2015 Edition Health Information Technology (Health IT) Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modifications; Corrections and Clarifications, 76868-76872 [2015-31255]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Office of the Secretary

[Federal Register Volume 80, Number 238 (Friday, December 11, 2015)]
[Rules and Regulations]
[Pages 76868-76872]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-31255]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part 170

RIN 0991-AB93


2015 Edition Health Information Technology (Health IT) 
Certification Criteria, 2015 Edition Base Electronic Health Record 
(EHR) Definition, and ONC Health IT Certification Program 
Modifications; Corrections and Clarifications

AGENCY: Office of the National Coordinator for Health Information 
Technology (ONC), Department of Health and Human Services (HHS).

ACTION: Final rule; corrections and clarifications.

-----------------------------------------------------------------------

SUMMARY: This document corrects errors and clarifies provisions of the 
final rule entitled ``2015 Edition Health Information Technology 
(Health IT) Certification Criteria, 2015 Edition Base Electronic Health 
Record (EHR) Definition, and ONC Health IT Certification Program 
Modifications.''

DATES: This correction is effective January 14, 2016. The final rule 
appeared in the Federal Register on October 16, 2015 (80 FR 62602), and 
is effective on January 14, 2016, except for Sec.  170.523(m) and (n), 
which are effective on April 1, 2016.

FOR FURTHER INFORMATION CONTACT: Michael Lipinski, Office of Policy, 
National Coordinator for Health Information Technology, 202-690-7151.

SUPPLEMENTARY INFORMATION: 

I. Background

    Following the publication of Federal Register document 2015-25597 
of October 16, 2015 (80 FR 62602), final rule entitled ``2015 Edition 
Health Information Technology (Health IT) Certification Criteria, 2015 
Edition Base Electronic Health Record (EHR) Definition, and ONC Health 
IT Certification Program Modifications'' (hereinafter referred to as 
the 2015 Edition final rule), we identified a number of errors in the 
final rule. We summarize and correct these errors in the ``Summary of 
Errors'' and ``Corrections of Errors'' sections below.
    We also clarify requirements of the Common Clinical Data Set 
(CCDS), the privacy and security certification framework, and the 
mandatory disclosures for health IT developers in the 
``Clarifications'' section below.

II. Summary of Errors

A. Preamble Errors

1. ``Audit Report(s)'' Certification Criterion
    We incorrectly identified the adopted 2015 Edition ``audit 
report(s)'' certification criterion throughout the preamble as 
``unchanged'' and eligible for gap certification. More specifically, we 
identified it incorrectly:
    a. On page 62609, under Table 2 (``2015 Edition Health IT 
Certification Criteria''), as an unchanged criterion compared to the 
2014 Edition and gap certification eligible.
    b. On page 62656, second column, in the ``Response'' under ``Audit 
Report(s),'' as adopted as proposed (i.e., ``unchanged'').
    c. On page 62681, under Table 6 (``Gap Certification Eligibility 
for 2015 Edition Health IT Certification Criteria''), as eligible for 
gap certification.
    We adopted the standard at Sec.  170.210(e) as revised to include 
the auditing of changes to user privileges in paragraph (e)(1)(i). The 
adopted 2015 Edition ``audit report(s)'' certification criterion 
references this standard. Therefore, it is a ``revised'' certification 
criterion as compared to the 2014 Edition ``audit report(s)'' 
certification criterion and ineligible for gap certification.
2. ``Integrity'' Certification Criterion
    On page 62657, third column, third paragraph, the last sentence 
incorrectly references SHA-1. The commenters' statements were specific 
to SHA-2.
3. ``Accounting of Disclosures'' Certification Criterion
    On page 62658, first column, mid-page, within the 2015 Edition 
``accounting of disclosures'' certification criterion table, we 
inadvertently referenced the criterion as codified in 45 CFR 
170.315(d)(10), when in fact it was codified in 45 CFR 170.315(d)(11). 
We note that the 2015 Edition ``auditing actions on health 
information'' certification criterion was codified in 45 CFR 
170.315(d)(10).
4. ``Transmission to Public Health Agencies--Antimicrobial Use and 
Resistance Reporting'' Certification Criterion
    On page 62668, third column, lines 2 and 3, there was a 
parenthetical error stating that we adopted the ``transmission to 
public health agencies--antimicrobial use and resistance reporting'' 
certification criterion as proposed (with both Volumes 1 and 2 of the 
HAI IG). The parenthetical is corrected to not reference volumes of the 
HL 7 Implementation Guide for CDA[supreg] Release 2--Level 3: 
Healthcare Associated Infection Reports, Release 1

