11.16 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to associate a diagnosis with a  prescription.
AM 11.17 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to display the associated problem or diagnosis (indication) on the printed prescription.
AM 11.18 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to create provider specific medication lists of the most commonly prescribed drugs with a default dose, frequency, and quantity.
AM 11.19 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to create provider specific medication lists of the most commonly prescribed drugs with a default route, dose, frequency, and quantity.
AM 11.20 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to add reminders for necessary follow up tests based on medication prescribed.
AM 11.21 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability to automatically add reminders for necessary follow up tests based on medication prescribed.
AM 11.22 Order medication Create prescriptions or other medication orders with detail adequate for correct filling and administration The system shall provide the ability for a user to select an order for a medication and exit the process of creating the order at some point prior to completion such that another user can access the order for subsequent review and completion.  
AM 12.01 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to order diagnostic tests, including labs and imaging studies.
AM 12.02 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to capture the identity of the ordering provider for all test orders.
AM 12.03 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to capture appropriate order entry detail, including associated diagnosis.
AM 12.04 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to display user created instructions and/or prompts when ordering diagnostic tests or procedures.  
AM 12.05 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to relay orders for a diagnostic test to the correct destination for completion.
AM 12.06 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall have the ability to provide a view of active orders for an individual patient. 
AM 12.07 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall have the ability to provide a view of orders by like or comparable type, e.g., all radiology or all lab orders.
AM 12.08 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability to view outstanding orders for all patients (as opposed to outstanding orders for a single patient).
AM 12.09 Order diagnostic tests Submit diagnostic test orders based on input from specific care providers The system shall provide the ability for a user to select a test order exit the process of creating the order at some point prior to completion such that another user can access the order for subsequent review and completion.  
AM 14.01 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to indicate normal and abnormal results based on data provided from the original data source.  
AM 14.02 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to display numerical results in flow sheets and graphical form in order to compare results, and shall provide the ability to display values graphed over time.
AM 14.03 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to display non-numeric current and historical test results as textual data.
AM 14.04 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to notify the relevant providers (ordering, copy to) that new results have been received. 
AM 14.05 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to filter or sort results by type of test and test date.
AM 14.06 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. In areas where results from multiple patients are displayed, the system shall provide the ability to filter or sort results by patient.
AM 14.07 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to forward a result to other users.
AM 14.08 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to link the results to the original order.
AM 14.09 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability for a user to attach a free text comment to a result that can be seen by another user who might subsequently view that result.  
AM 14.10 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability to associate one or more images with a non-numerical result.
AM 14.11 Manage results Route, manage and present current and historical test results to appropriate clinical personnel for review, with the ability to filter and compare results. The system shall provide the ability for a user to whom a result is presented to acknowledge the result. 
AM 15.01 Manage consents and authorizations Create, maintain and verify patient treatment decisions in the form of consents and authorizations when required. The system shall provide the ability to capture scanned paper consent documents (covered in DC.1.1.3.1).
AM 15.02 Manage consents and authorizations Create, maintain and verify patient treatment decisions in the form of consents and authorizations when required. The system shall provide the ability to store, display and print patient consent forms.  
AM 15.03 Manage consents and authorizations Create, maintain and verify patient treatment decisions in the form of consents and authorizations when required. The system shall display and provide the ability for patients to electronically sign consent forms using currently available digital signature standards.  Electronically signed consent forms shall be maintained within the patient medical record.
AM 15.04 Manage consents and authorizations Create, maintain and verify patient treatment decisions in the form of consents and authorizations when required. The system shall provide the ability to store and display administrative documents (e.g. privacy notices).
AM 15.05 Manage consents and authorizations Create, maintain and verify patient treatment decisions in the form of consents and authorizations when required. The system shall provide the ability to chronologically display consents and authorizations.
AM 16.01 Manage patient advance directives Capture, maintain and provide access to patient advance directives The system shall provide the ability to indicate that a patient has completed advance directive(s).
AM 16.02 Manage patient advance directives Capture, maintain and provide access to patient advance directives The system shall provide the ability to indicate the type of advance directives, such as living will, durable power of attorney, or a "Do Not Resuscitate" order.
AM 16.03 Manage patient advance directives Capture, maintain and provide access to patient advance directives The system shall provide the ability to indicate when advance directives were last reviewed.
AM 17.01 Support for standard care plans, guidelines, protocols Support the use of appropriate standard care plans, guidelines and/or protocols for the management of specific conditions. The system shall have the ability to provide access to standard care plan, protocol and guideline documents when requested at the time of the clinical encounter. These documents may reside within the system or be provided through links to external sources. 
AM 17.02 Support for standard care plans, guidelines, protocols Support the use of appropriate standard care plans, guidelines and/or protocols for the management of specific conditions. The system shall provide the ability to create site-specific care plan, protocol, and guideline documents.
AM 17.03 Support for standard care plans, guidelines, protocols Support the use of appropriate standard care plans, guidelines and/or protocols for the management of specific conditions. The system shall provide the ability to modify site-specific standard care plan, protocol, and guideline documents obtained from outside sources.
AM 18.01 Capture variances from standard care plans, guidelines, protocols Identify variances from patient-specific and standard care plans, guidelines and protocols. The system shall provide the ability to record the reason for variation from care plans, guidelines, and protocols as discrete data.
AM 19.01 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for potential interactions between medications to be prescribed and medication allergies and intolerances listed in the record and alert the user at the time of medication ordering if potential interactions exist.
AM 19.02 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for potential interactions between medications ordered for administration (as opposed to prescriptions) and medication allergies and intolerances listed in the record and alert the user at the time of ordering if potential interactions exist.
AM 19.03 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for potential interactions between medications ordered for administration (as opposed to prescriptions) and current medications and alert the user at the time of ordering if potential interactions exist.
AM 19.04 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to generate a report of items overridden.  The report shall include date, provider, patient, interaction (drug-drug and drug-allergy) and reason for override.
AM 19.05 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to set the severity level at which drug interaction warnings should be displayed. 
AM 19.06 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall be capable, at the time of ordering a medication for administration (as opposed to prescribing), of alerting the user that based on the results of a laboratory test, the patient may be at increased risk for adverse effects of the medication.
AM 19.07 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check whether a medication being prescribed has been noted to be ineffective for the patient in the past, and alert the user at the time of medication ordering if noted ineffectiveness exists.
AM 19.08 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to display, on demand, potential interactions on a patient’s medication list, even if a medication is not being prescribed at the time.
AM 19.09 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide drug-disease interaction alerts at the time of medication ordering.
AM 19.10 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for drug-disease interactions for medications ordered for administration (as opposed to prescriptions) and alert the user at the time of ordering if potential interactions exist.
AM 19.11 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide drug-disease interaction alerts at the time of entering a problem.
AM 19.12 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for potential interactions between a current medication and a newly entered allergy.
AM 19.13 Support for drug interaction Identify drug interaction warnings at the point of medication ordering The system shall provide the ability to check for medication contraindications based on patient age for medications ordered for administration (as opposed to prescriptions) and alert the user at the time of ordering.
AM 20.01 Support for medication or immunization administration or supply To reduce medication errors at the time of administration of a medication, the patient is positively identified; checks on the drug, the dose, the route and the time are facilitated. Documentation is a by- product of this checking; administration details and additional patient information, such as injection site, vital signs, and pain assessments, are captured. In addition, access to online drug monograph information allows providers to check details about a drug and enhances patient education. The system shall provide the ability to document medication administration.

