Is it necessary to obtain ONC Certificate for a customized OpenEMR?


We are using OpenEMR with some of the custom changes as below:

  1. Using our own logo.
  2. Changed the Styles.
  3. We are also planning to do some customizations to our OpenEMR.

So, with all the above changes, Is our OpenEMR still ONC Ambulatory certified or we need to go for a certification, as we made the changes?

Could some one clarify me on this?

Thank you

Hello @Sricharan_Tumula
Logo and style are no threat to your instance’s certification. As far as modifying the EMR itself, here’s the page from the OpenEMR wiki listing the criteria which are certified. If you change any of these your OpenEMR instance would lose certification in that criteria.

Be careful!
Best- Harley

@htuck I am a brand new user. Other than not being real computer savvy as far as a lot of this goes, I also am not sure if I even need any certifications. I do volunteer sports medicine for a semi-pro team in my state. I do not need a anything documentation wise for the sports med part, however for some of the athletes without insurance, some of what I do crosses over into needing more documentation (treating a non-sport related rashes, allergies, or other illnesses for example). But I do need a more formal documentation system. Do you think OpenEMR is the right choice? If I am a physician and completely lost at this point, where do I begin? lol

If you are not required to use a Certified EMR then you can modify the software however way you like. Most users who full under USA CMS billing (Medicaid / Medicare / CHIP, etc) are required contractually to use a ONC certified EMR. Some insurance companies require contractually for you to use a certified EMR as well.

Typically if you fall under the guidelines of HIPAA you have to conduct a security risk assessment if you deal with PHI or ePHI, you’ll have to justify the reasons for not using a certified product if you are ever audited, which can put you at risks of large penalties. That said, if you’ve conducted your own risk assessment you’ll need to have documentation to show how your version is just as secure as the certified version.

If you are strictly a cash payer user or do all your services pro-bono, I’ve heard from people that this puts you outside of HIPAA and you don’t have to deal with all of this, but you’d want to consult with a lawyer to verify that as I am not qualified to offer legal advice.

1 Like

@Sassapuss Welcome to the OpenEMR community, and thanks @adunsulag for that authoritative answer!

I would only add that per your description of your use cases, OpenEMR would be perfect. It has several different data entry forms already made which would probably suit your needs.
If you haven’t already checked out the OpenEMR wiki take a look here for a list of the available clinical forms

Come on back if you develop more questions.
Best- Harley