[[Page 76869]]

(U.S. Realm), August 9, 2013 (HAI IG). This adopted version of the HAI 
IG does not contain multiple volumes. Further, the adopted version of 
the implementation guide was incorporated by reference in Sec.  
170.299(f)(26).
5. Common Clinical Data Set--Assessment and Plan of Treatment, Goals, 
and Health Concerns
    On page 62696, second column, lines 8-14, we did not clearly 
indicate that only the narrative parts of the ``Goals Section'' and 
``Health Concerns Section'' needed to be met in order to meet the CCDS 
definition. We refer readers to section III.A (``Common Clinical Data 
Set'') below for further clarification of these CCDS requirements.

B. Regulation Text Errors

1. 2015 Edition Base EHR Definition
    On page 62742, first column, line 16 (Sec.  170.102), we 
inadvertently made an error in the 2015 Edition Base EHR definition by 
citing to Sec.  170.315(a)(15) instead of Sec.  170.315(a)(14). As 
discussed on pages 62625, 62630, 62691 and identified on page 62692 
(Table 7), we included the ``implantable device list'' certification 
criterion (Sec.  170.315(a)(14)) in the 2015 Edition Base EHR 
definition as we proposed (80 FR 16806, 16825, 16870-16871). We did not 
propose to include nor intend to include the ``social, psychological, 
and behavioral data'' certification criterion (Sec.  170.315(a)(15)) in 
the 2015 Edition Base EHR definition.
2. Sexual Orientation Code
    On page 62744, third column, line 24 (Sec.  170.207(o)(1)(ii)), the 
code (20730005) attributed to ``straight or heterosexual'' was 
inaccurate. The correct code is 20430005 (emphasis added).
3. ``Implantable Device List'' Certification Criterion
    On page 62748, third column, line 1 (Sec.  170.315(a)(14)), we 
inadvertently omitted the word ``and'' at the end of the line. On the 
same page and column, line 42, we inadvertently added the word ``and'' 
when the ``and'' should have been at the end of line 47. On the same 
page and column, line 59, we inadvertently omitted the word ``and'' at 
the end of the line.
4. ``Data Export'' Certification Criterion
    On page 62750, third column, line 63, we inaccurately cross-
referenced paragraphs (ii) through (v) of the ``data export'' 
certification criterion (Sec.  170.315(b)(6)), when the cross-reference 
should have only been to paragraphs (iii) and (iv). Paragraph (v) 
should not have been referenced because there are only four paragraphs, 
ending with paragraph (iv). Paragraph (ii) should not have been cross-
referenced because paragraph (ii) no longer includes a configuration 
capability that could be enabled. The configuration capability included 
in paragraph (ii) was intended to support user selection among the 
multiple document templates we proposed for inclusion in paragraph (ii) 
of this certification criterion. In the final rule, however, we only 
included the Continuity of Care Document (CCD) document template in 
paragraph (ii). Therefore, a configuration capability for selecting 
among document templates is no longer applicable and both the cross-
reference to paragraph (ii) and the inclusion of configuration language 
in paragraph (ii) on page 62751, first column, lines 10-11, are 
incorrect. In terms of the configuration language in paragraph (ii), 
more specifically the inclusion of ``configuration'' in the paragraph 
title is an error as is the inclusion of the capability to ``configure 
the technology'' in the first sentence.
5. ``Clinical Quality Measures--Filter'' Certification Criterion
a. Patient Insurance Standard
    On page 62751, third column, line 22, we inadvertently included 