 
AM 21.01 Support for non-medication ordering (referrals, care management)   The system shall provide the ability to create referral orders with detail adequate for correct routing.
AM 21.02 Support for non-medication ordering (referrals, care management)   The system shall provide the ability to record user ID and date/time stamp for all referral related events.
AM 22.01 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to establish criteria for disease management, wellness, and preventive services based on patient demographic data (minimally age and gender).
AM 22.02 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to display alerts based on established guidelines.
AM 22.03 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to establish criteria for disease management, wellness, and preventive services based on clinical data (problem list, current medications).
AM 22.04 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to update disease management guidelines and any associated reference material. 
AM 22.05 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to update preventive services/wellness guidelines and any associated reference material. 
AM 22.06 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to override guidelines.
AM 22.07 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to document reasons disease management or preventive services/wellness prompts were overridden.
AM 22.08 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to modify the rules or parameters upon which guideline-related alerts are based. 
AM 22.09 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to document that a preventive or disease management service has been performed based on activities documented in the record (e.g., vitals signs taken). 
AM 22.10 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to document that a disease management or preventive service has been performed with associated dates or other relevant details recorded.
AM 22.11 Present alerts for disease management, preventive services and wellness At the point of clinical decision making, identify patient specific suggestions / reminders, screening tests / exams, and other preventive services in support of disease management, routing preventive and wellness patient care standards. The system shall provide the ability to individualize alerts to address a patient's specific clinical situation.
AM 23.01 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to identify preventive services, tests or counseling that are due on an individual patient.
AM 23.02 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to display reminders for disease management, preventive and wellness services in the patient record.
AM 23.03 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to identify criteria for disease management, preventive and wellness services based on patient demographic data (age, gender).
AM 23.04 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to identify criteria for disease management, preventive, and wellness services based on clinical data (problem list, current medications, lab values).
AM 23.05 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to modify the guidelines, criteria or rules that trigger the reminders. 
AM 23.06 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to notify the provider that patients are due or are overdue for disease management, preventive or wellness services.
AM 23.07 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to produce a list of patients who are due or are overdue for disease management, preventive or wellness services.
AM 23.08 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to automatically generate letters to remind the patient or the patient's guardian of disease management, preventive, or wellness services that are due. 
AM 23.09 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to automatically generate reminder letters for patients who are due or are overdue for disease management, preventive or wellness services.
AM 23.10 Notifications and reminders for disease management, preventive services and wellness Between healthcare encounters, notify the patient and/or appropriate provider of those preventive services, tests, or behavioral actions that are due or overdue.  The system shall provide the ability to automatically generate an electronic reminder to the patient or the patient's guardian of disease management, preventive, or wellness services that are due. 
AM 24.01 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to create and assign tasks by user or user role.
AM 24.02 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to present a list of tasks by user or user role.
AM 24.03 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to re-assign and route tasks from one user to another user.
AM 24.04 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to designate a task as completed.
AM 24.05 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to remove a task without completing the task.
AM 24.06 Clinical task assignment and routing Assignment, delegation and/or transmission of tasks to the appropriate parties. The system shall provide the ability to automatically escalate incomplete tasks to the appropriate supervisor or authority.
AM 25.01 Inter-provider communication Support secure electronic communication (inbound and outbound) between providers in the same practice to trigger or respond to pertinent actions in the care process (including referral), document non-electronic communication (such as phone calls, correspondence or other encounters) and generate paper message artifacts where appropriate.  The system shall provide the ability to document verbal/telephone communication into the patient record. 
AM 25.02 Inter-provider communication Support secure electronic communication (inbound and outbound) between providers in the same practice to trigger or respond to pertinent actions in the care process (including referral), document non-electronic communication (such as phone calls, correspondence or other encounters) and generate paper message artifacts where appropriate.  The system shall provide the ability to incorporate paper documents from external providers into the patient record.
AM 25.03 Inter-provider communication Support secure electronic communication (inbound and outbound) between providers in the same practice to trigger or respond to pertinent actions in the care process (including referral), document non-electronic communication (such as phone calls, correspondence or other encounters) and generate paper message artifacts where appropriate.  The system shall support messaging between users.
AM 26.01 Pharmacy communication Provide features to enable secure and reliable communication of information electronically between practitioners and pharmacies or between practitioner and intended recipient of pharmacy orders. The system shall have the ability to provide electronic communication between prescribers and pharmacies or other intended recipients of the medication order.
AM 26.02 Pharmacy communication Provide features to enable secure and reliable communication of information electronically between practitioners and pharmacies or between practitioner and intended recipient of pharmacy orders. The system shall provide the ability to electronically communicate from the prescriber to the pharmacy an initial medication order as well as renewals of an existing order.
AM 26.03 Pharmacy communication Provide features to enable secure and reliable communication of information electronically between practitioners and pharmacies or between practitioner and intended recipient of pharmacy orders. The system shall provide the ability to capture and display any renewal requests received electronically from or on behalf of any dispensing entity.
AM 26.04 Pharmacy communication Provide features to enable secure and reliable communication of information electronically between practitioners and pharmacies or between practitioner and intended recipient of pharmacy orders. The system shall provide the ability to capture and display notification of prior authorizations received electronically from or on behalf of any dispensing entity.
AM 27.01 Provider demographics Provide a current directory of practitioners that, in addition to demographic information, contains data needed to determine levels of access required by the EHR security and to support the practice of medicine. The system shall provide the ability to maintain a directory of all clinical personnel who currently use or access the system.
AM 27.02 Provider demographics Provide a current directory of practitioners that, in addition to demographic information, contains data needed to determine levels of access required by the EHR security and to support the practice of medicine. The system shall provide the ability to maintain a directory which contains identifiers required for licensed clinicians to support the practice of medicine including at a minimum state medical license, DEA, NPI, and UPIN number. 
AM 27.03 Provider demographics Provide a current directory of practitioners that, in addition to demographic information, contains data needed to determine levels of access required by the EHR security and to support the practice of medicine. The system shall allow authorized users to update the directory.
AM 27.04 Provider demographics Provide a current directory of practitioners that, in addition to demographic information, contains data needed to determine levels of access required by the EHR security and to support the practice of medicine. The system shall provide the ability to create and maintain a directory of clinical personnel external to the organization who are not users of the system to facilitate communication and information exchange.
AM 28.01 Scheduling Support interactions with other systems, applications, and modules to provide the necessary data to a scheduling system for optimal efficiency in the scheduling of patient care, for either the patient or a resource/device. The system shall provide the ability to display a schedule of patient appointments, populated either through data entry in the system itself or through an external application interoperating with the system.
AM 29.01 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to generate reports of clinical and administrative data using either internal or external reporting tools.
AM 29.02 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to generate reports consisting of all or part of an individual patient’s medical record (e.g. patient summary).
AM 29.03 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to generate reports regarding multiple patients (e.g. diabetes roster).
AM 29.04 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to specify report parameters (sort and filter criteria) based on patient demographic and clinical data (e.g., all male patients over 50 that are diabetic and have a HbA1c value of over 7.0 or that are on a certain medication).
AM 29.05 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to access reports outside the EHR application.
AM 29.06 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to produce reports based on the absence of a clinical data element (e.g., a lab test has not been performed or a blood pressure has not been measured in the last year).
AM 29.07 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to save report parameters for generating subsequent reports.
AM 29.08 Report generation Provide report generation features for the generation of standard and ad hoc reports The system shall provide the ability to modify one or more parameters of a saved report specification when generating a report using that specification. 
AM 30.01 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall provide the ability to define one or more reports as the formal health record for disclosure purposes.
AM 30.02 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall provide the ability to generate hardcopy or electronic output of part or all of the individual patient's medical record.
AM 30.03 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall provide the ability to generate hardcopy and electronic output by date and/or date range.
AM 30.04 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall provide the ability to export structured data which removes those identifiers listed in the HIPAA definition of a limited dataset.  This export on hardcopy and electronic output shall leave the actual PHI data unmodified in the original record.  
AM 30.05 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall provide the ability to create hardcopy and electronic report summary information (procedures, medications, labs, immunizations, allergies, and vital signs).
AM 30.06 Health record output Allow users to define the records and/or reports that are considered the formal health record for disclosure purposes, and provide a mechanism for both chronological and specified record element output.  The system shall have the ability to provide support for disclosure management in compliance with HIPAA and applicable law.
AM 31.01 Encounter management Manage and document the health care delivered during an encounter The system shall provide the ability to document a patient encounter.  
AM 31.02 Encounter management Manage and document the health care delivered during an encounter The system shall provide the ability to document encounters by one or more of the following means: direct keyboard entry of text; structured data entry utilizing templates, forms, pick lists or macro substitution; dictation with subsequent transcription of voice to text, either manually or via voice recognition system.
AM 31.03 Encounter management Manage and document the health care delivered during an encounter The system shall provide the ability to associate individual encounters with diagnoses.
AM 31.04 Encounter management Manage and document the health care delivered during an encounter The system shall have the ability to provide filtered displays of encounters based on encounter characteristics, including date of service, encounter provider and associated diagnosis.
AM 32.01 Rules-driven financial and administrative coding assistance Provide financial and administrative coding assistance based on the structured data available in the encounter documentation. The system shall have the ability to provide a list of financial and administrative codes.
AM 32.02 Rules-driven financial and administrative coding assistance Provide financial and administrative coding assistance based on the structured data available in the encounter documentation. The system shall provide the ability to select an appropriate CPT Evaluation and Management code based on data found in a clinical encounter. 
AM 32.03 Rules-driven financial and administrative coding assistance Provide financial and administrative coding assistance based on the structured data available in the encounter documentation. The system shall have the ability to provide assistance with selecting an appropriate CPT Evaluation and Management billing code based on codified clinical information in the encounter. 
AM 33.01 Eligibility verification and determination of coverage Identify relationships among providers treating a single patient, and provide the ability to manage patient lists assigned to a particular provider.  The system shall provide the ability to display medical eligibility obtained from patient's insurance carrier, populated either through data entry in the system itself or through an external application interoperating with the system.
AM 34.01 Manage Practitioner/Patient relationships Identify relationships among providers treating a single patient, and provide the ability to manage patient lists assigned to a particular provider.  The system shall provide the ability to specify the role of each provider associated with a patient, such as encounter provider, primary care provider, attending, resident, or consultant.
AM 34.02 Manage Practitioner/Patient relationships Identify relationships among providers treating a single patient, and provide the ability to manage patient lists assigned to a particular provider.  The system shall provide the ability to specify the role of each provider associated with a patient, such as encounter provider, primary care provider, attending, resident, or consultant using structured data.
AM 35.01 Clinical decision support system guidelines updates Receive and validate formatted inbound communications to facilitate updating of clinical decision support system guidelines and associated reference material  The system shall provide the ability to update the clinical content or rules utilized to generate clinical decision support reminders and alerts.
AM 35.02 Clinical decision support system guidelines updates Receive and validate formatted inbound communications to facilitate updating of clinical decision support system guidelines and associated reference material  The system shall provide the ability to update clinical decision support guidelines and associated reference material.
AM 36.01 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. The system shall provide the ability to audit the date/time and user of each instance when a patient chart is printed by the system.
AM 36.02 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. The system shall provide a means to document a patient's dispute with information currently in their chart.
AM 36.03 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. The system shall provide the ability to identify all users who have accessed an individual's chart over a given time period, including date and time of access.
AM 36.04 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. The system shall provide the ability to identify certain information as confidential and only make that accessible by appropriately authorized users.
AM 36.05 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. The system shall provide the ability to prevent specified user(s) from accessing a designated patient's chart.
AM 36.06 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. When access to a chart is restricted, the system shall provide a means for appropriately authorized users to "break the glass" for emergency situations.
AM 36.07 Enforcement of confidentiality  Enforce the applicable jurisdiction's patient privacy rules as they apply to various parts of an EHR-S through the implementation of security mechanisms. When access to a chart is restricted and the "break the glass" has occurred, the system shall provide the ability to audit this override.
AM 37.01 Data retention, availability and destruction Retain, ensure availability, and destroy health record information according to organizational standards. This includes: Retaining all EHR-S data and clinical documents for the time period designated by policy or legal requirement; Retaining inbound documents as originally received (unaltered); Ensuring availability of information for the legally prescribed period of time; and Providing the ability to destroy EHR data/records in a systematic way according to policy and after the legally prescribed retention period.  The system shall provide the ability to retain data until otherwise purged, deleted, archived or otherwise deliberately removed.
AM 37.02 Data retention, availability and destruction Retain, ensure availability, and destroy health record information according to organizational standards. This includes: Retaining all EHR-S data and clinical documents for the time period designated by policy or legal requirement; Retaining inbound documents as originally received (unaltered); Ensuring availability of information for the legally prescribed period of time; and Providing the ability to destroy EHR data/records in a systematic way according to policy and after the legally prescribed retention period.  The system shall provide a method for archiving health record information. 
AM 37.03 Data retention, availability and destruction Retain, ensure availability, and destroy health record information according to organizational standards. This includes: Retaining all EHR-S data and clinical documents for the time period designated by policy or legal requirement; Retaining inbound documents as originally received (unaltered); Ensuring availability of information for the legally prescribed period of time; and Providing the ability to destroy EHR data/records in a systematic way according to policy and after the legally prescribed retention period.  The system shall provide the ability to retrieve information that has been archived.
AM 38.01 Audit trail Provide audit trail capabilities for resource access and usage indicating the author, the modification (where pertinent), and the date and time at which a record was created, modified, viewed, extracted, or removed. Audit trails extend to information exchange and to audit of consent status management (to support DC.1.5.1) and to entity authentication attempts. Audit functionality includes the ability to generate audit reports and to interactively view change history for individual health records or for an EHR-system.  The system shall provide the ability to log outgoing information exchange in an auditable form.
AM 39.01 Extraction of health record information Manage data extraction in accordance with analysis and reporting requirements. The extracted data may require use of more than one application and it may be pre-processed (for example, by being de-identified) before transmission. Data extractions may be used to exchange data and provide reports for primary and ancillary purposes.  The system shall provide the ability to export (extract) pre-defined set(s) of data out of the system. 
AM 39.02 Extraction of health record information Manage data extraction in accordance with analysis and reporting requirements. The extracted data may require use of more than one application and it may be pre-processed (for example, by being de-identified) before transmission. Data extractions may be used to exchange data and provide reports for primary and ancillary purposes.  The system shall provide the ability to import data into the system.
AM 39.03 Extraction of health record information Manage data extraction in accordance with analysis and reporting requirements. The extracted data may require use of more than one application and it may be pre-processed (for example, by being de-identified) before transmission. Data extractions may be used to exchange data and provide reports for primary and ancillary purposes.  The system shall provide the ability to specify the intended destination of the extracted information.
AM 40.01 Concurrent use EHR system supports multiple concurrent physicians through application, OS and database. The system shall provide the ability for multiple users to interact concurrently with the EHR application. 
AM 40.02 Concurrent use EHR system supports multiple concurrent physicians through application, OS and database. The system shall provide the ability for concurrent users to simultaneously view the same record.
 
