VisualDx is compliant with ONC Certification Criteria.

  • 45 CFR 170.315 (b)(6) (Data Export): VisualDx does not write data back to the EHR nor does it allow users to create a data export.
  • 45 CFR 170.315 (d)(1) (Authentication, Access Control, Authorization): the VisualDx SMART app authenticates itself to the partner EHR via OAuth2, and requests data from FHIR resources via patientId.
  • 45 CFR 170.315 (d)(2) (Auditable Events and Tamper-resistance): VisualDx only reads data via standard FHIR endpoints, and does not store or change any personal health information. The onus is on the EHR to ensure data integrity.
  • 45 CFR 170.315 (d)(3) (Audit Report(s)): VisualDx does not store patient data. If a partner EHR experiences a security incident, VisualDx can generate a forensic report of SMART app activity.
  • 45 CFR 170.315 (d)(5) (Automatic Access Time-out): VisualDx sessions expire after 1 hour of inactivity.
  • 45 CFR 170.315 (d)(7) (End-user Device Encryption): VisualDx does not store any Personal Health Information, either locally or remotely.
  • 45 CFR 170.315 (d)(8) (Integrity): VisualDx only reads data via standard FHIR endpoints, and does not store or change any personal health information.
  • 45 CFR 170.315 (d)(9) (Trusted Connection): All requests to and from the VisualDx SMART app are encrypted using Transport Layer Security.
  • 45 CFR 170.315 (d)(11) (Accounting of Disclosures): VisualDx makes no disclosures of Personal Health Information.
  • 45 CFR 170.315 (g)(3) (Safety-enhanced Design): See our accessibility document.
  • 45 CFR 170.315 (g)(4) (Quality Management System): VisualDx is not an EHR, and does not seek ONC-ACB certification.
  • 45 CFR 170.315 (g)(5) (Accessibility-centered Design): See our accessibility document.
  • 45 CFR 170.315 (g)(7) (Application Access - Patient Selection): VisualDx does not maintain patient data records. Patient data is queried from the EHR by patientId.
  • 45 CFR 170.315 (g)(8) (Application Access - Data Category Request): VisualDx does not respond to requests for patient data – all data is queried from the EHR.
  • 45 CFR 170.315 (g)(9) (Application Access - All Data Request): VisualDx does not respond to requests for patient data – all data is queried from the EHR.
  • 45 CFR 170.523 (k)(1) (Pricing Transparency): VisualDx does not seek ONC-ACB certification, so 170.523 (k)(1) does not apply.
  • 45 CFR 170.523 (n) (Complaint Process): VisualDx is not ONC-ACB certified, and does not need to submit a list of complaints received to the National Coordinator.