``at a minimum'' language for the required patient insurance standard. 
The standard (Source of Payment Typology Code Set Version 5.0 (October 
2011)) was adopted at Sec.  170.207(s)(1), but we did not adopt this 
standard as a ``minimum standards'' code set (see 80 FR 62612).
b. Patient Sex Standard
    On page 62751, third column, lines 25-26, we inadvertently included 
``at a minimum'' language for the required patient sex standard. The 
standard for representing sex is the use of specific HL7 Version 3 
codes and was adopted at Sec.  170.207(n)(1). We did not adopt this 
standard as a ``minimum standards'' code set (see 80 FR 62612).
6. ``View, Download, and Transmit to 3rd Party'' (VDT) Certification 
Criterion
    On page 62753, first column, lines 37 and 55 (Sec.  
170.315(e)(1)(ii)), we inadvertently omitted references for a patient's 
authorized representative to have access to the specified capabilities 
related to the activity history log under the VDT certification 
criterion. As discussed on page 62658 and consistent with references 
throughout the VDT criterion, a patient's authorized representative 
access to these capabilities is the same as the patient for the 
purposes of testing and certification.
7. ``Consolidated CDA Creation Performance'' Certification Criterion
    On page 62754, second column, lines 42-46 (Sec.  
170.315(g)(6)(ii)), we inadvertently included a sentence stating that 
the scope of this certification criterion will not exceed the 
evaluation of the CCD, Referral Note, and Discharge Summary document 
templates. This statement is inconsistent with the preamble guidance of 
the final rule on page 62674, which states that we have required that 
Consolidated CDA (C-CDA) creation performance be demonstrated for the 
C-CDA Release 2.1 document templates required by the 2015 Edition 
certification criteria presented for certification. Certification to 
some criteria (e.g., the ``transitions of care'' criterion) requires 
three C-CDA document templates whereas other criteria (e.g., the ``care 
plan'' criterion) only requires one C-CDA document template. To further 
illustrate, if a Health IT Module only included the ``view, download, 
and transmit to 3rd party'' certification criterion (Sec.  
170.315(e)(1)) within its certificate's scope, then only the Continuity 
of Care Document (CCD) document template would be applicable within the 
``C-CDA creation performance'' criterion. Conversely, if a Health IT 
Module designed for the inpatient setting included the ``transitions of 
care'' certification criterion (Sec.  170.315(b)(1)) within its 
certificate's scope, then all three document templates referenced by 
that criterion (CCD, Referral Note, and Discharge Summary) would need 
to be evaluated as part of the ``C-CDA creation performance'' 
criterion, with the Discharge Summary only applicable to the inpatient 
setting.
8. ``Direct Project'' Certification Criterion
    On page 62755, first column, lines 53 through 55 (Sec.  
170.315(h)(1)(ii)), we inadvertently referenced the ``Applicability 
Statement for Secure Health Transport'' in the title for paragraph (ii) 
when it should have only been ``Delivery Notification in Direct.''
9. ``Direct Project, Edge Protocol, and XDR/XDM'' Certification 
Criterion
    On page 62755, second column, lines 4 through 6 (Sec.  
170.315(h)(2)(ii)), we again inadvertently referenced the 
``Applicability Statement for Secure Health Transport'' in the title 
for paragraph (ii) when it should have only been ``Delivery 
Notification in Direct.''

