(a) Condition of Certification—(1) Measure responses. A health IT developer must submit (to the independent entity designated by the Secretary) for each reporting period pursuant to paragraph (b) of this section:

(i) Responses for the measures specified in this section, which must include:

(A) Data aggregated at the product level (across versions);

(B) Documentation related to the data sources and methodology used to generate measures; and

(C) Percentage of total customers (e.g., hospital sites, individual clinician users) represented in provided data; or

(ii) A response (attestation) that it does not:

(A) Meet the minimum reporting qualifications requirement in paragraph (a)(2) of this section; or

(B) Have health IT certified to the certification criteria specified in each measure in paragraphs (a)(3)(i) through (vii) of this section; or

(C) Have any users using the certified health IT specified in each measure in paragraphs (a)(3)(i) through (vii) of this section during the reporting period.

(2) Minimum reporting qualifications requirement. At least 50 hospital sites or 500 individual clinician users across the developer's certified health IT.

(3) Measures—(i) Individuals' access to electronic health information through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(e)(1) or (g)(10) or both, then the health IT developer must submit responses for the number of unique individuals who access electronic health information (EHI) overall and by different methods of access through certified health IT.

(ii) Consolidated clinical document architecture (C-CDA) problems, medications, and allergies reconciliation and incorporation through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(b)(2), then the health IT developer must submit responses for:

(A) Encounters;

(B) Unique patients with an encounter;

(C) C-CDA documents obtained (unique and overall); and

(D) C-CDA documents reconciled and incorporated both through manual and automated processes.

(iii) Applications supported through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(g)(10), then the health IT developer must submit responses on how their certified health IT is supporting the application ecosystem, by providing the following information for applications that are connected to their certified health IT including:

(A) Application Name(s);

(B) Application Developer Name(s);

(C) Intended Purpose(s) of Application;

(D) Intended Application User(s); and

(E) Application Status.

(iv) Use of FHIR in apps through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(g)(10), then the health IT developer must submit responses on the number of requests made to distinct certified health IT deployments that returned FHIR resources, number of distinct certified health IT deployments active at any time, the number of distinct deployments active at any time that returned FHIR resources in response to API calls from apps connected to certified health IT, including stratifying responses by the following:

(A) User type;

(B) FHIR resource; and

(C) US Core Implementation Guide version.

(v) Use of FHIR bulk data access through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(g)(10), then the health IT developer must submit responses for the total number of FHIR bulk data access requests completed through the certified health IT, and the number of distinct deployments of the certified health IT active at any time overall, and by whether at least one bulk data download request was completed.

(vi) Immunization administrations electronically submitted to immunization information systems through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(f)(1), then the health IT developer must submit responses for the use of certified health IT to electronically send immunizations administered to immunization information systems (IIS), including stratifying responses based on the following subgroups:

(A) IIS; and

(B) Age group.

(vii) Immunization history and forecasts through certified health IT. If a health IT developer has a Health IT Module certified to § 170.315(f)(1), then the health IT developer must submit responses for the use of certified health IT to query immunization history and forecast information from immunization information systems (IIS), including stratifying responses based on the following subgroup:

(A) IIS.

(B) [Reserved]

(b) Maintenance of Certification. (1) A health IT developer must provide responses to the Insights Condition of Certification specified in paragraph (a) of this section annually for any Health IT Module that has or has had an active certification at any time under the ONC Health IT Certification Program during the prior six months:

(i) A health IT developer must provide responses for measures specified in:

(A) Paragraphs (a)(3)(i), (iii), (iv)(A) and (B), and (vi) of this section beginning July 2027;

(B) Paragraphs (a)(3)(ii)(A) through (C), (iv)(C), (v), (vi)(A) and (B), and (vii) of this section beginning July 2028; and

(C) Paragraph (a)(3)(ii)(D), (vii)(A) of this section beginning July 2029.

(ii) [Reserved]

(2) [Reserved]

[89 FR 1434, Jan. 9, 2024; 89 FR 16470, Mar. 7, 2024]