Taction Software®
Healthcare IT Glossary

What is ONC?
Office of National Coordinator

When a hospital buys a certified EHR, when a developer builds a FHIR API, when a patient accesses their health data through a mobile app — ONC is the federal entity that defined the rules making all of it possible. It’s the closest thing U.S. healthcare IT has to a governing body, setting the standards that every certified system must meet and enforcing the regulations that keep health data flowing.

Certifications

Tell Us Your Requirements

Our experts are ready to understand your business goals.

What is 1 + 1 ?

100% confidential & no spam

Definition of ONCHow ONC Works in HealthcareKey ONC Standards and SpecificationsImplementation ConsiderationsHow Taction Helps with ONC Compliance

Definition of ONC

ONC, which stands for the Office of the National Coordinator for Health Information Technology, is a staff division within the U.S. Department of Health and Human Services (HHS) responsible for coordinating nationwide efforts to implement and use health information technology and electronic health information exchange.

ONC was established by executive order in 2004 and codified into law by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Its role was significantly expanded by the 21st Century Cures Act of 2016, which gave ONC authority over interoperability standards, health IT certification, and information blocking enforcement.

ONC’s core functions include:

Setting health IT standards. ONC defines the technical standards that certified health IT must support — including FHIR for API-based data exchange, C-CDA for clinical document exchange, and vocabulary standards like SNOMED CT, LOINC, and ICD-10.

Managing the Health IT Certification Program. ONC establishes the criteria that EHR systems and other health IT modules must meet to be certified. Certification is required for participation in CMS incentive and quality programs.

Developing and maintaining USCDI. ONC manages the United States Core Data for Interoperability (USCDI) — the standardized data set that defines what information certified systems must exchange.

Enforcing information blocking rules. Under the Cures Act, ONC investigates potential information blocking by health IT developers, health information networks, and health information exchanges, and refers violations to the HHS Office of Inspector General for civil monetary penalties.

Advancing TEFCA. ONC established the Trusted Exchange Framework and Common Agreement (TEFCA) — the national governance framework for health information exchange (HIE) that aims to create a network of networks for nationwide interoperability.

In simple terms: ONC is the federal office that decides what health IT systems must do, how they must share data, and what happens when they don’t.

How ONC Works in Healthcare

ONC influences healthcare IT through rulemaking, certification requirements, standards development, and enforcement actions.

EHR vendors must maintain certification as criteria evolve. When ONC advances to a new USCDI version or adds new certification requirements through rulemaking, vendors must update their products and re-certify within the specified compliance timeline.

Rulemaking
ONC issues federal rules that establish and update health IT requirements. The most significant recent rules include the ONC Cures Act Final Rule (2020), HTI-1 (2023), and HTI-2 (2024). Each rule updates certification criteria, advances USCDI to new versions, adds or modifies technical standards requirements, and refines information blocking provisions. Healthcare IT teams must track ONC rulemaking to maintain compliance.
Health IT Certification Program
ONC accredits testing organizations (ONC-Authorized Testing Labs, or ONC-ATLs) and certifying bodies (ONC-Authorized Certification Bodies, or ONC-ACBs) that evaluate health IT products against certification criteria. Products that pass testing receive ONC Health IT Certification, which is listed on the Certified Health IT Product List (CHPL) — the public registry of all certified health IT modules.
Standards advancement
ONC works with standards development organizations — HL7 International, IHE, NCPDP, X12 — to develop and adopt health IT standards. ONC selects which versions of which standards to require in certification criteria. For example, ONC’s adoption of FHIR R4 and the US Core Implementation Guide as certification requirements drove industry-wide FHIR implementation.
Information blocking enforcement
ONC receives and investigates complaints about potential information blocking by health IT developers, HINs, and HIEs. Substantiated cases are referred to the HHS OIG, which can impose civil monetary penalties of up to $1 million per violation. ONC publishes guidance on the eight regulatory exceptions and what constitutes reasonable vs. unreasonable data access practices.
TEFCA governance
ONC oversees the Recognized Coordinating Entity (RCE) — currently The Sequoia Project — that manages TEFCA’s operational framework. TEFCA designates Qualified Health Information Networks (QHINs) that agree to exchange health data under a Common Agreement. As TEFCA expands, it will become the primary mechanism for nationwide health information exchange.

Key ONC Standards and Specifications

Clinical documentation — Certified systems must support structured clinical documentation using standardized vocabularies (SNOMED CT for problems, LOINC for observations, RxNorm for medications).

Interoperability — Certified systems must expose FHIR R4 APIs conforming to the US Core Implementation Guide, support SMART on FHIR app launch, and implement Bulk FHIR export.

Clinical decision support — Certified systems must provide configurable clinical decision support capabilities.

