healthit.gov

§ 170.315(f)(6)
Transmission to public health agencies — antimicrobial use and resistance reporting
Get Email Updates
Certification Companion Guide
Test Procedure
Certification Companion Guide
v1.1
View Changelog
Issued Date:
03-11-2024
07-23-2025
This Certification Companion Guide (CCG) is an informative document designed to assist with health IT product certification. The CCG is not a substitute for the requirements outlined in regulation and related ONC final rules. It extracts key portions of ONC final rules’ preambles and includes subsequent clarifying interpretations. To access the full context of regulatory intent please consult the
Certification Regulations
page for links to all ONC final rules or consult other regulatory references as noted. The CCG is for public use and should not be sold or redistributed.
Quick Overview
Required Updates
None
Design and Performance
Additional Criterion Information
Base EHR Definition
Not Included
Real World Testing
Yes
Insights Condition
No
SVAP Versions
Yes
CLARIFICATIONS
REGULATORY
STANDARDS
DEPENDENCIES
RESOURCES
CHANGELOG
IN THIS SECTION
Certification Clarifications
Technical Explanations and Clarifications
Search and Filter
Search Here...
Filter By Paragraph
All
Sort:
Technical outcome – Health IT can create an electronic antimicrobial use and resistance report for the following three sections of the HL7
Implementation Guide for CDA
Release 2 – Level 3: Healthcare Associated Infection (HAI) Reports, Release 1, U.S. Realm, August 2013:
HAI Antimicrobial Use and Resistance (AUR) Antimicrobial Resistance Option (ARO) Report (Numerator) specific document template in Section 2.1.2.1 (pages 69-72);
Antimicrobial Resistance Option (ARO) Summary Report (Denominator) specific document template in Section 2.1.1.1 (pages 54-56); and
Antimicrobial Use (AUP) Summary Report (Numerator and Denominator) specific document template in Section 2.1.1.2 (pages 56-58).
Clarifications:
For the public health certification criteria in § 170.315(f), health IT will only need to be certified to those criteria that are required to meet the measures the provider intends to report on to meet Objective 8: Public Health and Clinical Data Registry Reporting.
The antimicrobial use and resistance reporting information for electronic transmission will be collected by the Centers for Disease Control and Prevention (CDC) only rather than at the jurisdictional level. [see also
80 FR 62668
Health IT developers choosing to exercise the Standards Version Advancement Process (SVAP) for this criterion should use the following guidance for measures described at 170.205(r)(1):
For (i) “HAI Antimicrobial Use and Resistance (AUR) Antimicrobial Resistance Option (ARO) Report (Numerator)...”:
Use the SVAP-approved standard “HL7
CDA
R2 Implementation Guide: Healthcare Associated Infection (HAI) Reports, Release 3 - US Realm, December 2020
For (ii) “Antimicrobial Resistance Option (ARO) Summary Report (Denominator)…":
Use the SVAP-approved standard “HL7
CDA
R2 Implementation Guide: Healthcare Associated Infection (HAI) Reports, Release 3 - US Realm, December 2020”
For (iii) “Antimicrobial Use (AUP) Summary Report (Numerator and Denominator)”:
Continue to use the base standard adopted at 170.205(r)(1) “Health Level 7 (HL7
) Implementation Guide for CDA
Release 2 – Level 3: Healthcare Associated Infection (HAI) Reports, Release 1, U.S. Realm, August 2013”
For support with the testing and/or test tool for this criterion, please contact CDC at
NHSNCDA@cdc.gov
STANDARDS REFERENCED
§ 170.205(r)(1)
HL7® Implementation Guide for CDA® Release 2: Healthcare Associated Infection (HAI) Reports, Release 1
Regulation Text
§ 170.315 (f)(6) Transmission to public health agencies – antimicrobial use and resistance reporting—
Create antimicrobial use and resistance reporting information for electronic transmission in accordance with the standard specified in § 170.205(r)(1).
