ONC Health IT Certification is a long, technical, high-stakes process, and very few firms can take a product through it end to end. Taction Software prepares EHR vendors and health-tech products for certification under the ONC Health IT Certification Program (administered by ASTP/ONC) — closing the gap against your target criteria, engineering the FHIR APIs and functional features the criteria require, preparing you for ONC-Authorized Testing Lab (ATL) testing, validating conformance with the Inferno test suite, and coordinating your ONC-Authorized Certification Body (ACB) submission. Because we are FHIR-fluent healthcare software engineers, we do the implementation, not just the consulting.
Schedule a Free ONC Certification Path Assessment → (NDA-protected)
FHIR specialist team · Inferno conformance experience · healthcare engineering credentials
When ONC Certification Is Required
CMS Promoting Interoperability Programs
Providers participating in CMS Promoting Interoperability programs must use Certified EHR Technology (CEHRT). If your customers attest under those programs, your product needs the relevant certification for them to use it.
Customer Procurement Requirements
Hospitals and provider groups increasingly require certified health IT in procurement. Without certification, you are excluded from those deals before the conversation starts.
Health IT Module Marketing
Certification lets you market your product as certified health IT against specific criteria — a concrete, verifiable claim that buyers and partners trust.
ONC Certification Criteria We Help You Pass
Clinical Criteria
We implement and prepare the clinical criteria: patient demographics and observations, problem list, medication list, and allergies, clinical decision support (see our perspective on clinical decision support), and clinical quality measures.
Privacy & Security Criteria
We implement the privacy and security criteria — authentication, access control, and authorization, audit reports, encryption, and patient matching — building on our healthcare data security practice.
Interoperability Criteria
We implement the interoperability criteria at the center of the Cures Act: the FHIR API (§170.315(g)(10)), USCDI data elements, care plan and provenance, and public health reporting — drawing on our FHIR API development and HL7 integration work.
Our ONC Certification Methodology
Gap Analysis Against Target Criteria
We assess your product against the specific criteria you intend to certify to, producing a concrete gap list with the engineering work each gap requires.
Engineering Implementation
We build what is missing — FHIR APIs, functional features, security controls — directly in your product, as part of our custom healthcare software development and EHR development work. This is where consulting-only firms stall and we keep moving.
ATL Test Procedure Preparation
We prepare your product and your team for the formal ATL test procedures, so testing is a confirmation rather than a discovery.
Inferno Test Suite Conformance
We validate (g)(10) and related conformance against the Inferno test suite before formal testing, catching conformance issues early.
ACB Submission & Surveillance Readiness
We support your ACB submission and prepare you for ongoing surveillance, so certification holds up after it is granted.
USCDI Coverage & Implementation
USCDI Data Class Implementation
We implement the USCDI data classes required by your criteria. (Certification currently centers on USCDI v3, with later versions phasing in — we build to the version your target criteria require.)
Code System Coverage
We implement the required terminologies end to end: LOINC, SNOMED CT, RxNorm, and ICD-10, mapped correctly to the relevant data elements.
FHIR Resource Mapping
We map your clinical data to the correct FHIR resources and profiles so your API returns conformant, US Core-aligned data.
Cures Act API Requirements (§170.315(g)(10))
FHIR R4 Capability Statement
A conformant FHIR R4 server with an accurate capability statement describing exactly what your API supports.
SMART on FHIR Implementation
SMART on FHIR authorization so apps can connect securely with appropriate scopes — implemented on top of our FHIR API foundation.
Bulk Data Export (Flat FHIR)
Population-level bulk data export (Flat FHIR / FHIR Bulk Data) as required by the criterion.
Patient-Facing API
A patient-facing API that lets patients access their data through third-party apps, as the Cures Act intends.
Certification Timeline & Investment
Phase 1: Gap Analysis (4–6 weeks)
We establish exactly where you stand against your target criteria and scope the work.
Phase 2: Implementation (4–8 months)
The engineering phase — building the APIs, features, and controls the criteria require. Duration depends on how far your current product is from the target.
Phase 3: ATL Testing (1–3 months)
Formal testing with an ONC-Authorized Testing Lab, which we prepare you for and support throughout.
Phase 4: ACB Submission & Certification
Submission through your ONC-Authorized Certification Body and the issuance of certification, with surveillance readiness in place.
ONC ATL & ACB Coordination
ATL Coordination
We coordinate directly with ONC-Authorized Testing Labs, managing test procedures and the back-and-forth so your team stays focused on the product.
ACB Submission Support
We support the submission to your ONC-Authorized Certification Body, preparing the documentation and evidence the ACB requires.
Surveillance Response
After certification, products are subject to surveillance. We help you stay conformant and respond effectively if surveillance occurs.
Schedule a Free ONC Certification Path Assessment →
Frequently Asked Questions
Which ONC certification criteria apply to us?
Most products today certify against the 2015 Edition Cures Update criteria, but exactly which criteria you need depends on your product type and how your customers use it. The free path assessment identifies the specific criteria that apply to you.
Do we need certification, or just Cures Act API compliance?
They are related but not identical. Some organizations are obligated to hold formal certification (for example, to support customers in CMS programs); others primarily need to meet Cures Act API requirements without full module certification. We help you determine which actually applies — see our overview of 21st Century Cures Act compliance.
Can you do partial module certification?
Yes. You can certify to the specific criteria relevant to your product rather than an entire suite, and we scope the engagement to the criteria you actually need.
Who pays for ATL & ACB?
The ATL testing and ACB certification fees are paid by you to those independent bodies; they are separate from our preparation and engineering work. We are explicit about which costs are ours versus the ATL’s and ACB’s so there are no surprises.
How long does certification stay valid?
Certification remains valid as long as the product continues to conform and meet program requirements, including surveillance — there is no fixed expiration, but you must maintain conformance as criteria and your product evolve.
Schedule a Free ONC Certification Path Assessment →
Reviewed by Taction Software’s FHIR and healthcare interoperability engineering team. ISO 27001-certified information security management.