AM 40.03 Concurrent use EHR system supports multiple concurrent physicians through application, OS and database. The system shall provide the ability for concurrent users to view the same clinical documentation or template. 
AM 40.04 Concurrent use EHR system supports multiple concurrent physicians through application, OS and database. The system shall provide protection to maintain the integrity of clinical data during concurrent access.
FN 01.01 01. Manage Patient Demographics
 
Capture and maintain demographic information.  Where appropriate, the data should be clinically relevant and reportable. The system shall provide the ability to access demographic information such as name, date of birth and gender needed for patient care functions.
FN 01.02 01. Manage Patient Demographics
 
Capture and maintain demographic information.  Where appropriate, the data should be clinically relevant and reportable. The system shall capture and maintain demographic information as discrete data elements as part of the patient record.
FN 02.01 02. Identify and Maintain a Patient Record Identify and maintain a single patient record for each patient The system shall provide the ability to query for a patient by more than one form of identification.
FN 03.01 03. Manage Practitioner/Patient Relationships  Identify relationships among providers treating a single patient, and provide the ability to manage patient lists assigned to a particular provider. The system shall provide the ability to capture and maintain, as discrete data elements, the identity of all providers associated with a specific patient encounter.
FN 03.02 03. Manage Practitioner/Patient Relationships  Identify relationships among providers treating a single patient, and provide the ability to manage patient lists assigned to a particular provider. The system shall provide the ability to capture and maintain, as discrete data elements, the principal provider responsible for the care of an individual patient.
FN 04.01 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to capture, maintain and display, as discrete data, free text comments associated with the problem / diagnosis.
FN 04.02 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to capture, maintain and display, as discrete data elements, all current problems associated with a patient.
FN 04.03 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to capture, maintain and display, as discrete data elements, historical problems associated with a patient.
FN 04.04 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to print a problem/diagnosis list.
FN 04.05 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to capture and maintain, as discrete data elements, the specific problem / diagnosis, user, date and time of all updates to the problem list.
FN 04.06 04. Manage Problem Lists Create and maintain patient-specific problem lists. The system shall provide the ability to separately display active problems from inactive/resolved problems.
FN 05.01 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to modify or inactivate an item on the allergy and adverse reaction list.
FN 05.02 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to capture and maintain, as discrete data, the reason for inactivating or removing an item from the allergy and adverse reaction list.
FN 05.03 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to specify the type of allergic or adverse reaction.
FN 05.04 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to specify the type of allergic or adverse reaction in a discrete data field.
FN 05.05 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to capture and maintain, as discrete data, the identity of the user who added, modified, inactivated or removed items from the allergy and adverse reaction list, including attributes of the changed items.  The user ID and date/time stamp shall be recorded.
FN 05.06 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability for a user to explicitly document that the allergy list was reviewed.  The user ID and date/time stamp shall be recorded when the allergies reviewed option is selected.
FN 05.07 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability for a user to explicitly capture and maintain, as discrete data, that the allergy list was reviewed.  The user ID and date/time stamp shall be recorded when the allergies reviewed option is selected.
FN 05.08 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to explicitly indicate that a patient has no known drug allergies or adverse reactions.
FN 05.09 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to explicitly indicate in a discrete field that a patient has no known drug allergies or adverse reactions.
FN 05.10 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to capture the source of the allergy information.
FN 05.11 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to capture the source of the allergy information in a discrete field.
FN 05.12 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to display the allergy list, including date of entry.
FN 05.13 05. Manage Allergy, Intolerance and Adverse Reaction List Create and maintain patient-specific allergy, intolerance and adverse reaction lists. The system shall provide the ability to capture, maintain and display, as discrete data, lists of medications and other agents to which the patient has had an allergic or other adverse reaction.
FN 06.01 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to update and display a patient-specific medication list based on current medication orders or prescriptions.
FN 06.02 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to display a view that includes only current medications.
FN 06.03 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to exclude a medication from the current medication list (e.g. marked inactive, erroneous, completed, discontinued) and document reason for such action.
FN 06.04 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to print a current medication list.
FN 06.05 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to display that the patient takes no medications.
FN 06.06 06. Manage Medication List Create and maintain patient-specific medication lists. The system shall provide the ability to capture and maintain, as discrete data elements, all current medications including over-the-counter and complementary medications such as vitamins, herbs and supplements.
FN 07.01 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide the ability to alert the user at the time a new medication is prescribed/ordered that drug interaction, allergy, and formulary checking will not be performed against the uncoded medication or free text medication.
FN 07.02 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide the ability to prescribe/order uncoded and non-formulary medications.
FN 07.03 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide the ability to maintain a coded list of medications including a unique identifier for each medication.
FN 07.04 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide end-users the ability to search for medications by generic or brand name.
FN 07.05 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide the ability to access reference information for prescribing/ordering.
FN 07.06 07. Manage Medication Orders Create prescriptions or other medication orders with detail adequate for corrrect filling and administration.  Provide information regarding compliance of medication orders with formularies. The system shall provide the ability to specify prescription/medication order details including strength, route, frequency and comments.  Strength, route and frequency must be captured and maintained as discrete data.
FN 08.01 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to detect a daily dose that exceeds the recommended range for patient age and inform the user during ordering.
FN 08.02 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to display patient specific dosing recommendations based on renal function.
FN 08.03 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to check for dose ranges based on patient age and weight.
FN 08.04 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to display a dose calculator for patient-specific dosing based on weight.
FN 08.05 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to display patient specific dosing recommendations based on age and weight.
FN 08.06 08. Medication & Immunization Ordering:  Support for Patient -Specific Dosing and Warnings Identify and present appropriate dose recommendations based on known patient conditions and characteristics at the time of medication ordering. The system shall provide the ability to check for medication contraindications based on patient age and alert the user during prescribing/ordering.
FN 09.01 09. Orders and Referral Management   The system shall provide the ability to require problem / diagnosis as an order component.
FN 09.02 09. Orders and Referral Management   The system shall provide the ability to view status information for ordered services.
FN 09.03 09. Orders and Referral Management   The system shall provide the ability to set or configure what fields are required for a complete order by order type.
FN 09.04 09. Orders and Referral Management   The system shall provide the ability to capture and maintain, as discrete data, a diagnosis/problem code or description associated with an order of any type (including a prescription/medication order).
FN 09.05 09. Orders and Referral Management   The system shall provide the ability for cosigned orders to retain and display the identities of all providers who co-sign the order.
FN 10.01 10. Order Set Templates Create, capture, maintain and display order set templates based on patient data or preferred standards or other criteria. The system shall provide the ability to define a set of items to be ordered as a group.
FN 10.02 10. Order Set Templates Create, capture, maintain and display order set templates based on patient data or preferred standards or other criteria. The system shall provide the ability to modify order sets.
FN 10.03 10. Order Set Templates Create, capture, maintain and display order set templates based on patient data or preferred standards or other criteria. The system shall provide the ability to include in an order set order types including but not limited to medications, laboratory tests, imaging studies, procedures and referrals.
FN 11.01 11.  Manage Order Sets Provide order sets based on provider input or system prompt. The system shall provide the ability for individual orders in an order set to be selected or deselected by the user.
FN 11.02 11.  Manage Order Sets Provide order sets based on provider input or system prompt. The system shall provide the ability to allow users to search for order sets by name.
FN 11.03 11.  Manage Order Sets Provide order sets based on provider input or system prompt. The system shall provide the ability to apply drug-drug, drug-allergy and drug-disease interaction checking in the same way to orders placed through an order set as to orders placed individually.
FN 11.04 11.  Manage Order Sets Provide order sets based on provider input or system prompt. The system shall provide the ability to display orders placed through an order set either individually or as a group.
FN 12.01 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to check for potential interactions between medications to be prescribed/ordered and current medications and alert the user at the time of medication prescribing/ordering if potential interactions exist.
FN 12.02 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to check immunization orders against documented patient allergies (medication and non-medication) and inform the user during prescribing/ordering.
FN 12.03 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to, at the time of medication prescribing/ordering, alert the user that based on the results of a laboratory test, the patient may be at increased risk for adverse effects of the medication.
FN 12.04 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to display, on demand, potential allergies, drug-drug interactions and drug-disease interactions between current medications.