Standards & References
The following standards are referenced within the certification criteria for:
§ 170.315(f)(6) Transmission to public health agencies — antimicrobial use and resistance reporting
Applies to entire criterion
§ 170.205(r)(1)
HL7® Implementation Guide for CDA® Release 2 – Level 3: Healthcare Associated Infection (HAI) Reports, Release 1, U.S. Realm, August 2013
Technology is only required to conform to the following sections of the implementation guide:
HAI Antimicrobial Use and Resistance (AUR) Antimicrobial Resistance Option (ARO) Report (Numerator) specific document template in Section 2.1.2.1 (pages 69-72);
Antimicrobial Resistance Option (ARO) Summary Report (Denominator) specific document template in Section 2.1.1.1 (pages 54-56); and
Antimicrobial Use (AUP) Summary Report (Numerator and Denominator) specific document template in Section 2.1.1.2 (pages 56-58)
Standards Version Advancement Process (SVAP) Version(s) Approved
§ 170.205(r)(1) HL7
CDA
R2 Implementation Guide: Healthcare Associated Infection (HAI) Reports, Release 3 - US Realm, December 2020
For more information, please visit the
Standards Version Advancement Process (SVAP) Version(s) page
Certification Dependencies
IN THIS SECTION
§ 170.405
Real World Testing
Products certified to this criterion must complete requirements outlined for the Real World Testing Conditions and Maintenance of Certification.
Note: Enforcement discretion has been issued for CY 2025–2026. Refer to the
Enforcement Discretion Notices
for full details.
Privacy and Security
This certification criterion was adopted at § 170.315(f)(6). As a result, an ONC Authorized Certification Body (ONC-ACB) must ensure that a product presented for certification to a § 170.315(f) criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.
The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (f) criterion unless it is the only criterion for which certification is requested.
As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, exceptions exist for § 170.315(e)(1) “View, download and transmit to 3rd party (VDT)” and (e)(2) “Secure messaging,” which are explicitly stated.
§ 170.315(d)(2)(i)(C) is not required if the scope of the Health IT Module does not have end-user device encryption features.
For more information on the approaches to meet these Privacy and Security requirements, please download the Privacy and Security CCG below:
Privacy and Security CCG
If choosing
Approach 1
Authentication, access control, and authorization (§ 170.315(d)(1))
Auditable events and tamper-resistance (§ 170.315(d)(2))
Audit reports (§ 170.315(d)(3))
End-user device encryption (§ 170.315(d)(7))
Encrypt authentication credentials (§ 170.315(d)(12))
Multi-factor authentication (MFA) (§ 170.315(d)(13))
If choosing
Approach 2
For each applicable privacy and security certification criterion not certified for Approach 1, the health IT developer may certify using system documentation that is sufficiently detailed to enable integration such that the Health IT Module has implemented service interfaces for each applicable privacy and security certification criterion that enable the Health IT Module to access external services necessary to meet the requirements of the privacy and security certification criterion. Please see the
21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program
Final Rule at
85 FR 25710
for additional clarification.
Design and Performance
The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
Quality management system (§ 170.315(g)(4))
: When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
Accessibility-centered design (§ 170.315(g)(5))
: When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Resources
The following resources can offer assistance or additional information:
§ 170.315(f)(6) Transmission to public health agencies — antimicrobial use and resistance reporting
PDF DOCUMENT
Real World Testing Resource Guide
2025-10-01
PDF DOCUMENT
Real World Testing Fact Sheet
Certification Companion Guide Changelog
The following changelog applies to:
§ 170.315(f)(6)Transmission to public health agencies — antimicrobial use and resistance reporting
Changelog functionality is not available.
Revision History
Version #
Description of Change
Version Date
1.0
Initial publication
03-11-2024
1.1
Added update to Certification Dependencies section to reflect recent Real World Testing enforcement discretion notice.
07-23-2025
Test Procedure
v1.0
View Changelog
Issued Date:
03-11-2024
This Test Procedure illustrates the test steps required to certify a Health IT Module to this criterion. Please consult the most recent ONC Final Rule on the
Certification Regulations
page for a detailed description of the certification criterion with which these testing steps are associated. ONC also encourages developers to consult the Certification Companion Guide in tandem with the test procedure as it provides clarifications that may be useful for product development and testing.
