Updox Certifications

ONC Health Information Technology Certification

  • HIT Vendor:      Updox
  • Version:             2014.1Drummond.png
  • Date Certified:   4/10/2015
  • Certification #:   04102015-0178-5
  • Modules:           
    • 170.314 (e)(1) View, Download, Transmit
    • 170.314 (e)(3) Secure Messaging
    • 170.314 (g)(1) Automated Numerator Recording
    • 170.314 (g)(4) Quality System Management
    • 170.314 (h)(1) Direct Messaging
  • Clinical Quality Measures:
    • None (not applicable to Updox services)
  • Additional Software Required:
    • Electronic Health Record (EHR) software

This Health IT Module is 2014 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services.  This certification does not represent an endorsement by the U.S. Department of Health and Human Services.


Capabilities, Costs, and Limitations

Updox provides the following capabilities related to ONC, Meaningful Use, and MIPS Advancing Care Information requirements. Typically, these services are available to providers/hospitals through Updox’s EHR vendor partners. While providers/hospitals can purchase these services directly from Updox, a certified EHR system is also required. 


Direct Messaging & Secure Messaging

This functionality allows practice/hospital users to send and receive Direct-based messages to/from other users of certified health IT systems. Direct messages may include clinical data, notes, and other healthcare related information.

The process for sending/receiving Direct messages varies depending on the EHR vendor partnered with Updox.  

ONC Certification module: 170.314(h)(1)

Limitations (Business): For security purposes, Direct messaging exchange is limited to providers who have an established trust relationship with Updox. This includes providers using Updox as their Health Information Services Provider (HISP) and providers using a different HISP that has a trust agreement with Updox, either directly or through DirectTrust.

To participate in the DirectTrust network personal Identify verification is required for a practice representative or each user depending on the arrangement with the EHR vendor.

Limitations (Technical): None

Costs: The business contract between Updox and each EHR vendor details the Direct messaging fees. The fees vary by contract but typically include: a one-time integration fee, monthly Direct messaging subscription per address, and identity verification fee per attempt.


Secure Messaging

This functionality allows practice/hospital users to send and receive secure messages to/from patients using the Updox Patient Portal.  

The process for sending/receiving secure messages varies depending on the EHR vendor partnered with Updox.

ONC Certification module: 170.314(e)(3)

Limitations (Business): Updox Patient Portal also required

Limitations (Technical): None

Costs: No additional costs


Patient Portal

This functionality enables a practice/hospital to give their patients online access to their health information, transmit clinical care summaries to other parties using Direct messaging, and exchange secure messages with their providers. Additional functionality not related to Meaningful Use includes appointment scheduling, payment processing, and submitting forms. The Patient Portal is specific to one practice or hospital.

ONC Certification module: 314(e)(1), 170.314(e)(3),  

Limitations (Business): Transmitting from the Patient Portal via Direct Messaging is limited to clinical care summaries/records. The receiver must have a Direct address and is subjected to the same limitations listed for Direct messaging above.

Limitations (Technical): None

Costs: The business contract between Updox and each EHR vendor details the Patient Portal fees. The fees vary by contract but typically include: a one-time integration fee and monthly per provider subscription.


Meaningful Use Measures

This functionality enables EHR vendors to obtain numerator related information from Updox to calculate the following Meaningful Use measures related to the Patient Portal: Patient Electronic Access (measures 1 and 2) and Secure Electronic Messaging.

ONC Certification modules: 314(g)(1)

Limitations (Business): Updox Patient Portal also required

Limitations (Technical): None

Costs: No additional costs


EHNAC  and DirectTrust.org Accreditation

Updox is fully accredited by the Electronic Healthcare Network Accreditation Commission (EHNAC) and DirectTrust.org. These accreditations validate HIPAA compliance as well as the technical, security, trust, and business practice conformance of services related to Direct messaging:

  • Health Information Services Provider (HISP)
  • Certificate Authority (CA)
  • Registration Authority (RA) 

A HISP is an organization that provides Direct messaging services to securely transmit healthcare information over the internet.

A CA is an organization that issues digital certificates to Direct messaging users. Certificates help to ensure that Direct messaging is secure.

An RA is an organization that verifies the identity of individuals using Direct messaging. Identity verification also helps to ensure security by verifying that users “are who they say they are”.

EHNAC.png