FN 12.05 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to view the rationale for a drug interaction alert.
FN 12.06 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to capture and maintain at least one reason for overriding any drug-drug or drug-allergy interaction warning triggered at the time of medication prescribing/ordering.
FN 12.07 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to enter a structured response when overriding a drug-drug or drug-allergy warning.
FN 12.08 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to prescribe/order a medication despite alerts for interactions and/or allergies being present.
FN 12.09 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to accept updates to drug interaction databases
FN 12.10 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability to check for potential interactions between medications to be prescribed/ordered and medication allergies listed in the record and alert the user at the time of medication prescribing/ordering if potential interactions exist.
FN 12.11 12. Support for Drug Interaction checking Identify drug interaction warnings at the time of medication ordering. The system shall provide the ability, when a new allergy is documented, to check for a potential interaction between the newly-documented allergy and the patient's current medications, and alert the user if such interactions exist.
FN 13.01 13. Support for Medication Recommendations The system should provide recommendations and options in medication and monitoring on the basis of patient diagnosis, cost, local formularies or therapeutic guidelines and protocols. The system shall provide drug-diagnosis interaction alerts at the time of medication prescribing/ordering.
FN 14.01 14. Support for Medication and Immunization Administration Alert providers to potential administration errors (such as wrong patient, wrong drug, wrong dose, wrong route and wrong time) in support of safe and accurate medication administration and support medication administration workflow. The system shall provide the ability to produce patient instructions and patient educational materials which may reside within the system or be provided through links to external source.
FN 15.01 15. Manage Medication Administration Present providers with the list of medications that are to be administered to a patient, necessary administration information, and capture administration details. The system shall provide the ability to capture medication administration details as discrete data, including:
(1) the medication name and dose;
(2) date and time of administration;
(3) route and site;
(4) lot number and expiration date;
(5) manufacturer; and
(6) user ID. 
FN 16.01 16. Manage Immunization Administration Capture and maintain discrete data concerning immunizations given to a patient including date administered, type, manufacturer, lot number, and any allergy or adverse reactions.  Facilitate the interaction with an immunization registry to allow maintenance of a patient's immunization history. The system shall provide the ability to capture an allergy/adverse reaction to a specific immunization.
FN 16.02 16. Manage Immunization Administration Capture and maintain discrete data concerning immunizations given to a patient including date administered, type, manufacturer, lot number, and any allergy or adverse reactions.  Facilitate the interaction with an immunization registry to allow maintenance of a patient's immunization history. The system shall provide the ability to capture, in a discrete field, an allergy/adverse reaction to a specific immunization.
FN 16.03 16. Manage Immunization Administration Capture and maintain discrete data concerning immunizations given to a patient including date administered, type, manufacturer, lot number, and any allergy or adverse reactions.  Facilitate the interaction with an immunization registry to allow maintenance of a patient's immunization history. The system shall provide the ability to capture immunization administration details as discrete data, including:
(1) the immunization type and dose;
(2) date and time of administration;
(3) route and site;
(4) lot number and expiration date;
(5) manufacturer; and
(6) user ID. 
FN 17.01 17. Generate and Record Patient-Specific Instructions Generate and record patient-specific instructions related to pre- and post-procedural and post-discharge requirements. The system shall provide the ability to access and review medication information (such as patient education material or drug monograph).  This may reside within the system or be provided through links to external sources.
FN 17.02 17. Generate and Record Patient-Specific Instructions Generate and record patient-specific instructions related to pre- and post-procedural and post-discharge requirements. The system shall provide the ability to provide access to test and procedure instructions that can be customized by the end user.
FN 18.02 18. Manage Documentation of Clinician Response to Decision Support Prompts   The system shall provide the ability to capture and maintain, as discrete data, the reason for variation from rule-based clinical messages (for example alerts and reminders).
IO-AM 07.01 7. Laboratory   The system shall provide the ability to receive and store general laboratory results (includes ability to differentiate preliminary results and final results and the ability to process a corrected result)
IO-AM 07.02 7. Laboratory   The system shall provide the ability to receive and store microbiology laboratory results with organisms recorded as free-text
IO-AM 07.03 7. Laboratory   The system shall provide the ability to receive and store microbiology laboratory results with organisms coded w/SNOMED-CT
IO-AM 07.04 7. Laboratory   The system shall provide the ability to receive and store microbiology laboratory results with sensitivity testing coded using LOINC
IO-AM 07.05 7. Laboratory   The system shall provide the ability to respond to a query to share laboratory results
IO-AM 07.06 7. Laboratory   The system shall provide the ability to utilize RxNorm where appropriate for Tox Screens
IO-AM 07.07 7. Laboratory   The system shall provide the ability to Utilize UCUM for coding of units for laboratory results 
IO-AM 07.08 7. Laboratory   The system shall provide the ability to receive units using a defined vocabulary for lab results
IO-AM 07.09 7. Laboratory   The system shall provide the ability to handle OIDs (object identifiers) for Lab results
IO-AM 07.10 7. Laboratory   The system shall provide the ability to utilize unique identifiers for Placer Order Number and unique identifiers for Filler Order Number for Lab results
IO-AM 07.11 7. Laboratory   The system shall provide the ability to generate a CDA document that is consistent with the HL7 2.5.1 message for Lab documents
IO-AM 07.12 7. Laboratory   The system shall provide the ability to send an order for a laboratory test
IO-AM 07.13 7. Laboratory   The system shall provide the ability to send a query to check status of a test order 
IO-AM 08.01 8. Imaging   The system shall provide the ability to launch DICOM image viewer, may be web-based.
IO-AM 08.02 8. Imaging   The system shall provide the ability to receive imaging reports and view images, includes ECG and other images as well as radiology
IO-AM 08.03 8. Imaging   The system shall provide the ability to send a query to other providers to share imaging results
IO-AM 08.04 8. Imaging   The system shall provide the ability to respond to a query to share imaging results with other providers
IO-AM 08.05 8. Imaging   The system shall provide the ability to order radiology tests
IO-AM 08.06 8. Imaging   The system shall provide the ability to schedule radiology tests
IO-AM 09.01 9. Medications / ePrescribing   The system shall provide the ability to send, store, and receive coded medication information
IO-AM 09.02 9. Medications / ePrescribing   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Allergy and Conditions content information, and file them as intact documents in the EHR 
IO-AM 09.02 9. Medications / ePrescribing   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Allergy and Conditions content information, file them as intact documents in the EHR, and import the discrete data from one or more of the entries in a structured form into the patient record. If coded data is present it shall be maintained or mapped to a local value. 
IO-AM 09.04 9. Medications / ePrescribing   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Allergy and Conditions module subset.  For 2008, the values within the structured entries do not have to use industry standard vocabularies/terminologies (such as RxNorm or SNOMED-CT)
IO-AM 09.05 9. Medications / ePrescribing   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Allergy and Conditions module subset.  Structured entries value sets must adopt industry-standard vocabularies/terminologies (such as RxNORM or SNOMED-CT).
IO-AM 09.06 9. Medications / ePrescribing   The system shall provide the ability to send an electronic prescription to pharmacy
IO-AM 09.07 9. Medications / ePrescribing   The system shall provide the ability to send text or coded allergy information with new electronic prescriptions via NCPDP Script v8.1 (NEWRX) using the free text field of the message drug segment (DRU 090).
IO-AM 09.08 9. Medications / ePrescribing   The system shall provide the ability to send text or coded allergy information with new electronic prescriptions via NCPDP Script v8.1 (NEWRX) using the free text field of the message drug segment (DRU 090).
IO-AM 09.09 9. Medications / ePrescribing   The system shall provide the ability to respond to a request for a refill sent from a pharmacy
IO-AM 09.10 9. Medications / ePrescribing   The system shall provide the ability to send a cancel prescription message to a pharmacy
IO-AM 09.11 9. Medications / ePrescribing   The system shall provide the ability to respond to a request for a prescription change from a pharmacy
IO-AM 09.12 9. Medications / ePrescribing   The system shall provide the ability to send electronic prescription to pharmacy including structured and coded SIG instructions
IO-AM 09.13 9. Medications / ePrescribing   The system shall provide the ability to send a query to verify prescription drug insurance eligibility and apply response to formulary and benefit files to determine coverage
IO-AM 09.14 9. Medications / ePrescribing   The system shall provide the ability to capture and display formulary information from pharmacy or PBM (Pharmacy Benefits Manager)  by applying eligibility response 
IO-AM 09.15 9. Medications / ePrescribing   The system shall provide the ability to send a query for medication history to PBM or pharmacy to capture and display medication list from the EHR
IO-AM 09.16 9. Medications / ePrescribing   The system shall provide the ability to receive medication fulfillment history from a pharmacy
IO-AM 09.17 9. Medications / ePrescribing   The system shall provide the ability to identify pharmacies that can receive prescriptions electronically
IO-AM 10.01 10. Immunizations   The system shall provide the ability to send a report of patient immunizations to an immunization registry
IO-AM 10.02 10. Immunizations   The system shall provide the ability to send a query to retrieve immunization information from an immunization registry and import immunization record into the EHR
IO-AM 11.01 11. Clinical Documentation   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Registration Summary information, and file them as intact documents in the EHR 
IO-AM 11.02 11. Clinical Documentation   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Registration Summary information, file them as intact documents in the EHR, and import the discrete data from one or more of the entries in a structured form into the patient record. If coded data is present it shall be maintained or mapped to a local value. 
IO-AM 11.03 11. Clinical Documentation   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Registration Information module subset.  For 2008, the values within the structured entries do not have to use industry standard vocabularies/terminologies (such as RxNorm or SNOMED-CT)
