We’re committed to providing outstanding solutions to out-of-hospital 
healthcare providers and our industry accreditations validate that.
These in-depth surveys and certifications assure customers that our system will exceed 
your expectations for security, privacy, trust assurance, certificate management, 
policies and procedures, business practices and more.

EHNAC and DirectTrust Accreditation

Updox is fully accredited by the Electronic Healthcare Network Accreditation Commission (EHNAC) and DirectTrust organizations:

  • EHNAC Registration Authority (RA)
  • EHNAC Certificate Authority (CA)
  • EHNAC Privacy & Security (HISP P&S)
  • DirectTrust Health Information Services Provider (HISP)
  • A HISP is an organization that provides Direct messaging services to securely transmit healthcare information over the internet.
  • A CA is an organization that issues digital certificates to Direct messaging organizations and users. Certificates help to ensure that Direct messaging is secure.
  • An RA is an organization that verifies the identity of individuals using Direct messaging. Identity verification helps further security by verifying that users “are who they say they are.”

ONC 2015 Edition Health Information 
Technology Certification

HIT Vendor: Updox
Version: 2016.0
Date Certified: 7/20/2017
Certificate #:
Version: 2016.1 (if using the new Updox Patient Engagement Portal)
Date Certified: 7/20/2017
Certificate #:


  • 170.315 (d)(1) Authentication, Access Control, Authorization
  • 170.315 (d)(2) Auditable Events and Tamper-resistance
  • 170.315 (d)(3) Audit Reports
  • 170.315 (d)(5) Automatic Access Timeout
  • 170.315 (d)(7) End User Device Encryption
  • 170.315 (d)(9) Trusted Connection
  • 170.315 (e)(1) View, Download, Transmit
  • 170.315 (e)(2) Secure Messaging
  • 170.315 (g)(1) Automated Numerator Recording
  • 170.315 (g)(4) Quality System Management
  • 170.315 (g)(5) Accessibility Centered Design
  • 170.315 (g)(6) Consolidated CDA Creation Performance
  • 170.315 (h)(2) Direct Project, Edge Protocol, and XDR/XDM

Clinical Quality Measures

  • None (not applicable to Updox services)

Additional Software Required

  • Certified Electronic Health Record (EHR) software

Updox is ONC Health IT 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Direct Messaging

This functionality allows practice/hospital users to securely exchange Direct messages with external providers. Direct messages may include clinical data, notes, and other healthcare related information. The process for sending/receiving Direct messages varies depending on the EHR vendor partnered with Updox.

Secure Messaging

This functionality allows practice/hospital users to send and receive secure messages to/from patients using the Updox Patient Portal.  The process for sending/receiving secure messages varies depending on the EHR vendor partnered with Updox.

Patient Portal

This functionality enables a practice/hospital to give their patients online access to their health information, exchange secure messages with providers, and transmit clinical care summaries to other parties using Direct messaging or standard email. The Patient Portal is associated with a single practice/hospital.

Costs or Fees

This product may require a one-time integration fee, monthly Direct messaging subscription per address, monthly Patient Portal subscription per provider, and identity verification fee per attempt. The applicable costs are specified in the business contracts between Updox and its EHR vendor partners. 

Contractual Limitations

Updox Direct Messaging requires:

  • Acceptance of the user agreements for identity verification and the provider direct address directory
  • A trust relationship between Updox and the Health Information Services Provider (HISP) for the other party in the Direct message exchange (trust is already established with other Updox customers and with participants in the DirectTrust network)

Technical or Practical Limitations

Additionally, this product requires:

  • Electronic Health Record (EHR) software integrated with Updox
  • Direct addresses issued by Updox (may be individual, department, and/or organizational)  

Supported internet browser on user workstation:

  • Internet Explorer 9+
  • Microsoft Edge 20+
  • Firefox 20+
  • Chrome 28+
  • Safari 6+

Since the Patient Electronic Access measure counts patients with access via the Patient Portal plus patients with access via Application Program Interfaces APIs, contact your EHR vendor for instructions on this measure calculation.

ONC 2014 Edition Health Information 
Technology Certification

Version: 2014.1
Date Certified: 4/10/2015
Certificate #: 04102015-0178-5


  • 170.314 (e)(1) View, Download, Transmit
  • 170.314 (e)(3) Secure Messaging
  • 170.314 (g)(1) Automated Numerator Recording
  • 170.314 (g)(4) Quality System Management
  • 170.314 (h)(1) Direct Messaging

Costs, Contractual Limitations, and Technical/Practical Limitations are the same as above.

Updox HISP Practices Statement
Updox Certificate Practices Statement

Ready to get started?

Getting started is simple:

Let Updox simplify the business of healthcare enabling a better healthcare experience for the patients and consumers you serve.

Updox makes it easy:

  • Broad solution that works together better than any individual product
  • Understand and be ready to use in less than 30 minutes
  • Designed specifically for out-of-hospital providers and pharmacists
  • Dedicated On-Boarding and Customer Success expertise
  • Phone, email and live chat support