[[Page 76870]]

10. Principles of Proper Conduct for ONC-ACBs--Certified Health IT 
Mandatory Disclosures
a. 2015 Edition Certified Health IT
    On page 62756, third column, lines 35-36 (Sec.  
170.523(k)(1)(ii)(A)), we inadvertently cross-referenced the wrong data 
from Sec.  170.523(f)(1). We did not intend to cross-reference Sec.  
170.523(f)(1)(xvii) (certification to standards used to meet a 
certification criterion). The required data elements for disclosure 
were intended to be consistent across the editions. This data is not a 
required data element for the mandatory disclosures for health IT 
certified to the 2014 Edition. We did, however, intend to require the 
disclosure of Sec.  170.523(f)(1)(xv) (certification to clinical 
quality measures), which was inadvertently omitted but consistent with 
the new and previous 2014 Edition disclosure requirements. We also 
refer readers to section III.C (``Mandatory Disclosures for 2015 
Edition Certified Health IT'') below for a clarification related to the 
disclosure on information specified in Sec.  170.523(f)(1)(viii).
b. 2014 Edition Certified Health IT
    On page 62756, third column, lines 42-43 (Sec.  
170.523(k)(1)(ii)(B)), we inadvertently omitted cross-references to 
paragraphs (f)(2)(iii) (product version) and (vi) (any additional 
relied upon software used to demonstrate compliance with a 
certification criterion or criteria) of Sec.  170.523. The parallel 
requirements were included in the required disclosures for health IT 
certified to the 2015 Edition and were previously required to be 
disclosed as part of certification to the 2014 Edition.
10. In-the-Field Surveillance and Maintenance of Certification for 
Health IT
a. Exclusion and Exhaustion
    On page 62758, third column, lines 4 and 10 (Sec.  170.556(c)(5)), 
we twice inadvertently cross-referenced paragraph (c)(3) of Sec.  
170.556 instead of paragraph (c)(4) of Sec.  170.556. Paragraph (c)(4) 
includes the requirements for locations as they would apply to the 
``exclusion and exhaustion'' requirements of paragraph (c)(5).
b. Termination
    On page 62759, second column, lines 23-24 (Sec.  170.556(d)(6)), we 
inadvertently included language suggesting that termination was limited 
to suspensions in the context of randomized surveillance. Consistent 
with the preamble discussion on pages 62716-62718, termination can 
follow any suspension if the health IT developer has not completed the 
actions necessary to reinstate the suspended certification.

III. Clarifications

A. Common Clinical Data Set

    In the final rule (Sec.  170.102), we define the CCDS to mean data 
expressed, where indicated, according to specified standards. For four 
data specified in the CCDS (Unique Device Identifier(s) for a Patient's 
Implantable Device(s); Assessment and Plan of Treatment; Goals; and 
Health Concerns), we reference specific Consolidated Clinical Document 
Architecture (C-CDA) sections. Based on subsequent examination of this 
regulatory text and early interactions with stakeholders, we have 
determined that additional explanation of these references is necessary 
in order to ensure health IT developers accurately and consistently 
interpret and implement health IT functionality to our expressed 
regulatory requirements. In this regard, we seek to clarify two points.
    First, we clarify that the references to these four specific C-CDA 
section templates is not meant to be strictly interpreted to mean that 
a health IT developer must use the C-CDA's syntax for each referenced 
section. Such a strict interpretation would directly contradict the 
flexibility we have intentionally offered to health IT developers who 
seek to certify to the ``application access--data category request'' 
certification criterion adopted at 45 CFR 170.315(g)(8), which 
references the CCDS but does not bind health IT presented for 
certification to solely use the C-CDA to meet the criterion. To avoid 
stakeholders inadvertently following this overly strict interpretation, 
we clarify that the references to these C-CDA section templates was 
meant (like all of the other data listed in the CCDS) to emphasize that 
these data need to be consistently and independently represented as 
discrete data that are clearly distinguishable.
    Second, we clarify for the Assessment and Plan of Treatment, Goals, 
and Health Concerns data that only the narrative part of the referenced 
C-CDA section templates is necessary and required in order to satisfy 
the CCDS. Further and in support of this clarification, testing and 
certification will focus on the presence of data represented consistent 
with just the narrative part of the referenced section templates. 
Similar to our points above, given that these section templates in the 
C-CDA have two parts (a narrative part and coded requirements part for 
C-CDA), we believe that it is necessary to make this interpretation 
explicit so as to prevent health IT developers from over-interpreting 
this definition's data requirements to include more data than we had 
intended.