IO-AM 11.04 11. Clinical Documentation   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Registration Information module subset.  Structured entries value sets must adopt industry-standard vocabularies/terminologies (such as RxNORM or SNOMED-CT).
IO-AM 11.05 11. Clinical Documentation   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Medication and Immunization History information and file them as intact documents in the EHR 
IO-AM 11.06 11. Clinical Documentation   The system shall provide the ability to display CCD documents, using a subset of the HITSP C32 specification for Medication and Immunization History information, file them as intact documents in the EHR, and import the discrete data from one or more of the entries in a structured form into the patient record. If coded data is present it shall be maintained or mapped to a local value
IO-AM 11.07 11. Clinical Documentation   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Medication and Immunization History module subset.  For 2008, the values within the structured entries do not have to use industry standard vocabularies/terminologies (such as RxNorm or SNOMED-CT)
IO-AM 11.08 11. Clinical Documentation   The system shall provide the ability to generate and format CCD documents with narrative sections and structured entries (discrete fields) as specified by the HITSP IS03/C32 specification of the Medication and Immunization History module subset.  Structured entries value sets must adopt industry-standard vocabularies/terminologies (such as RxNORM or SNOMED-CT).
IO-AM 11.09 11. Clinical Documentation   The system shall provide the ability to retrieve, display, store, and export a HITSP C/48 document 
IO-AM 11.10 11. Clinical Documentation XDS-Components The system shall provide the ability to support IHE ITI (Integrating the Healthcare Enterprise, IT Infrastructure) Framework:  Document Source  - Provide and Register Document Set
IO-AM 12.01 12. Document Exchange   The system shall provide the ability to support IHE ITI (Integrating the Healthcare Enterprise, IT Infrastructure) Framework: Document Consumer - Query Registry Transaction, Retrieve Document Transaction
IO-AM 12.02 12. Document Exchange   The system shall provide the ability to support optional transactions for the Document Source Actor from the IHE ITI (Integrating the Healthcare Enterprise, IT Infrastructure) Framework
IO-AM 12.03 12. Document Exchange   The system shall provide the ability to support XDS.b Connectivity:  Cross-Enterprise Document Sharing - Access an IHE XDS registry for clinical documents
IO-AM 12.04 12. Document Exchange   The system shall provide the ability to access, display, store, and send documents in a PDF format using Cross-enterprise scanned document Sharing
IO-AM 13.01 13. Chronic Disease Management / Patient Communication   The system shall ensure secure electronic messaging with patients
IO-AM 13.02 13. Chronic Disease Management / Patient Communication   The system shall provide the ability to import home physiologic monitoring data from patients
IO-AM 14.01 14. Population Health   The system shall provide the ability to send patient specific Public Health Disease Report for a reportable disease
IO-AM 14.02 14. Population Health   The system shall provide the ability to send de-identified utilization and laboratory bio-surveillance data to public health agencies
IO-AM 14.03 14. Population Health   The system shall provide the ability to report on Quality Improvement
IO-AM 15.01 15. Administrative and Financial Data   The system shall provide the ability to query and receive electronic medical insurance eligibility information
IO-AM 15.02 15. Administrative and Financial Data   The system shall provide the ability to send a query to coordinate patient identification
IO-AM 15.03 15. Administrative and Financial Data   The system shall provide the ability to receive patient registration data from an outside system
IO-AM 15.04 15. Administrative and Financial Data   The system shall provide the ability to receive patient registration data from an internal practice management system
IO-AM 15.05 15. Administrative and Financial Data   The system shall provide the ability to receive scheduling information from a scheduling system
IO-AM 15.06 15. Administrative and Financial Data   The system shall provide the ability to send a query from the EHR to a scheduling system to schedule an appointment
IO-AM 15.07 15. Administrative and Financial Data   The system shall provide the ability to receive electronic authorization for referral from payer
IO-AM 16.01 16. Clinical Trials   The system shall provide the ability to respond to query to Identify patients eligible for a clinical trial
IO-AM 16.02 16. Clinical Trials   The system shall provide the ability to send data to register a patient in a clinical trial
IO-AM 16.03 16. Clinical Trials   The system shall provide the ability to receive clinical trial protocol and templates for data collection
IO-AM 16.04 16. Clinical Trials   The system shall provide the ability to send data report to a clinical trial
PC 01.01 1. Access Control Collect and Communicate Audit Trail Provide assurance that security policies are being followed or enforced and that risks are being mitigated. Define and identify security relevant events and the data to be collected and communicated as determined by policy, regulation, or risk analysis. It also provides the mechanism to determine the record format to support analytical reports that are needed.
PC 01.02 1. Access Control Authorship and Documentation The system shall preserve incomplete note version at user log-out events or at elapsed time intervals configurable by the system administrator .                                     
PC 01.03 1. Access Control Authorship and Documentation  The system shall support the identification of original source author and date/time of documentation that is originated in prior encounters and brought into a current encounter using system functions.  When system tools (examples are templates or defaults) are used to create an encounter note, the use of this mechanism should be retained in an edit trail for each portion of a note for which it was used.
PC 01.04 1. Access Control Authorship and Documentation The system shall have the ability to transmit clinical information to other information systems using standards that retain the available level of coding and structure, such as the HL7 Clinical Data Architecture.
PC 01.05 1. Access Control Authorship and Documentation The system shall audit the receipt of documents and capture and retain the author and source of the document.
PC 01.06 1. Access Control New Audit Function The system's audit log should remain operational whenever the system is operational for any user functions when in operation except for unavoidable technical circumstances (e.g. software problems, technical failure, full storage capacity, etc.) Deletions or alteration of the contents of the audit log will not be allowed by users.  System must support a user-friendly output version of the audit log for transmission, printing, or export, which shows all details of events.
PC 01.07 1. Access Control Access The system shall provide the identify of the user and provide the ability to access, view and print patient data from previous admissions and/or office encounters by document type, identify of person and reason for access.
PC 01.08 1. Access Control User Identification and tracking The system shall provide the identity of the user who prints a problem / diagnosis list in an audit report  and this should be retained in the audit trail.
PC 01.09 1. Access Control Retaining data and time The system shall record the identity of each user contributing to a note and will associate the identity of each to his/her entire contribution to all versions of the note (from intermediate and final versions of the note).
PC 01.10 1. Access Control Amendments and Corrections The system shall track amendments made to the patient's chart when the original documentation was intended for a different patient without disclosing the identify of the other patient.
PC 01.11 1. Access Control Authorship and Documentation  The system shall provide the ability to identify the full content of a modified note, both the original content and the content resulting after any changes, corrections, clarifications, addenda, etc. to a finalized note, and retain amendments and corrections made to the patient's document for edit trail.
PC 01.12 1. Access Control Authorship and Documentation The system shall record date and time, and display the identity of the user who addended or corrected a note, as well as the reason for the change (amendment).
PC 02.01 2. Consent Patient Consent The system shall send Current Listing of Allergies to outpatient documentation sources (e.g., Physicians office EMR), or RHIO/network
PC 02.02 2. Consent Patient Consent Directives The system shall capture and transfer patient consent directives.  Patient consent directives are instances of governing jurisdictional and organization privacy policies that define specific aspects of the collections, access use and disclosure.
PC 03.01 3. Consistent Time Ensure that all of the entities that are communicating within the network have synchronized system clocks. The system shall be able to ensure that all of the entities that are communicating within a network have synchronized system clocks which is adhering to the standards identified and recommended by the Health Information Technology Standards Panel (HITSP) 
PC 04.01 4. Data Integrity Auditability Data Integrity The system shall require documentation of the audit support functionality in the vendor provided user guides and other support documentation, including how to identify and retrospectively reconstruct all data elements in the audit log including date, time.
PC 04.02 4. Data Integrity Auditability Data Integrity The system shall have the capacity to allow authorized entities read-only access to the EHR according to agreed upon uses and only as part of an identified audit subject to appropriate authentication, authorization, and access control functionality. Such access controls shall also support the applicable release of information protocols, local audit policies, minimum necessary criteria, and other contractual arrangements and laws, and require "auditor” be a supported class of user.
PC 04.03 4. Data Integrity Auditability Data Integrity The system shall provide the ability to destroy, deactivate, or archive EHR data/records in a systematic way in accordance to industry standard (according to the EHR system owner’s policies and after legally prescribed retention periods).
PC 04.04 4. Data Integrity Auditability Data Integrity The system shall have the capacity to allow authorized entities 'read-only' access to the EHR according to agreed upon uses and only as part of an identified audit subject to appropriate authentication, authorization, and access control functionality.
PC 04.05 4. Data Integrity Auditability Data Integrity System will provide the capability to produce a business version of a clinical document which indicates:
* Date/time/user stamp for each entry
*The methods used in the creation of the entry including but not limited to
* Direct entry via integrated hardware keyboard or mouse
*Speech recognition
*Automated, machine-entered default information
*Precreated documentation via form or template
* Copy/import of an object including date/time user stamp of original author
*Copy forward previous note contents, including date/time user stamp of original author
* Dictation/transcription
*Import from an external system.
PC 04.06 4. Data Integrity Auditability Data Integrity The system shall retain date/time/user stamp of original data entry person when data entered “on behalf” of another author.   
PC 04.07 4. Data Integrity Auditability Data Integrity The system shall retain date/time/user stamp for an assistant  that is entering data that will subsequently be signed by a provider, retain the date/time/use stamp of the data entry person as well as the provider.
PC 04.08 4. Data Integrity Auditability Data Integrity The system shall require retention of the original and amended note after “signature event” (including automatic “closing” of record).