Patient data access — Certified systems must enable patients to access their health data through FHIR-based APIs, supporting third-party app authorization via SMART on FHIR.

Electronic health information export — Certified systems must support single-patient and population-level export of all electronic health information (EHI).

HTI-2 (2024) — Further updated certification requirements, advanced USCDI, and addressed emerging areas including AI transparency in health IT.

Legacy
ONC Certification Criteria
ONC certification criteria define the functional and technical requirements certified health IT must meet. Key criteria include:
Legacy
HTI-1 and HTI-2 Rules
HTI-1 (Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing, 2023) — Updated certification criteria to require USCDI v3, added algorithm transparency requirements for clinical decision support, and refined information blocking provisions.
Legacy
USCDI
ONC develops and maintains USCDI — the versioned data standard defining minimum exchangeable data classes. ONC advances USCDI through rulemaking, each version adding data classes based on stakeholder input and clinical need. The USCDI+ program extends the core standard for domain-specific use cases.
Legacy
TEFCA Common Agreement
The TEFCA Common Agreement defines the legal, technical, and operational requirements for QHINs. Participants agree to exchange data under standardized terms — including minimum data sets, query response requirements, security standards, and breach notification procedures.
Building an ONC integration? Let’s talk.
Book a free call

Implementation Considerations

Healthcare IT teams must track ONC requirements and build compliance into their development and operational processes.

HIPAA alignment. ONC certification requirements and HIPAA requirements overlap but are not identical. Organizations must satisfy both — ONC’s interoperability and data access mandates alongside HIPAA’s privacy and security rules. Conflicts between “share more data” (Cures Act) and “protect data” (HIPAA) require careful policy and consent design.

Certification is continuous, not one-time
ONC updates certification criteria through rulemaking on a regular cadence. Vendors must monitor upcoming rules, assess impact on their products, implement required changes, and re-certify within compliance timelines. Treating certification as a one-time event rather than an ongoing process creates compliance gaps.
USCDI version tracking
Each ONC rule advances the required USCDI version. Your development roadmap must account for adding new USCDI data classes, updating FHIR US Core profiles, expanding C-CDA templates, and updating vocabulary mappings. Monitor the USCDI expansion process (ONDEC submissions) to anticipate future requirements.
Information blocking awareness across the organization
Information blocking isn’t just a technology issue — it’s an organizational practice issue. Every department that touches health data access — IT, compliance, legal, privacy, clinical operations — must understand what constitutes information blocking, what the eight exceptions are, and how to document compliance. Training and policy development are as important as technical implementation.
Testing against certification tools
ONC-approved testing tools — Inferno (for FHIR API testing), the C-CDA Scorecard, and ONC-ATL test procedures — should be integrated into your development and QA processes. Don’t wait for formal certification testing to discover conformance issues.
TEFCA readiness
As TEFCA expands, more organizations will be expected to participate in nationwide health data exchange through QHINs. Assess your connectivity options, plan for technical integration with TEFCA-designated QHINs, and budget for participation agreements and ongoing operational requirements.

How Taction Helps with ONC Compliance

At Taction, our team helps EHR vendors, health IT developers, and healthcare organizations build systems that meet ONC certification requirements and stay compliant as regulations evolve.

What we do:

Whether you’re pursuing ONC certification for the first time, updating an existing certified product, or building compliance infrastructure across your organization, our healthcare technology team delivers the regulatory depth and technical precision ONC demands.

ONC certification preparation
We build health IT products and modules that meet ONC certification criteria — including FHIR API implementation, SMART on FHIR authorization, Bulk FHIR export, C-CDA document support, and clinical decision support capabilities.
FHIR API development
We build US Core-compliant FHIR R4 APIs that satisfy ONC interoperability requirements — handling resource profiles, search parameters, terminology bindings, and capability statement publication.
Information blocking compliance
We audit health IT products and organizational practices against ONC’s information blocking rules, identify gaps, map restrictions to regulatory exceptions, and build remediation plans.
USCDI implementation
We implement current and upcoming USCDI data classes in EHR and clinical systems — including vocabulary mapping, FHIR profile conformance, and C-CDA template updates.
Ongoing compliance monitoring
We help organizations track ONC rule updates (HTI-1, HTI-2, future rulemaking) and maintain their systems in compliance as certification criteria evolve.

Explore Related Terms

What is Meaningful Use?

Ready to discuss your ONC project?

Schedule a free call

Ready to Discuss Your Project With Us?

Your email address will not be published. Required fields are marked *

What is 1 + 1 ?

What's Next?

Our expert reaches out shortly after receiving your request and analyzing your requirements.

If needed, we sign an NDA to protect your privacy.

We request additional information to better understand and analyze your project.

We schedule a call to discuss your project, goals. and priorities, and provide preliminary feedback.

If you're satisfied, we finalize the agreement and start your project.