INTRO    EQUATIONS    CRITERIA    DECISION    CONVERT    SPECIALTIES    REFS    SEARCH    NEW    FHIR APP    POLICIES    CONTACT

 
EBMcalc ONC Certification Criteria
 
Listed here are the current ONC (Office of the National Coordinator for Health Information Technology) Certification Criteria. Below each criteria is information about related EBMcalc functionality. The ONC Health IT Certification Program (2015 Edition) is linked here.
 
45 CFR 170.315 (b)(6) (Data Export): "A user can configure the technology to create export summaries using the Continuity of Care Document document template."

• EBMcalc is an Evidence-Based Medicine decision support tool comprised of medical equations, clinical criteria sets, and decision trees. It is not an electronic health record, and it does not receive, create, or transmit Continuity of Care Document documents of any kind.

 
45 CFR 170.315 (d)(1) (Authentication, Access Control, Authorization): "Verify against a unique identifier(s) (e.g., username or number) that a user seeking access to electronic health information is the one claimed; and [...] establish the type of access to electronic health information a user is permitted based on the unique identifier(s) provided"

• EBMcalc utilizes OAUTH2 standards for user identification and authorization. Users must be verified and authenticated on the EHR connecting to EBMcalc. Once verified and authenticated, a time limited access token is generated by the SMART OAUTH2 protocol to allow access to EBMcalc functionality

 
45 CFR 170.315 (d)(2) (Auditable Events and Tamper-resistance): "The health IT records actions pertaining to electronic health information [...] when health IT is in use; changes to user privileges when health IT is in use; and records the date and time [each action occurs]. [...] The health IT records the audit log status [...] when the audit log status is changed and records the date and time each action occurs. [...] The health IT records the information [...] when the encryption status of locally stored electronic health information on end-user devices is changed and records the date and time each action occurs.

• EBMcalc access logs record each interaction, including the particular calculator component selected by date and time.

 
45 CFR 170.315 (d)(3) (Audit Report(s)): "Enable a user to create an audit report for a specific time period and to sort entries in the audit log according to each of the data."

• EBMcalc customers may request an audit report of their users system interactions at any time.

 
45 CFR 170.315 (d)(5) (Automatic Access Time-out): "Automatically stop user access to health information after a predetermined period of inactivity. [...] Require user authentication in order to resume or regain the access that was stopped."

• Time limited access tokens automatically block access after a short period of no activity, typically 9-30 minutes based on configuration and EHR.

 
45 CFR 170.315 (d)(7) (End-user Device Encryption): "Technology that is designed to locally store electronic health information on end-user devices must encrypt the electronic health information stored on such devices after use of the technology on those devices stops [or] technology is designed to prevent electronic health information from being locally stored on end-user devices after use of the technology on those devices stops."

• EBMcalc DOES NOT store proteced health information by any means.

 
45 CFR 170.315 (d)(8) (Integrity): "Verify [...] upon receipt of electronically exchanged health information that such information has not been altered."

• Secure Sockets/HTTPS data transport protocols protect information from alteration of any kind.

 
45 CFR 170.315 (d)(9) (Trusted Connection): "Health IT needs to provide a level of trusted connection using either 1) encrypted and integrity message protection or 2) a trusted connection for transport."

• EBMcalc utelizes OAUTH2 to verify user access and SSL certificates/HTTPS protocols to encrypt all network movement of information between the EHR and the EBMcalc system.

 
45 CFR 170.315 (d)(11) (Accounting of Disclosures): "Record disclosures made for treatment, payment, and health care operations."

• EBMcalc has no role in healthcare payment operations. Our usage standards and disclosures are listed on every page of EBMcalc

 
45 CFR 170.315 (g)(3) (Safety-enhanced Design): "User-centered design processes must be applied to each capability technology."

• All EBMcalc oomponents are built with simple, clear fonts and screen layputs. On screen buttons, check boxes, and numeric input screen elements are easily accessed for sure data input. There are no third part advertisements or other such visual distractions of any kind.

 
45 CFR 170.315 (g)(4) (Quality Management System): "For each capability that a technology includes and for which that capability's certification is sought, the use of a Quality Management System (QMS) in the development, testing, implementation, and maintenance of that capability must be identified."

• EBMcalc content is developed and validated by the physicians and pharmacists either employed or associated with Foundation Internet Services, LLC, the creator of EBMcalc.
• EBMcalc components go through rigourous unit testing in our Quality Management System (QMS). Our QMS checks each new calculator component with a variety of data inputs to assure correct output, or correct error messages in the case of inappropriate data input.
• Additionally, our EBMcalc RefBot custom software scours the National Library of Medicine PubMed database once a week, checking every one of our literature references for new descriptive terms, erratum, citations, etc... Our physician editors review all erratum reports to see if they may affect calculation based on a corrected article.

 
45 CFR 170.315 (g)(5) (Accessibility-centered Design): "The use of a health IT accessibility-centered design standard or law in the development, testing, implementation and maintenance of that capability must be identified."

• All EBMcalc oomponents are built with simple, clear fonts and screen layouts. For users with sight impairment, browser based mechanisms allow users to increase or decrease the size and visibility of all screen elements easily. EBMcalc employs no sound input or output.

 
45 CFR 170.315 (g)(7) (Application Access - Patient Selection): " The technology must be able to receive a request with sufficient information to uniquely identify a patient and return an ID or other token that can be used by an application to subsequently execute requests for that patien's data."

• The SMART on FHIR protocols are used to uniquely identify patients/subjects in context so that only that person's lab data may be sent to the EBMcalc system for calculations.

 
45 CFR 170.315 (g)(8) (Application Access - Data Category Request): "Respond to requests for patient data (based on an ID or other token) for each of the individual data categories specified in the Common Clinical Data Set and return the full set of data for that data category (according to the specified standards, where applicable) in a computable format."

• EBMcalc does not receive, contain, or transmit any patient data or Common Clinical Data Sets.

 
45 CFR 170.315 (g)(9) (Application Access - All Data Request): "Respond to requests for patient data (based on an ID or other token) for all of the data categories specified in the Common Clinical Data Set at one time and return such data (according to the specified standards, where applicable) in a summary record formatted [...] following the CCD document template."

• EBMcalc does not contain, receive, produce, or transmit any Common Clinical Data sets.

 
45 CFR 170.523 (k)(1) (Pricing Transparency): "Any additional types of costs that an EP, EH, or CAH would pay to implement the Complete EHR's or EHR Module's capabilities in order to attempt to meet meaningful use objectives and measures."

• EBMcalc is a provider-centered application, and as such is not a part of Meaningful Use.

 
45 CFR 170.523 (n) (Complaint Process): "Submit a list of complaints received to the National Coordinator on a quarterly basis each calendar year that includes the number of complaints received, the nature/substance of each complaint, and the type of complainant for each complaint."

• Complaints will be collected through an on line trouble ticket mechanism, with each addressed in timely fashion. Quarterly reports on such complaints will be sent to ONC as required.