OpenEMR 8.0.0 ONC Ambulatory EHR Certification Requirements
From OpenEMR Project Wiki
Overview
OpenEMR 8.0.0 has ONC Ambulatory EHR Certification. The requirements for your OpenEMR instance to fulfill this certification are in below Requirements section.
Requirements
- You are required to register your Organization name, Organization location, Organization NPI number and FHIR endpoint with the OpenEMR Foundation by sending an email with this information to [email protected] with subject of 'ONC registration'. This information will be posted on OpenEMR_8.0.0_API#Service_Base_URLs, which is a requirement for ONC (the OpenEMR Foundation is required to post this information within 10 days of your request).
- Required global settings
- Administration->Globals->Security->Hash Algorithm for Authentication->SHA512 (ONC Certification)
- Administration->Globals->Logging->Enable Audit Log Encryption->On
- Administration->Globals->Connectors->Enable OpenEMR Standard FHIR REST API->On
- To ensure optimal security, users are required to run their OpenEMR client web browser on a end-user device that encrypts entire drive(s) with AES based encryption algorithm.
- To ensure optimal security, users are required to use a FIPS compliant cipher for the HTTPS/SSL browser connection.
- To ensure accurate time, server are required to set up a Network Time Protocol server that supports version 4 Network Time Protocol (NTP) as defined by RFC 5905.
- For users NOT NEEDING ONC certification, then would consider setting following global setting to improve performance
- Administration->Globals->Security->Audit Logging SELECT Query->Off
- Administration->Globals->Security->Printing Log Option->No logging
Certification Details
ONC Certification Details
| 🏅 ONC Health IT Certification — OpenEMR 8 | |
|---|---|
| Developer Name | [OpenEMR Foundation] |
| Product Name | [OpenEMR] |
| Version | 8 |
| Certification Number | 15.05.05.3115.OPEN.02.01.1.260130 📄 View Certificate
|
| Certification Date | January 30, 2026 |
| CHPL Listing | View on CHPL ↗ |
Certified Criteria
| Category | Criteria |
|---|---|
| (a) — Patient Access & Clinical | 170.315(a)(1), (a)(2), (a)(5), (a)(12), (a)(14) |
| (b) — Transitions of Care | 170.315(b)(1), (b)(10), (b)(11) |
| (c) — Clinical Quality Measures | 170.315(c)(1), (c)(2), (c)(3) |
| (d) — Privacy & Security | 170.315(d)(1), (d)(2), (d)(3), (d)(4), (d)(5), (d)(6), (d)(7), (d)(8), (d)(9), (d)(12), (d)(13) |
| (e) — Coordination of Care | 170.315(e)(3) |
| (g) — General & Certification | 170.315(g)(2), (g)(3), (g)(4), (g)(5), (g)(6), (g)(7), (g)(9), (g)(10) |
| (h) — Immunization | 170.315(h)(1) |
Certified Clinical Quality Measures (CQMs)
| CQM | Measure Name |
|---|---|
| CMS22 | Preventive Care and Screening: Blood Pressure Screening and Follow-Up Plan |
| CMS69 | Preventive Care and Screening: Body Mass Index (BMI) Screening and Follow-Up Plan |
| CMS122 | Diabetes: Hemoglobin A1c (HbA1c) Poor Control (>9%) |
| CMS124 | Cervical Cancer Screening |
| CMS125 | Breast Cancer Screening |
| CMS127 | Pneumococcal Vaccination Status for Older Adults |
| CMS130 | Colorectal Cancer Screening |
| CMS138 | Preventive Care and Screening: Tobacco Use Screening and Cessation Intervention |
| CMS147 | Preventive Care and Screening: Influenza Immunization |
| CMS165 | Controlling High Blood Pressure |
Additional Software Used
| Software | Applicable Criteria |
|---|---|
| EMR Direct Interoperability Engine 2017 | 170.315(b)(1) and 170.315(h)(1) |
| AccessGUDID Version 2 | 170.315(a)(14) |
Transparency and Disclosure Requirements
This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
Additional Costs
OpenEMR is free software. However, one third-party service is required to fulfill ONC certification compliance: the EMR Direct phimail service (approximate pricing: $300 setup fee + $150/year per provider).
