§170.315(d)(1) Authentication, Access Control, Authorization

Mirth® Connect by NextGen Healthcare User Guide

Summary

The following list gives you a snapshot of the current certifications. Select the link in the Criterion Name column to see more details about the certification criterion. Criterion Name Required Extension Electronic Health Information (EHI) Export (b)(10) Enhancement Bundle Role-Based Access Control Authentication, access control, Authorization (d)(1) Role-Based Access Control Auditable events and tamper-resistance (d)(2) Cures Certification Support Role-Based Access Control Automatic access time-out (d)(5) None Emergency access (d)(6) Role-Based Access Control End-user device encryption (d)(7) None Integrity (d)(8) None Trusted connection (d)(9) SSL Manager Auditing actions on health information (d)(10) Cures Certification Support Encrypt authentication credentials (d)(12) None Multi-factor authentication (d)(13) Multi-Factor Authentication Quality Management System (g)(4) None Accessibility-Centered Design (g)(5) Not applicable Parent topic: Cures Certification

Mirth® Connect by NextGen Healthcare User Guide

Cures Certification

An overview of Cures and the Mirth® Connect extensions required to comply with Cures certification criteria. ONC Health IT Certification promotes transparency, modern standards, and enhanced health IT capabilities by fostering innovation in the health care technology ecosystem to deliver better information to patients, clinicians, and other users. Mirth® Connect by NextGen Healthcare has received ONC Heath IT Certification in the areas described in this section. The Health IT modules are compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services. Holds Certificate No: 15.05.05.2054.NGM2.02.01.1.231213, Certification Date: December 13, 2023 Modules Tested: 170.315 (b)(10); (d)(1-3); (d)(5-10); (d)(12-13); (g)(4,5) Clinical Quality Measu

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(2) Auditable Events and Tamper-Resistance, §170.315(d)(3) Audit Report(s), and §170.315(d)(10) Auditing Actions on Health Information

Cures criteria 170.315(d)(2) Auditable Events and Tamper-Resistance and §170.315(d)(10) Auditing Actions on Health Information. These criteria are interrelated and therefore addressed together. (d)(2) Auditable events and tamper-resistance establishes which actions must be audited, what must be included in the audit records, and required protections around the audit log, including detecting if the audit log has been changed outside of normal processes. (d)(10) Auditing actions on health information establishes which actions must be audited, what must be included in the audit records, and required protections around the audit log, including detecting if the audit log has been changed outside of normal processes. (d)(3) Audit Report(s) requires the ability of health information systems to sort the audit logs. Note: In Mirth® Connect by NextGen Healthcare, the audit log is referred to as Event Log/Browser. Required Extensions Role-Based Access Control Cures Certification Support Features

Mirth® Connect by NextGen Healthcare User Guide

§170.315(b)(10) Electronic Health Information (EHI) Export

Cures criteria for 170.315(b)(10) Electronic Health Information (EHI) Export. (b)(10) Electronic Health Information (EHI) Export gives the user the capability to efficiently export single and multi-patient EHI in a secure and timely manner. Note: Mirth® Connect by NextGen Healthcare is an interoperability engine and is not exposed to full patient data; instead it passes messages from one entity to another and saves only the information in the message. Note: The CURES(b)(10) criteria requires that no psychotherapy data is included in the export. Since Mirth® Connect only passes data, it is the user's responsibility to exclude all psychotherapy data from the export. Required Extensions: Role-Based Access Control Enhancement Bundle Features that Support the Certification Use of the Role-Based Access Control extension to limit access to protected health information (PHI). Ability to view and search for messages on multiple channels. Required Actions Administrator needs to create roles and

Mirth® Connect by NextGen Healthcare User Guide

Alert Actions

This section of the Edit Alert View allows you to decide what actions to take after your alert has been triggered. You can take multiple actions all at once for a single trigger event, which may include sending e-mails to multiple users and dispatching messages to multiple channels. Protocols All protocols also support Velocity Variable Replacement, you can use any of the Alert Variables below, or any Global Map variable. Channel: The template is sent as a message to the channel selected in the Recipient column. The subject is not used for this protocol. Email: The subject and template is used to send an e-mail to the address specified in the Recipient column. User: Same as the Email protocol, the e-mail address used is the one configured for the selected user. Role: E-mails will be sent to all users within a particular Role-Based Access Control role. Only visible when User Authorization is installed. Alert Variables Parent topic: Edit Alert View

Mirth® Connect by NextGen Healthcare User Guide

Services and Extensions

A Mirth® Connect license includes: Support Services: Our team of highly intelligent and broadly capable interoperability experts are dedicated to ensuring your experience is smooth and secure. We provide assistance with troubleshooting, resolving any issues you may face, and offering guidance to optimize your use of our platform. Additionally, we manage hosted upgrades and security updates, ensuring your system remains up-to-date and protected. Whether you need technical assistance or guidance on optimization, our expert team is here to support you every step of the way. Professional Services : Our team provides a full suite of Implementation, Consulting, and Training Services to help organizations maximize the value of Mirth Connect and ensure seamless healthcare operability. With a flexible approach tailored to your organization’s needs, our services ensure that you implement with confidence, optimize with precision, and operate with expertise. Implementation Services: Our structured

§170.315(d)(1) Authentication, Access Control, Authorization

Required Extensions

Features that Support the Certification

Required Actions

Recommendations

Summary

Cures Certification

§170.315(d)(2) Auditable Events and Tamper-Resistance, §170.315(d)(3) Audit Report(s), and §170.315(d)(10) Auditing Actions on Health Information

§170.315(b)(10) Electronic Health Information (EHI) Export

Alert Actions

Services and Extensions

§170.315(d)(1) Authentication, Access Control, Authorization

Required Extensions

Features that Support the Certification

Required Actions

Summary

Cures Certification

§170.315(d)(2) Auditable Events and Tamper-Resistance, §170.315(d)(3) Audit Report(s), and §170.315(d)(10) Auditing Actions on Health Information

§170.315(b)(10) Electronic Health Information (EHI) Export

Alert Actions

Services and Extensions