• About InfoGard

  The Company

  • Overview
  • What We Do
  • Credentials
  • Independent Third Party
  • Careers
  • Contact Us

  Clients

  • Our Customers
  • Customer Testimonials

  Management Team

  • Company Management
  • Company Advisors
• Sectors We Serve

  Healthcare IT

  • EHR Testing & Certification
  • ONC-ATCB Certification
  • Hospital EHR Certification
  • Hospital Meaningful Use Incentive Payment Security Risk Analysis
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • HIPAA Security & Privacy Assessments
  • SecureEHR
  • Breach Safe Harbor Certification
  • CalHIPSO
  • Penetration Test Services for Healthcare
  • Healthcare Vulnerability Scan Service
  • Medical Device Validation
  • Services for Security Technology Vendors
  • Healthcare Security and Privacy Offerings

  Federally Mandated Security

  • FIPS 140-2
  • Common Criteria Validation
  • Postal Systems
  • FIPS 201 (NPIVP) Card Command Validation

  Financial Services

  • Hardware Security Module
  • PCI Pin Entry Device Security
  • PCI Approved Scanning Vendor Validation
  • MasterCard PTS
  • Australian Payments Clearing Association
• Problems We Solve

  Problems We Solve

  • Healthcare
  • Smart Card/ID
  • Financial Industry
  • Federal Government

  Security Technology

  • Cryptographic Knowledge
  • Comprehensive Network Assessments
  • System Security Assessments
  • Compliance Assessments
  • FIPS 140-2
• Blog, News, & Events
  • Blog
  • Conferences
  • News
• Resources

  Resources by Sectors

  • Federally Mandated Security
  • Financial Services
  • Healthcare IT

  General Resources

  • Network Security Assessment
  • GSA Schedule
  • FAQ About EHR & HHS Safe Harbor Certification
  • Meaningful Use & Certification
  • About Breach Safe Harbor
  • Useful Links

ONC-ATCB Process

Home > Healthcare Information Technology > ONC-ATCB Certification > ONC-ATCB Process

InfoGard has designed a collaborative Electronic Health Record (EHR) Certification Process to test Complete EHRs or specific EHR Modules intended to meet one or more of the Stage 1 Meaningful Use criteria for eligible professionals in a Hospital setting or the Physician’s office.

The process of applying for certification consists of the following phases:

1. Application
2. Pre-Testing
3. Testing
4. Certification

I. Application Phase

• To begin the EHR Certification Process, InfoGard sends the Vendor an EHR Certification and Application form for completion: Vendor Application. Once the Vendor contact information has been returned, InfoGard will send a Certification Agreement to the applicant.
• After InfoGard receives the completed Application and Agreement, InfoGard will send a Statement of Work (SOW) for signature, with pricing tailored to the actual Testing (see below).

II. Pre-Testing Phase

• During the Pre-Testing phase, InfoGard will ask the Vendor to complete a Vendor Questionnaire. This questionnaire is key to ensuring successful Testing for each Meaningful Use requirement. Based on the information provided from this questionnaire, InfoGard will custom design a Test Plan for each EHR Vendor. The Test Plan will be organized according to the National Institute of Standards and Technology (NIST) test requirements in a logical testing flow.
• InfoGard will arrange a one-day Pre-Testing Preparedness Service to assist in test preparation of the product. InfoGard staff will assist the Vendor in understanding the requirements, completing the questionnaire, determining the needs for testing, and walking through the Test Plan. Although optional, this service can assist in identifying any areas where the EHR product is not compliant with the chosen criteria. This gives the Vendor an opportunity to correct any item(s) prior to the formal testing phase.
• When InfoGard receives the completed Vendor questionnaire, a Pre-Test Meeting will be scheduled to answer any specific questions about the Testing to be performed and the Certification Process.

III. Testing Phase

• Testing can be performed on site at the Vendor facility, on site at InfoGard, or done remotely. The Testing Process will be discussed with the Vendor and the Test Method determined based on the the most suitable approach for the Vendor, with successful Testing of the product as the main objective.
• If a product tested does not meet one or more of the Testing requirements, the product must be modified and re-tested accordingly.
• Once all requirements are met, the product is ready for Certification.

IV. Certification Phase

• The InfoGard Certification Body receives a completed Test Report from the InfoGard Testing Body and reviews the report to determine if the Vendor qualifies for certification. If additional Testing is required, the InfoGard Certification Body will contact the InfoGard Testing Body to address issues that require further attention.  The InfoGard Testing Body will then submit an updated report to the InfoGard Certification Body, and the Vendor will be contacted.
• Once all Testing has been successfully completed, the InfoGard Certification Body will certify the EHR system being tested.
• InfoGard will notify the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) of the EHR product’s certification status for submission on the ONC Certified HIT Product List (CHPL).
• InfoGard will issue a certificate to the Vendor identifying the certified product name, version, and Testing criteria met, as well as a Certified Logo request form.

Pricing

• 1st module - $5,000 for eight required Security and Privacy EHR modules 170.302 (o) - (v) and one (1) additional module
• $19,900 for one (1) Complete Ambulatory EHR
• $19,400 for one (1) Complete Inpatient EHR
• $24,000 for one (1) Complete Ambulatory and one (1) Inpatient EHRs