Quick Overview
Required Updates
None
Design and Performance
Additional Criterion Information
Base EHR Definition
Not Included
Real World Testing
Yes
Insights Condition
No
SVAP Versions
Yes
TESTING STEPS
TOOLS AND DATA
TESTING COMPONENTS
CHANGELOG
IN THIS SECTION
View Regulation Text
Testing Steps
Note: The tests step order does not necessarily prescribe the order in which the tests should take place.
Search and Filter
Search Here...
Filter By Paragraph
Filter By Date
Sort:
Testing Steps
System Under Test
The Health IT Module creates Antimicrobial use and resistance reporting information in accordance with the following sections of the standard specified at § 170.205(r)(1) HL7
Implementation Guide for CDA
Release 2 – Level 3: Healthcare Associated Infection (HAI) Reports, Release 1:
HAI Antimicrobial Use and Resistance (AUR) Antimicrobial Resistance Option Report (Numerator), document template in Section 2.1.2.1;
Antimicrobial Resistance Option (ARO) Summary Report (Denominator), document template in Section 2.1.1.1; and
Antimicrobial Use (AUP) Summary Report (Numerator and Denominator), document template in Section 2.1.1.2.
Approved SVAP Version(s)
HL7
CDA
R2 Implementation Guide: Healthcare Associated Infection (HAI) Reports, Release 3 - US Realm, December 2020
Test Lab Verification
The tester reviews the validation report and verifies that the documents generated are correct and without omission, reflecting the data entered into the Health IT Module, using value sets specified by the HL7
HAI Reports implementation guide.
The tester imports each antimicrobial use and resistance reporting document into the test tool for validation and uses the Validation Report produced by the test tool to verify the report indicates passing without error to confirm that the Antimicrobial use and resistance reporting document is conformant to the specified templates of the § 170.205(r)(1).
TEST TOOL DOCUMENTATION
Testing Tools
§ 170.315(f)(6) Transmission to public health agencies — antimicrobial use and resistance reporting
CDA Validator
This validator is not intended for use with PHI/PII. Only use this validator with test/sample data that contains no PHI/PII.
Testing Components
§ 170.315(f)(6) Transmission to public health agencies — antimicrobial use and resistance reporting
Documentation may be used as a method to demonstrate conformance but is not required for this criterion. Health IT developers may optionally provide documentation to supplement other testing methods.
Visual inspection is an approved method to demonstrate conformance. Most commonly, this will be accomplished via a live demonstration of functionality that meets the criterion.
Testing Tools
Testing tools indicate that a test tool(s) exists and must be used to test a portion or all of a Health IT Module's conformance to the criterion.
SVAP
Indicates that the Standards Version Advancement Process (SVAP) is applicable to the criterion.
Test Data
The test data for this criterion is not provided by ASTP. Developers will be expected to provide their own data in order to validate testing.
Test Method Changelog
The following changelog applies to:
§ 170.315(f)(6)Transmission to public health agencies — antimicrobial use and resistance reporting
Changelog functionality is not available.
Revision History
Version #
Description of Change
Version Date
1.0
Initial publication
03-11-2024
The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.
Additional Criteria:
§ 170.315(g)(4)
Quality management system
Description:
When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
§ 170.315(g)(5)
Accessibility-centered design
Description:
When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively, the developer must state that no accessibility-centered design was used.
Loading Privacy & Security content...
Standards Version Advancement Process (SVAP)
The Standards Version Advancement Process (SVAP) permits health IT developers to voluntarily update health IT products certified under the ONC Health IT Certification Program (Certification Program) to newer versions of adopted standards as part of the "Real World Testing" Condition and Maintenance of Certification requirement (§ 170.405) of the 21st Century Cures Act.
Learn More About SVAP
SVAP Approved Version:
DECEMBER 2020
§ 170.205(r)(1) HL7® CDA® R2 Implementation Guide: Healthcare Associated Infection (HAI) Reports, Release 3 - US Realm
Related to standard reference: § 170.205(r)(1)
External Link Notice
Welcome to HealthIT.gov!
Thank you for visiting the HealthIT.gov website! We welcome your feedback using the "Submit Feedback" button at the bottom of the page to help us improve your experience!