Certification Disclosures

ONC Health IT Certification

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Vendor Name: Carbon Health Technologies, Inc.
Website: www.carbonhealth.com (opens in a new tab)
Address: 2100 Franklin St., Suite 355, Oakland, CA, 94612
Contact: Haritha Atluri,Director of Clinical Informatics, haritha@carbonhealth.com, (707) 653-6724
Product Version: CarbyOS EHR v2.0

  • Date the product was certified – 1/29/25
  • Unique certification number - 15.04.04.3216.Carb.02.00.0.250129
  • Certification criteria to which the product has been certified - 170.315 (b)(10); (d)(1, 5-6, 8-9, 12-13); (g)(4-5)
  • CQMs to which the product has been certified - None
  • Any additional software the certified product relied upon to demonstrate its compliance with certification criteria - None

Multi-Factor Authentication

Supported Use Cases for Multi-Factor Authentication (MFA)
CarbyOs EHR provides multi-factor authentication (MFA) in compliance with the Office of the National Coordinator for Health IT’s (ONC) Multi-Factor Authentication criterion at 45 CFR 170.315(d)(13). The following workflows support MFA within CarbyOs’s product offerings:

  • Login to CarbyOs EHR
    • Encompasses access for clinical, administrative, and support users.
    • MFA is required for initial login and can be configured per organization’s security preferences.
  • CarbyOs Mobile Access
    • MFA requirements extend to users logging into CarbyOs EHR via mobile devices for secure, on-the-go access.

MFA Options Available

  • Built-in 2FA Verification: CarbyOs includes built-in MFA capabilities using SMS and email-based two-factor authentication (2FA) at no additional cost, ensuring all user logins are securely verified.
  • Customer-Configured Identity Provider (IdP) Support: Organizations can enforce MFA using their own IdP through SAML 2.0 single sign-on (SSO) integration, including providers such as Okta and Microsoft Entra. Our engineering team is available to assist with custom IdP setups.

This robust MFA support enhances the security of CarbyOs EHR, providing flexible, industry-standard authentication options for all users and workflow settings.

EHI Export Functionality

CarbyOs EHR meets the certification criterion §170.315(b)(10) for Electronic Health Information (EHI) export by enabling users to export EHI in an electronic and computable format. The EHI Export functionality supports both single-patient and patient population exports.

  1. Single-Patient EHI Export

    • Users can export all EHI for an individual patient at any time without requiring developer assistance.
    • Export formats include C-CDA documents for clinical records, PDFs for billing and claims information, and original native formats for uploaded documents.
    • The export is electronic, computable, ensuring accessibility without preconditions.

  2. Patient Population EHI Export

    • Users can export all EHI for their entire patient population in bulk.
    • The export is electronic, computable, and supports system migration or data transfer to other health IT products.

  3. Limitations and Exclusions

    • EHI exports exclude psychotherapy notes as defined in 45 CFR 164.501 and information compiled for legal proceedings.
    • System administrators manage the ability to perform EHI exports to maintain data security.

  4. Benefits of EHI Export in CarbyOs EHR

    • Facilitates patient access to their records in a timely and computable manner.
    • Supports healthcare organizations in transitioning to other health IT systems or performing bulk data migrations.
    • Aligns with the interoperability and data access goals of the 21st Century Cures Act, ensuring compliance with federal requirements and enabling standardized data exchange.
Release NotesClinic Patient Workflow