B. Privacy and Security Certification Framework--Approach 2

    Under Sec.  170.550(h)(4)(ii), a Health IT Module can meet 
applicable 2015 Edition privacy and security certification criterion by 
demonstrating, through system documentation that is sufficiently 
detailed to enable integration, that the Health IT Module has 
implemented service interfaces for each applicable privacy and security 
certification criterion that enable the Health IT Module to access 
external services necessary to meet the privacy and security 
certification criterion (also known as ``Approach 2''). We clarify 
three points about Approach 2. First, we clarify that the term 
``access'' includes, as applicable, bi-directional interfaces with 
external services. For example, system documentation could detail how 
integration establishes a bi-directional interface that meets the 
requirements of the 2015 Edition ``audit report(s)'' certification 
criterion. Second, external services simply mean services outside the 
scope of the Health IT Module being presented for certification. 
External services could be, but are not limited to, those provided by 
another certified Health IT Module, another software program such as 
Microsoft Active Directory, or a hospital enterprise-wide 
infrastructure. Third, a Health IT Module is not required to be paired 
with the other services for the purposes of certification (e.g., 
certified with another certified Health IT Module that performs the 
privacy and security capability or specifying the external services as 
``relied upon software'').

C. Mandatory Disclosures for 2015 Edition Certified Health IT

    We clarify that for compliance with Sec.  170.523(k)(1)(ii)(A), the 
only information that must be disclosed to meet the data requirement 
specified in Sec.  170.523(f)(1)(viii) is the certification criterion 
or criteria to which the Health IT Module has been certified. This is 
consistent with the disclosure requirements for certification to the 
2014 Edition.

IV. Waiver of Proposed Rulemaking

    We ordinarily publish a notice of proposed rulemaking in the 
Federal Register to provide a period for public comment before the 
provisions of a rule take effect in accordance with section

[[Page 76871]]

553(b) of the Administrative Procedure Act (APA) (5 U.S.C. 553(b)). 
However, we can waive this notice and comment procedure if the 
Secretary finds, for good cause, that the notice and comment process is 
impracticable, unnecessary, or contrary to the public interest, and 
incorporates a statement of the finding and the reasons therefore in 
the notice.
    In our view, this correcting and clarifying document does not 
constitute a rulemaking that would be subject to the APA notice and 
comment requirements. This document corrects errors and clarifies 
provisions of the 2015 Edition final rule published on October 16, 
2015. It does not make substantive changes to the policies that were 
adopted. As a result, this correcting document is intended to ensure 
that the final rule accurately reflects the policies adopted in that 
final rule.
    In addition, even if this were a rulemaking to which the notice and 
comment requirements applied, we find that there is good cause to waive 
such requirements. Undertaking further notice and comment procedures to 
incorporate the corrections in this document into the final rule would 
be contrary to the public interest. Furthermore, such procedures would 
be unnecessary, as we are not altering the policies that were already 
subject to comment and finalized in our final rule. Therefore, we 
believe we have good cause to waive the notice and comment 
requirements.

