OpenEMR 7.0.1 ONC Ambulatory EHR Certification Requirements
Overview
OpenEMR 7.0.1 has ONC Ambulatory EHR Certification. The requirements for your OpenEMR instance to fulfill this certification are in below Requirements section.
Requirements
- You are required to register your Organization name and FHIR endpoint with the OpenEMR Foundation by sending an email with this information to hello@open-emr.org with subject of 'ONC registration'. This information will be posted on OpenEMR_7.0.1_API#Service_Base_URLs, which is a requirement for ONC certification (the OpenEMR Foundation is required to post this information within 10 days of your request).
- Required global settings
- Administration->Globals->Security->Hash Algorithm for Authentication->SHA512 (ONC Certification)
- Administration->Globals->Security->Hash Algorithm for Token->SHA512 (ONC Certification)
- Administration->Globals->Logging->Enable Audit Log Encryption->On
- Administration->Globals->Connectors->Enable OpenEMR Standard FHIR REST API->On
 
- To ensure optimal security, users are required to run their OpenEMR client web browser on a end-user device that encrypts entire drive(s) with AES based encryption algorithm.
- To ensure optimal security, users are required to use a FIPS compliant cipher for the HTTPS/SSL browser connection.
- To ensure accurate time, server are required to set up a Network Time Protocol server that supports version 4 Network Time Protocol (NTP) as defined by RFC 5905.
- For users NOT NEEDING ONC certification, then would consider setting following global setting to improve performance
- Administration->Globals->Security->Audit Logging SELECT Query->Off
- Administration->Globals->Security->Printing Log Option->No logging
 
Certification Details
| Developer Name | OpenEMR Foundation | 
| Product Name | OpenEMR | 
| Version | 7.0 | 
| Certification number | 15.05.05.3115.OPEN.01.00.1.220708 (View Certificate) | 
| Certification date | July 8, 2022 | 
| Criteria certified | 170.315(a)(1), 170.315(a)(2), 170.315(a)(5), 170.315(a)(12), 170.315(a)(14), 170.315(b)(1), 170.315(b)(10), 170.315(b)(11), 170.315(c)(1), 170.315(c)(2), 170.315(c)(3), 170.315(d)(1), 170.315(d)(2), 170.315(d)(3), 170.315(d)(4), 170.315(d)(5), 170.315(d)(6), 170.315(d)(7), 170.315(d)(8), 170.315(d)(9), 170.315(d)(12), 170.315(d)(13), 170.315(e)(3), 170.315(g)(2), 170.315(g)(3), 170.315(g)(4), 170.315(g)(5), 170.315(g)(6), 170.315(g)(7), 170.315(g)(9), 170.315(g)(10), 170.315(h)(1) | 
| CQMs certified | CMS22, CMS69, CMS122, CMS124, CMS125, CMS127, CMS130, CMS138, CMS147, CMS165 | 
| Additional Software | EMR Direct Interoperability Engine 2017 (for criteria 170.315(b)(1) and 170.315(h)(1)) and AccessGUDID Version 2 (for criteria 170.315(a)(14)) | 
Disclaimer: This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
This is free software except for the following exception. There is one third party services which is required to be used with this software to fulfill ONC certification compliance, which is the EMR Direct phimail service (approximate pricing is $300 setup fee and $150 yearly per provider).
See also: Go to CHPL link, Real World Testing and Summary of ONC Certification (Certification Stage III).

