VisualDx is compliant with ONC Certification Criteria.

 

  • 45 CFR 170.315 (b)(6) (Data Export):
    VisualDx does not write data back to the EHR nor does it allow users to create a data export.
  • 45 CFR 170.315 (d)(1) (Authentication, Access Control, Authorization):
    the VisualDx SMART app authenticates itself to the partner EHR via OAuth2, and requests data from FHIR resources via patientId.
  • 45 CFR 170.315 (d)(2) (Auditable Events and Tamper-resistance):
    VisualDx only reads data via standard FHIR endpoints, and does not store or change any personal health information. The onus is on the
    EHR to ensure data integrity.
  • 45 CFR 170.315 (d)(3) (Audit Report(s)):
    VisualDx does not store patient data. If a partner EHR experiences a security incident, VisualDx can generate a forensic report of SMART app activity.
  • 45 CFR 170.315 (d)(5) (Automatic Access Time-out):
    VisualDx sessions expire after 1 hour of inactivity.
  • 45 CFR 170.315 (d)(7) (End-user Device Encryption):
    VisualDx does not store any Personal Health Information, either locally or remotely.
  • 45 CFR 170.315 (d)(8) (Integrity):
    VisualDx only reads data via standard FHIR endpoints, and does not store or change any personal health information.
  • 45 CFR 170.315 (d)(9) (Trusted Connection):
    All requests to and from the VisualDx SMART app are encrypted using Transport Layer Security.
  • 45 CFR 170.315 (d)(11) (Accounting of Disclosures):
    VisualDx makes no disclosures of Personal Health Information.
  • 45 CFR 170.315 (g)(3) (Safety-enhanced Design):
    See our accessibility document.
  • 45 CFR 170.315 (g)(4) (Quality Management System):
    VisualDx is not an EHR, and does not seek ONC-ACB certification.
  • 45 CFR 170.315 (g)(5) (Accessibility-centered Design):
    See our accessibility document.
  • 45 CFR 170.315 (g)(7) (Application Access – Patient Selection):
    VisualDx does not maintain patient data records. Patient data is queried from the EHR by patientId.
  • 45 CFR 170.315 (g)(8) (Application Access – Data Category Request):
    VisualDx does not respond to requests for patient data – all data is queried from the EHR.
  • 45 CFR 170.315 (g)(9) (Application Access – All Data Request):
    VisualDx does not respond to requests for patient data – all data is queried from the EHR.
  • 45 CFR 170.523 (k)(1) (Pricing Transparency):
    VisualDx does not seek ONC-ACB certification, so 170.523 (k)(1) does not apply.
  • 45 CFR 170.523 (n) (Complaint Process):
    VisualDx is not ONC-ACB certified, and does not need to submit a list of complaints received to the National Coordinator.