 
PC 04.09 4. Data Integrity Auditability Traceability The system shall provide a traceable and auditable path for the clinical documentation associated and substantiating billing/claim information.
PC 04.10 4. Data Integrity Auditability National Provider Indicator The system shall support the use of the National Provider Identifier or NPI in the EHR audit log to identify the individual provider or, in situations when an NPI is not available for an individual, a single unique internal provider identifier is assigned.
PC 05.01 5. EHRs Traceability EHRs Traceability The system shall allow an authorized administrator to set the inclusion or exclusion of audited events based on organizational policy and operating requirements/limits, 
PC 05.02 5. EHRs Traceability Data Integrity-Documentation Traceability (Output) The system shall demonstrate the ability to generate and embed a transaction ID tracking number to patient chart outputs or exports, unique for each instance when a patient chart output/document is printed, electronically communicated, or otherwise exported 
PC 06.01 6. Entity Identity Assertion Ensure that an entity is the person or application that claims the identity provided.  The system shall be able to support the assurance that an entity is the person or application that attests to the identity provided and be compliant with the standards identified and recommended by the Health Information Technology Standards Panel (HITSP)
PC 07.01 7. Legal Business Record Verbal Order documentation The system shall provide the ability to document a verbal order, including the clinician taking (receiving) the verbal order, date and time of each transaction and the ordering physician in the patient record. 
PC 07.02 7. Legal Business Record HITSP - standard nomenclature;  The system shall provide the ability to spell out UNITS, use Thousands and Millions as part of expressing large doses and allow the use of commas in doses expressed in thousands in dosage fields in medication orders and medication lists.
PC 07.03 7. Legal Business Record View complete order and medication history The system shall provide the ability to view the complete order and medication administration history, once HITSP defines interoperability specifications for NCP for medication history  (12/07 comment period) (for the Roadmap only)
PC 07.04 7. Legal Business Record Synchronization among primary and associated systems The system shall demonstrate synchronization among primary certified system and associated systems (partner vendors) in the following categories:
-Interaction with entity directories;
-Linkage of received data with existing entity records;
-Location of each health record and
-Communication of changes between key systems.
PC 07.05 7. Legal Business Record  Non Repudiation The system shall limit an EHR-S user’s ability to deny (repudiate) the origination, receipt, or authorization of a data exchange by that user so  that the source of the data record can not later deny that it is the source; that the sender or receiver of a message cannot later deny having sent or received the message. Non-repudiation may be achieved through the use of technical methods.
PC 08.01 8. Manage Clinical Documentation Documentation The system shall (will) provide the ability to record the author, date and time of the in-progress note and the final note                                                            
PC 08.02 8. Manage Clinical Documentation Documentation The system shall provide the ability to save a note in progress prior to finalizing the note, and shall retain the author, date, time of the saving of a note whether still in progress or finalized. The author, date and time of each save shall be documented in an audit trail.                                                                   
PC 08.03 8. Manage Clinical Documentation Cosign The system shall provide the ability to identify the identity of the cosigning  author of a note and record the date and time of original author and identity of signature.
PC 08.04 8. Manage Clinical Documentation Edit trail of addendums and corrections The system shall provide the ability to addend and/or correct notes that have been finalized, and shall retain all original documentation.  Nothing is deleted, and is all retained in audit trails and metadata.
PC 08.05 8. Manage Clinical Documentation Edit trail of addendums and corrections The system shall provide the ability to identify the full content of a modified note, both the original content and the content resulting after any changes, corrections, clarifications, addenda, etc. to a finalized note including date/time/author identity
PC 08.06 8. Manage Clinical Documentation Edit trail of addendums and corrections  The system shall record and display the identity of the user who addended or corrected a note, as well as other attributes of the addenda or correction, such as the date and time of the change.
PC 08.07 8. Manage Clinical Documentation Edit trail of addendums and corrections The system shall have the capacity to retain all recorded data in the production data base or archive for the minimum required per law. 
PC 08.08 8. Manage Clinical Documentation Retention and archiving The system shall provide an administrative function allowing an administrator to set rules for data retention, automated archiving and data retrieval within minimum required by law.
PC 09.01 9. Manage Sharing of Documents Standards-based specification for managing the sharing of documents  The system shall be able to support the standards identified and recommended by the Health Information Technology Standards Panel (HITSP) on its HITSP-TP13 Ver 1.0.1 document
 
