Background Image

ONC Health IT Cost And Limitations Disclosure

ONC Health IT Cost And Limitations Disclosure
This iProcedures LLC – iPro Anesthesia 9.3.1 software is ONC 2014 Edition compliant and has been certified by ICSA Labs, an ONC-ACB, in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Certification Details
  • Vendor Name: iProcedures LLC
  • Date certified: 9/25/13
  • Product name/version: iPro Anesthesia 9.3.1
  • Inpatient CHPL Product ID: 130076R00
  • Criteria to which each EHR module has been tested and certified Certification Details for both Ambulatory and Inpatient

170.314(d)(1) AUTHENTICATION, ACCESS CONTROL, AND AUTHORIZATION

Authentication, access control, and authorization. (i) Verify against a unique identifier(s) (e.g., username or number) that a person seeking access to electronic health information is the one claimed; and (ii) Establish the type of access to electronic health information a user is permitted based on the unique identifier(s) provided in paragraph (d)(1)(i) of this section, and the actions the user is permitted to perform with the EHR technology.

170.314(d)(2) AUDITABLE EVENTS AND TAMPER-RESISTANCE

Auditable events and tamper-resistance. (i) Record actions. EHR technology must be able to: (A) Record actions related to electronic health information in accordance with the standard specified in § 170.210(e)(1); (B) Record the audit log status (enabled or disabled) in accordance with the standard specified in § 170.210(e)(2) unless it cannot be disabled by any user; and (C) Record the encryption status (enabled or disabled) of electronic health information locally stored on end-user devices by EHR technology in accordance with the standard specified in § 170.210(e)(3) unless the EHR technology prevents electronic health information from being locally stored on end-user devices (see 170.314(d)(7) of this section). (ii) Default setting. EHR technology must be set by default to perform the capabilities specified in paragraph (d)(2)(i)(A) of this section and, where applicable, paragraphs (d)(2)(i)(B) or (C), or both paragraphs (d)(2)(i)(B) and (C). (iii) When disabling the audit log is permitted. For each capability specified in paragraphs (d)(2)(i)(A) through (C) of this section that EHR technology permits to be disabled, the ability to do so must be restricted to a limited set of identified users. (iv) Audit log protection. Actions and statuses recorded in accordance with paragraph (d)(2)(i) of this section must not be capable of being changed, overwritten, or deleted by the EHR technology. (v) Detection. EHR technology must be able to detect whether the audit log has been altered.

170.314(d)(3) AUDIT REPORT(S)

Audit report(s). Enable a user to create an audit report for a specific time period and to sort entries in the audit log according to each of the data specified in the standards at § 170.210(e).

170.314(d)(5) AUTOMATIC LOG-OFF

Automatic log-off. Prevent a user from gaining further access to an electronic session after a predetermined time of inactivity.

170.314(d)(6) EMERGENCY ACCESS

Emergency access. Permit an identified set of users to access electronic health information during an emergency.

170.314(d)(7) END-USER DEVICE ENCRYPTION

End-user device encryption. Paragraph (d)(7)(i) or (ii) of this section must be met to satisfy this certification criterion. (i) EHR technology that is designed to locally store electronic health information on end-user devices must encrypt the electronic health information stored on such devices after use of EHR technology on those devices stops. (A) Electronic health information that is stored must be encrypted in accordance with the standard specified in § 170.210(a)(1). (B) Default setting. EHR technology must be set by default to perform this capability and, unless this configuration cannot be disabled by any user, the ability to change the configuration must be restricted to a limited set of identified users. (ii) EHR technology is designed to prevent electronic health information from being locally stored on end-user devices after use of EHR technology on those devices stops.

170.314(d)(8) INTEGRITY

Integrity. (i) Create a message digest in accordance with the standard specified in § 170.210(c). (ii) Verify in accordance with the standard specified in § 170.210(c) upon receipt of electronically exchanged health information that such information has not been altered.


  • Additional software relied upon to demonstrate compliance with certification criterion:
    • Meinberg NTP Client for Windows
    • Microsoft Windows server
    • Microsoft SQL server
    • Microsoft ASP.net
    • Microsoft IIS
  • Additional costs required to pay and implement and use the Certified Health IT's capabilities:
    • Connection
    • Transaction
    • Hosting fee
  • Known limitations:
    • There are no known limitations that a user may encounter in the course of implementing and using this Modular EHR's capabilities, whether to meet meaningful use objectives and measures or to achieve any other use within the scope of the health IT's certification.