V. Corrections of Errors

A. Preamble Corrections

    1. On page 62609, correct Table 2 as follows:
    a. Remove ``Audit Report(s)'' from the ``Unchanged Criteria as 
Compared to the 2014 Edition (Gap Certification Eligible)'' category 
and insert it with an in asterisk (i.e., Audit Report(s)*) in the 
``Revised Criteria as Compared to the 2014 Edition'' category after 
``Auditable Events and Tamper-Resistance.''
    b. Revise the ``Unchanged Criteria as Compared to the 2014 Edition 
(Gap Certification Eligible) (16)'' title to ``Unchanged Criteria as 
Compared to the 2014 Edition (Gap Certification Eligible) (15)''.
    c. Revise the ``Revised Criteria as Compared to the 2014 Edition 
(25)'' title to ``Revised Criteria as Compared to the 2014 Edition 
(26)''.
    2. On page 62656, second column, in the ``Response'' under ``Audit 
Report(s),'' correct the first sentence to read ``We have adopted this 
certification criterion as revised to support the audit reporting of 
changes in user privileges consistent with the adopted 2015 Edition 
``auditable events and tamper resistance'' certification criterion.''
    3. On page 62657, third column, third paragraph, correct the last 
sentence to read ``A few commenters requested that we wait until 2017 
or 2018 to increase the standard to SHA-2.''
    4. On page 62658, first column, mid-page, within the 2015 Edition 
``accounting of disclosures'' certification criterion table, the 
citation is corrected to read ``45 CFR 170.315(d)(11).''
    5. On page 62668, third column, lines 2 and 3, correct the 
parenthetical to read ``(with the HAI IG).''
    6. On page 62681, Table 6, remove ``(d)(3) Audit report(s)'' from 
the ``2015 Edition'' column and ``(d)(3) Audit report(s)'' from the 
``2014 Edition'' column.
    7. On page 62696, second column, lines 8-14, correct the sentence 
to read ``Thus, other C-CDA document templates such as CCD, Referral 
Note, and Discharge Summary would need to be able to exchange the 
narrative information from the ``Goals Section'' and ``Health Concerns 
Section'' in order to meet the Common Clinical Data Set definition.''

B. Regulation Text Corrections

0
1. On page 62742, first column, in Sec.  170.102, in the definition of 
``2015 Edition Base EHR'', paragraph (3) is corrected to read as 
follows:


Sec.  170.102  Definitions.

* * * * *
    2015 Edition Base EHR * * *
    (3) Has been certified to the certification criteria adopted by the 
Secretary in Sec.  170.315(a)(1), (2), or (3); (a)(5) through (9); 
(a)(11); (a)(14); (b)(1) and (6); (c)(1); (g)(7) through (9); and 
(h)(1) or (2);
* * * * *

0
2. On page 62744, third column, in Sec.  170.207, paragraph (o)(1)(ii) 
is corrected to read as follows:


Sec.  170.207  Vocabulary standards for representing electronic health 
information.

* * * * *
    (o) * * *
    (1) * * *
    (ii) Straight or heterosexual. 20430005.
* * * * *

0
3. On pages 62748 through 62755, in Sec.  170.315, paragraphs 
(a)(14)(ii)(A), (a)(14)(iv)(A) and (B), (a)(14)(v)(C), (b)(6)(i)(A), 
(b)(6)(ii) introductory text, (c)(4)(iii)(E) and (G), (e)(1)(ii)(A) 
introductory text, (e)(1)(ii)(B), (g)(6)(ii), (h)(1)(ii), and 
(h)(2)(ii) are corrected to read as follows:


Sec.  170.315  2015 Edition health IT certification criteria.