PC 10.01 10. Nonrepudiation of Origin Proof of the integrity and origin of documents in a high-assurance manner which can be verified by any party. This does not provide Nonrepudiation of Receipt. The system shall support proof of the integrity and origin of documents in a high-assurance manner which can be verified by any party, thus being able to support the standards identified and recommended by the Health Information Technology Standards Panel
PC 11.01 11. Patient Identity  Identity proofing The system shall provide the ability to access demographic information needed for clinician ordering, verification and medication administration. When SSN is documented within the EHR the first 5 digits should be blind and only the last 4 digits available to use for patient identification. 
PC 12.01 12. Secure Communication Secure Communication The Secured Communication Channel Transaction provides the mechanisms to ensure the authenticity, integrity, and confidentiality of Transactions, and the mutual trust between communicating parties. Its objectives include providing:
· Mutual node authentication to assure each node of the others’ identity;
· Transmission integrity to guard against improper information modification or destruction while in transit; and
· Transmission confidentiality to ensure that information in transit is not disclosed to unauthorized individuals, entities, or processes

This Secured Communications Channel Transaction supports both application and machine credentials, and user machines (user nodes). Details of how a user authenticates to a node or application is beyond the scope of this construct. Practical examples of this Transaction are a secured communication channel between a Personal Health Record (PHR) system and an Electronic Health Record (EHR) system, or between an EHR system and a laboratory.
PC 13.01 13. Security Patient and Roles The system shall record within each audit record the following information when it is available: (1) date and time of the event; (2) the component of the system (e.g. software component, hardware component) where the event occurred; (3) type of event (including: data description and patient identifier when relevant); (4) subject identity (e.g. user identity); and (5) the outcome (success or failure) of the event.
PC 13.02 13. Security Warning notice The system, prior to a user login, shall display a (configurable) notice warning (e.g. "The system should only be accessed by authorized users").
SC 01.01 1. Access Control Security Access Control The system shall enforce the most restrictive set of rights/privileges or accesses needed by users/groups (e.g. System Administration, Clerical, Nurse, Doctor, etc.), or processes acting on behalf of users, for the performance of specified tasks.
SC 01.02 1. Access Control Security Access Control The system shall provide the ability for authorized administrators to assign restrictions or privileges to users/groups.
SC 01.03 1. Access Control Security Access Control The system must be able to associate permissions with a user using one or more of the following access controls: 1) user-based (access rights assigned to each user); 2) role-based (users are grouped and access rights assigned to these groups); or 3) context-based (role-based with additional access rights assigned or restricted based on the context of the transaction such as time-of-day, workstation-location, emergency-mode, etc.) 
SC 01.04 1. Access Control Security Access Control The system shall support removal of a user’s privileges without deleting the user from the system.  The purpose of the criteria is to provide the ability to remove a user’s privileges, but maintain a history of the user in the system.
SC 01.05 1. Access Control Security:  Access Control If role-based access control (RBAC) is supported, the system shall be able to provide role based access control that is in compliance with the HL7 Permissions Catalog.
SC 01.06 1. Access Control Security: Access Control If role-based access control (RBAC) is supported, the system must be capable of operating within an RBAC infrastructure conforming to ANSI INCITS 359-2004, American National Standard for Information Technology – Role Based Access Control.
SC 02.01 2. Audit Security Audit The system shall allow an authorized administrator to enable or disable auditing for events or groups of related events to properly collect evidence of compliance with implementation-specific policies.  Note: In response to a HIPAA-mandated risk analysis and management, there will be a variety of implementation-specific organizational policies and operational limits.
SC 02.03 2. Audit Security Audit The system shall be able to detect security-relevant events that it mediates and generate audit records for them. At a minimum the events shall include: start/stop, user login/logout, session timeout, account lockout, patient record created/viewed/updated/deleted, scheduling, query, order, node-authentication failure, signature created/validated, PHI export (e.g. print), PHI import, and security administration events.  Note: The system is only responsible for auditing security events that it mediates. A mediated event is an event that the system has some active role in allowing or causing to happen or has opportunity to detect. The system is not expected to create audit logs entries for security events that it does not mediate.
SC 02.04 2. Audit Security Audit The system shall record within each audit record the following information when it is available: (1) date and time of the event; (2) the component of the system (e.g. software component, hardware component) where the event occurred; (3) type of event (including: data description and patient identifier when relevant); (4) subject identity (e.g. user identity); and (5) the outcome (success or failure) of the event.
SC 02.05 2. Audit Security Audit The system shall provide authorized administrators with the capability to read all audit information from the audit records in one of the following two ways:  1) The system shall provide the audit records in a manner suitable for the user to interpret the information.  The system shall provide the capability to generate reports based on ranges of system date and time that audit records were collected. 2) The system shall be able to export logs into text format in such a manner as to allow correlation based on time (e.g. UTC synchronization).
SC 02.06 2. Audit Security Audit The system shall be able to support time synchronization using NTP/SNTP, and use this synchronized time in all security records of time.
SC 02.07 2. Audit Security Audit The system shall have the ability to format for export recorded time stamps using UTC based on ISO 8601.  Example: "1994-11-05T08:15:30-05:00" corresponds to November 5, 1994, 8:15:30 am, US Eastern Standard Time.
SC 02.08 2. Audit Security Audit The system shall prohibit all users read access to the audit records, except those users that have been granted explicit read-access.  The system shall protect the stored audit records from unauthorized deletion. The system shall prevent modifications to the audit records. 
SC 03.01 3. Authentication Security Authentication The system shall authenticate the user before any access to Protected Resources (e.g. PHI) is allowed, including when not connected to a network e.g. mobile devices.
SC 03.02 3. Authentication Security Authentication When passwords are used, the system shall support password strength rules that allow for minimum number of characters, and inclusion of alpha-numeric complexity. 
SC 03.03 3. Authentication Security Authentication The system upon detection of inactivity of an interactive session shall prevent further viewing and access to the system by that session by terminating the session, or by initiating a session lock that remains in effect until the user reestablishes access using appropriate identification and authentication procedures. The inactivity timeout shall be configurable.
SC 03.04 3. Authentication Security Authentication The system shall enforce a limit of (configurable) consecutive invalid access attempts by a user. The system shall protect against further, possibly malicious, user authentication attempts using an appropriate mechanism (e.g. locks the account/node until released by an administrator, locks the account/node for a configurable time period, or delays the next login prompt according to a  configurable delay algorithm).
SC 03.05 3. Authentication Security Authentication When passwords are used, the system shall provide an administrative function that resets passwords. 
SC 03.06 3. Authentication Security Authentication When passwords are used, user accounts that have been reset by an administrator shall require the user to change the password at next successful logon.
SC 03.07 3. Authentication Security Authentication The system shall provide only limited feedback information to the user during the authentication.
SC 03.08 3. Authentication Security Authentication The system shall support case-insensitive usernames that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).
SC 03.09 3. Authentication Security Authentication When passwords are used, the system shall allow an authenticated user to change their password consistent with password strength rules (SC 03.02).
SC 03.10 3. Authentication Security Authentication When passwords are used, the system shall support case-sensitive passwords that contain typeable alpha-numeric characters in support of ISO-646/ECMA-6 (aka US ASCII).
SC 03.11 3. Authentication Security Authentication When passwords are used, the system shall use either standards-based encryption, e.g., 3DES, AES, or standards-based hashing, e.g., SHA1 to store or transport passwords.
SC 03.12 3. Authentication Security Authentication When passwords are used, the system shall prevent the reuse of passwords previously used within a specific (configurable) timeframe (i.e., within the last X days, etc. - e.g. "last 180 days"), or shall prevent the reuse of a certain (configurable) number of the most recently used passwords (e.g. "last 5 passwords").
SC 03.13 3. Authentication Security Authentication The system shall support two-factor authentication in alignment with NIST 800-63 Level 3 Authentication. Note: The standards in this area are still evolving.
SC 04.01 4. Documentation Reliability: Documentation The system shall include documentation that describes the patch (hot-fix) handling process the vendor will use for EHR, operating system and underlying tools (e.g. a specific web site for notification of new patches, an approved patch list, special instructions for installation, and post-installation test).
SC 04.02 4. Documentation Reliability: Documentation The system shall include documentation that explains system error or performance messages to users and administrators, with the actions required.
SC 04.03 4. Documentation Reliability: Documentation The system shall include documentation of product capacities (e.g. number of users, number of transactions per second, number of records, network load, etc.) and the baseline representative configurations assumed for these capacities (e.g. number or type of processors, server/workstation configuration and network capacity, etc).
SC 04.04 4. Documentation Reliability: Documentation The system shall include documented procedures for product installation, start-up and/or connection.
SC 04.05 4. Documentation Reliability: Documentation The system shall include documentation of the minimal privileges necessary for each service and protocol necessary to provide EHR functionality and/or serviceability.
SC 04.06 4. Documentation Reliability: Documentation The system shall include documentation available to the customer stating whether or not there are known issues or conflicts with security services  in at least the following service areas:  antivirus, intrusion detection, malware eradication, host-based firewall and the resolution of that conflict (e.g. most  systems should note that full virus scanning should be done outside of peak usage times and should exclude the databases.).
SC 04.07 4. Documentation Reliability: Documentation If the system includes hardware, the system shall include documentation that covers the expected physical environment necessary for proper secure and reliable operation of the system including: electrical, HVAC, sterilization, and work area. 
SC 04.08 4. Documentation Reliability: Documentation The system shall include documentation that itemizes the services (e.g. PHP, web services) and network protocols/ports (e.g. HL-7,  HTTP, FTP)  that are necessary for proper operation and servicing of the system, including justification of the need for that service and protocol. This information may be used by the healthcare facility to properly configure their network defenses (firewalls and routers).
SC 04.09 4. Documentation Reliability: Documentation The system shall include documentation that describes the steps needed to confirm that the system installation was properly completed and that the system is operational.
SC 04.10 4. Documentation Security Documentation The system shall include documentation available to the customer that provides guidelines for configuration and use of the EHR security controls necessary to support secure and reliable operation of the system, including but not limited to: creation, modification, and deactivation of user accounts, management of roles, reset of passwords, configuration of password constraints, and audit logs.
SC 05.01 5. Technical Services Reliability: Technical Services The software used to install and update the system, independent of the mode or method of conveyance, shall be certified free of malevolent software (“malware”).  Vendor may self-certify compliance with this standard through procedures that make use of commercial malware scanning software.
SC 05.02 5. Technical Services Reliability: Technical Services The system shall be configurable to prevent corruption or loss of data already accepted into the system in the event of a system failure (e.g. integrating with a UPS, etc.).
SC 06.01 6. Technical Services Security Technical Services The system shall support protection of confidentiality of all Protected Health Information (PHI) delivered over the Internet or other known open networks via encryption using triple-DES (3DES) or the Advanced Encryption Standard (AES) and an open protocol such as TLS, SSL, IPSec, XML encryptions, or S/MIME or their successors.
SC 06.02 6. Technical Services Security Technical Services When passwords are used, the system shall not display passwords while being entered.
SC 06.03 6. Technical Services Security Technical Services For systems that provide access to PHI through a web browser interface (i.e. HTML over HTTP) shall include the capability to encrypt the data communicated over the network via SSL (HTML over HTTPS). Note: Web browser interfaces are often used beyond the perimeter of the protected enterprise network
SC 06.04 6. Technical Services Security Technical Services The system shall support protection of integrity of all Protected Health Information (PHI) delivered over the Internet or other known open networks via SHA1 hashing and an open protocol such as TLS, SSL, IPSec, XML digital signature, or S/MIME or their successors.
SC 06.05 6. Technical Services Security Technical Services The system shall support ensuring the authenticity of remote nodes (mutual node authentication) when communicating Protected Health Information (PHI) over the Internet or other known open networks using an open protocol (e.g. TLS, SSL, IPSec, XML sig, S/MIME).
SC 06.07 6. Technical Services Security: Technical Services The system, prior to a user login, shall display a (configurable) notice warning (e.g. "The system should only be accessed by authorized users").
SC 07.01 7. Inter-Domain Security:  Inter Domain The system shall be able to communicate identity information across domains and web services using  standards based user authentication and access control.
SC 07.02 7. Inter-Domain Security:  Inter Domain When the system uses HITSP TP13 (IHE XDS) as a Document Consumer, the system shall be able to use the TP13 “Document Integrity” option. This may be a configurable parameter or may be enabled at all times 
SC 08.01 8. Backup/Recovery  Reliability: Backup and Recovery The system shall be able to generate a backup copy of the application data, security credentials, and log/audit files.
SC 08.02 8. Backup/Recovery  Reliability: Backup and Recovery The system restore functionality shall result in a fully operational and secure state.  This state shall include the restoration of the application data, security credentials, and log/audit files to their previous state.
SC 08.03 8. Backup/Recovery  Reliability: Backup and Recovery If the system claims to be available 24x7 then the system shall have ability to run a backup concurrently with the operation of the application. 

