OpenEMR 7.0.2 ONC Ambulatory EHR Certification Requirements

From OpenEMR Project Wiki


OpenEMR 7.0.2 has ONC Ambulatory EHR Certification. The requirements for your OpenEMR instance to fulfill this certification are in below Requirements section.


  • You are required to register your Organization name and FHIR endpoint with the OpenEMR Foundation by sending an email with this information to with subject of 'ONC registration'. This information will be posted on OpenEMR_7.0.2_API#Service_Base_URLs, which is a requirement for ONC (the OpenEMR Foundation is required to post this information within 10 days of your request).
  • Required global settings
  • Administration->Globals->Security->Hash Algorithm for Authentication->SHA512 (ONC Certification)
  • Administration->Globals->Security->Hash Algorithm for Token->SHA512 (ONC Certification)
  • Administration->Globals->Logging->Enable Audit Log Encryption->On
  • Administration->Globals->Connectors->Enable OpenEMR Standard FHIR REST API->On
  • To ensure optimal security, users are required to run their OpenEMR client web browser on a end-user device that encrypts entire drive(s) with AES based encryption algorithm.
  • To ensure optimal security, users are required to use a FIPS compliant cipher for the HTTPS/SSL browser connection.
  • To ensure accurate time, server are required to set up a Network Time Protocol server that supports version 4 Network Time Protocol (NTP) as defined by RFC 5905.
  • For users NOT NEEDING ONC certification, then would consider setting following global setting to improve performance
  • Administration->Globals->Security->Audit Logging SELECT Query->Off
  • Administration->Globals->Security->Printing Log Option->No logging

Certification Details

  • Disclaimer: This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
  • Developer Name: OpenEMR Foundation
  • Product Name: OpenEMR
  • Version: 7.0
  • Certification number:
  • Certification date: July 8, 2022
  • Criteria certified: 170.315(a)(1), 170.315(a)(2), 170.315(a)(5), 170.315(a)(9), 170.315(a)(12), 170.315(a)(14), 170.315(b)(1), 170.315(b)(10), 170.315(c)(1), 170.315(c)(2), 170.315(c)(3), 170.315(d)(1), 170.315(d)(2), 170.315(d)(3), 170.315(d)(4), 170.315(d)(5), 170.315(d)(6), 170.315(d)(7), 170.315(d)(8), 170.315(d)(9), 170.315(d)(12), 170.315(d)(13), 170.315(e)(3), 170.315(g)(2), 170.315(g)(3), 170.315(g)(4), 170.315(g)(5), 170.315(g)(6), 170.315(g)(7), 170.315(g)(9), 170.315(g)(10), 170.315(h)(1).
  • CQMs certified: CMS22, CMS69, CMS122, CMS124, CMS125, CMS127, CMS130, CMS138, CMS147, CMS165.
  • Additional Software: EMR Direct Interoperability Engine 2017 (for criteria 170.315(b)(1) and 170.315(h)(1)) and AccessGUDID Version 2 (for criteria 170.315(a)(14)).
  • This is free software except for the following exception. There is one third party services which is required to be used with this software to fulfill ONC certification compliance, which is the EMR Direct phimail service (approximate pricing is $300 setup fee and $150 yearly per provider).
  • Go to CHPL link
  • View Certificate
  • Real World Testing