* * * * *
    (a) * * *
    (14) * * *
    (ii) * * *
    (A) Device Identifier; and
* * * * *
    (iv) * * *
    (A) The active Unique Device Identifiers recorded for the patient;
    (B) For each active Unique Device Identifier recorded for a 
patient, the description of the implantable device specified by 
paragraph (a)(14)(iii)(A) of this section; and
* * * * *
    (v) * * *
    (C) The identifiers associated with the Unique Device Identifier, 
as specified by paragraph (a)(14)(ii) of this section; and
* * * * *
    (b) * * *
    (6) * * *
    (i) * * *
    (A) Enable a user to set the configuration options specified in 
paragraphs (b)(6)(iii) and (iv) of this section when creating an export 
summary as well as a set of export summaries for patients whose 
information is stored in the technology. A user must be able to execute 
these capabilities at any time the user chooses and without subsequent 
developer assistance to operate.
* * * * *
    (ii) Creation. Enable a user to create export summaries formatted 
in accordance with the standard specified in Sec.  170.205(a)(4) using 
the Continuity of Care Document document template that includes, at a 
minimum:
* * * * *
    (c) * * *
    (4) * * *
    (iii) * * *
    (E) Patient insurance in accordance with the standard specified in 
Sec.  170.207(s)(1).
    * * *
    (G) Patient sex in accordance with the version of the standard 
specified in Sec.  170.207(n)(1).
* * * * *
    (e) * * *
    (1) * * *
    (ii) * * *
    (A) When any of the capabilities included in paragraphs 
(e)(1)(i)(A) through (C) of this section are used, the following 
information must be recorded and made accessible to the patient (or 
his/her authorized representative):
* * * * *
    (B) Technology presented for certification may demonstrate

[[Page 76872]]

compliance with paragraph (e)(1)(ii)(A) of this section if it is also 
certified to the certification criterion specified in Sec.  
170.315(d)(2) and the information required to be recorded in paragraph 
(e)(1)(ii)(A) of this section is accessible by the patient (or his/her 
authorized representative).
* * * * *
    (g) * * *
    (6) * * *
    (ii) Document-template conformance. Create a data file formatted in 
accordance with the standard adopted in Sec.  170.205(a)(4) that 
demonstrates a valid implementation of each document template 
applicable to the certification criterion or criteria within the scope 
of the certificate sought.
* * * * *
    (h) * * *
    (1) * * *
    (ii) Delivery Notification in Direct. Able to send and receive 
health information in accordance with the standard specified in Sec.  
170.202(e)(1).
* * * * *
    (2) * * *
    (ii) Delivery Notification in Direct. Able to send and receive 
health information in accordance with the standard specified in Sec.  
170.202(e)(1).


Sec.  170.523  [Corrected]

0
4. In Sec.  170.523--
0
a. On page 62756, third column, lines 35-36, paragraph (k)(1)(ii)(A), 
the reference ``paragraphs (f)(1)(i), (vi), (vii), (viii), (xvi), and 
(xvii) of this section'' is corrected to read ``paragraphs (f)(1)(i), 
(vi), (vii), (viii), (xv), and (xvi) of this section''.
0
b. On page 62756, third column, lines 42-43, paragraph (k)(1)(ii)(B), 
the reference ``paragraphs (f)(2)(i), (ii), (iv)-(v), and (vii) of this 
section'' is corrected to read ``paragraphs (f)(2)(i) through (vii) of 
this section''.

0
5. In Sec.  170.556--
0
a. On page 62758, third column, lines 4 and 10, paragraph (c)(5), 
correct the reference ``paragraph (c)(3)'' each time it appears to read 
``paragraph (c)(4)''.
0
b. On page 62759, second column, correct paragraph (d)(6) to read as 
follows:


Sec.  170.556  In-the-field surveillance and maintenance of 
certification for Health IT.

* * * * *
    (d) * * *
    (6) If a certified Complete EHR or certified Health IT Module's 
certification has been suspended, an ONC-ACB is permitted to initiate 
certification termination procedures for the Complete EHR or Health IT 
Module (consistent with its accreditation to ISO/IEC 17065 and 
procedures for terminating a certification) when the developer has not 
completed the actions necessary to reinstate the suspended 
certification.
* * * * *

    Dated: December 7, 2015.
Madhura Valverde,
Executive Secretary to the Department, Department of Health and Human 
Services.
[FR Doc. 2015-31255 Filed 12-10-15; 8:45 am]
 BILLING CODE 4150-45-P