Get the full listing and the test scripts here http://www.cchit.org/certify/ambulatory/

Last Updated ( Tuesday, 28 October 2008 01:13 )  

Google Translate

Software

DrugFormatica
DrugFormatica provides a simple drug database providing information about FDA approved medications.
ProcFormatica
ProcFormatica provides a simple medical procedures database including information about the latest ICD-10-PCS codes.
PsychFormatica
PsychFormatica provides a simple medical procedures database including information about the latest DSM IV codes.

Healthcare IT in Egypt

In this section you'll find a list of companies and organizations working in the healthcare IT sector in Egypt.

Read more here...

 

Who's Online

We have 30 guests online

Counter

Members : 1
Content : 543
Web Links : 68
Content View Hits : 2937775

 

 

 

Medical Informatics

Medical informatics has to do with all aspects of understanding and promoting the effective organization, analysis, management, and use of information in health care.

read more...

Hospital Information Systems

A Hospital Management Information Systems (HMIS) is a comprehensive, integrated information system designed to manage the administrative, financial and clinical aspects of a hospital.

read more...

Videos

Mediformatica's videos section is rapidly becoming one of the largest health informatics video libraries linking to over 250 videos to this date...



read more...

Mediformatica's Blog

Mediformatica's Blog is frequently updated with the latest and most exciting news and reviews related to the subject of Medical Informatics.


read more...