What Is ONC (b)(10) Certification?

Get acquainted with the latest requirements of the Office of the National Coordinator for Health Information Technology and explore the solution to complying with the (b)(10) EHI Export Criterion.

Recently, the Kodjin FHIR Server achieved the Cures Update § 170.315(b)(10) Electronic Health Information (EHI) Export criterion certification. Given the upcoming deadline for this criterion from the ONC’s Final Rule, we’d like to shed some light on the latest requirements of the Office of the National Coordinator for Health Information Technology for the secure exchange of patient data and why it is transformative for the US healthcare system. 

Prerequisites for § 170.315(b)(10) Requirements?

Despite the wide use of EHR solutions in the US and previous regulations designed to improve healthcare data exchange, the lack of a centralized repository for the Centers for Disease Control and Prevention presents numerous challenges that demand a strategic approach for ensuring effective data management on the national level. 

Countries such as Denmark, Estonia, and Ukraine created a centralized repository of healthcare data to handle data fragmentation and interoperability challenges. In Ukraine, a centralized data repository ensured the smooth integration of 33 regional EHRs into the national eHealth system and facilitated transparency and accessibility of healthcare data. The architecture, built on a microservices model with open APIs, provides a robust foundation for connecting national registries and private EHR systems. 

In the US, the requirements for the (b)(10) criterion aim to improve interoperability and accessibility to patient data for individuals and groups of patients by pushing all certified health IT modules that store electronic health information (EHI) to obtain the (b)(10) certificate and provide individuals with the right to access EHI under the HIPAA Privacy Rule.

What Are the Advantages of Matching the (b)(10) EHI Export Requirements?

The latest requirements from the ONC’s Final Rule are designed to encourage innovation, transparency, and the adoption of best practices in data sharing within healthcare. By following these requirements, developers of certified health IT can create diverse export capabilities to match the needs of any specific healthcare system, ensuring adaptivity to innovative technologies and evolution in the health IT ecosystem. 

§ 170.315(b)(10) Certification Requirements:

  • On-Demand Patient Data Access: This requirement mandates all Health IT Modules that store EHI to export health information for patients and other users at any time without requiring developer assistance. This ensures seamless accessibility to individual patient data, supporting informed decision-making and ultimately enhancing the efficiency of healthcare delivery.
  • A publicly accessible hyperlink of the export’s format: The exported files are required to be in an electronic and computable format accessible through a public and up-to-date hyperlink to ensure authorized users can retrieve information straight away. 
  • User Authorization Control: To effectively safeguard patient data from unauthorized use and support secure and controlled access to EHI exports, the Certified Health IT Modules must be able to limit users authorized for EHI exports.

Essentially, (b)(10) healthcare compliance empowers patients to play a central role in improving healthcare interactions and fostering a more connected healthcare ecosystem.

EHI Export Challenges

The evaluation of the real-world performance of the 21st Century Cures Act population-level application programming interface has highlighted issues during export/import procedures, including:

API Processing Speed 

The speed of API request processing can vary considerably, directly affecting the overall efficiency of data retrieval and download workflows. Performance scaling differences between vendors and implementations may result in delays and incorrect results. 


While handling large-scale export/import operations, problems such as data incompleteness, improper template configuration, and occasional vendor tool errors can disrupt the seamless transfer of electronic health records.

Operational Coordination

The intricate nature of workflows for large-scale export/import operations requires coordinating with multiple teams and navigating workflow configurations. Processing millions of requests without errors requires enhanced communication between different departments and organizations. Compliance with (b)(10) requirements ensures a fast, seamless, and error-free exchange of vital health information.

Navigating EHI Export Challenges by Leveraging Bulk Data Export

The Bulk Data Export feature of the Kodjin FHIR Server addresses the requirements of the ONC (b)(10) certification and supports importing mass data into a centralized FHIR repository. 

Kodjin’s Bulk-Export vs. (b)(10) Criterion:

Efficient Retrieval of Patient Data On-Demand: Kodjin’s Bulk Export service enables seamless configuration and initiation of data export through one API call. It allows exporting data for all patients, a specified patient subset, or the entire FHIR dataset on the server. The asynchronous export process minimizes the impact on system performance, and the results remain accessible for download from media storage for several days.

Accessible Export Format Hyperlink: Exported files in the .ndjson format from Kodjin’s Bulk Data Export feature are hosted in a protected AWS S3-compatible bucket with secure and time-limited access links. These links remain valid for seven days after manifest retrieval, aligning with the requirement for a publicly accessible electronic and computable format hyperlink.

Control Over User Authorization: Kodjin’s Bulk Export authentication mechanism is mandated by the SMART Backend Services Protocol Details, which ensures that only authenticated clients with a valid auth token and matching client ID can initiate and access the export process. By enforcing this authentication protocol, Kodjin’s Bulk Export establishes a stringent user authorization control, limiting access to only explicitly authorized users.


The Kodjin Bulk Data Export fulfills the (b)(10) certification and exceeds requirements. It enables efficient, on-demand access to patient data and ensures secure user authorization control through JWT assertion-based authentication. The exported data is delivered in a publicly accessible format via hyperlinks, as required by ONC.

Complying with the (b)(10) EHI Export Criterion improves patient data access and fosters a more connected healthcare ecosystem. Our approach aligns with ONC’s goals to promote adaptability to innovative technologies and transparency in data sharing. Contact us for more information about an out-of-the-box solution for interoperability and regulatory compliance in healthcare.

Post author

Andrii Krylov

Product Owner at Edenlab

More article about Blog about FHIR

Let`s chat

We would be glad to share more details about our enterprise-level FHIR software solutions and other cases based on the HL7 FHIR standard.

    Your form has been submitted successfully

    We will contact your shortly

    Kodjin White Paper

    Please leave your email to get Kodjin White Paper

      By downloading files from this site you agree to the Policy

      The Kodjin White Paper has been successfully sent to your email

      We have sent a copy to your email

      Back to website content