Transparency Disclosures

This Complete EHR is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Certified Product Information:

Developer Name: Painted Horse, Inc. (PHI Medical Office Solutions)

Product Name: PhyGeneSys EHR

Version: 5.0

Certificate Number: 0015EH5U4YSU6VK

Certified Date:  8/12/2019

Criteria Certified:

Criteria Criteria
170.315(a)(1) – Computerized provider order entry – medications 170.315(a)(2) – Computerized provider order entry – laboratory
170.315(a)(3) – Computerized provider order entry – diagnostic imaging 170.315(a)(4) – Drug-drug, drug-allergy interaction checks for CPOE
170.315(a)(5) – Demographics 170.315(a)(6) – Problem list
170.315(a)(7) – Medication list 170.315(a)(8) – Medication allergy list
170.315(a)(9) – Clinical decision support (CDS) 170.315(a)(10) – Drug-formulary and preferred drug list checks
170.315(a)(11) – Smoking status 170.315(a)(12) – Family health history
170.315(a)(13) – Patient-specific education resources 170.315(a)(14) – Implantable device list
170.315(b)(1) – Transition of care 170.315(b)(2) – Clinical information reconciliation and incorporation
170.315(b)(4) – Common Clinical Data Set summary record –create 170.315(b)(5) – Common Clinical Data Set summary record –receive
170.315(b)(6) – Data export  
170.315(c)(1) – clinical quality measures – record and export 170.315(c)(2) – Clinical quality measures – import and calculate
170.315(c)(3) – Clinical quality measures— report  
170.315(d)(1) – Authentication, access control, and authorization 170.315(d)(2) – Auditable events and tamper-resistance
170.315(d)(3) – Audit report(s) 170.315(d)(4) – Amendments
170.315(d)(5) -Automatic access timeout 170.315(d)(6) – Emergency access
170.315(d)(7) – End-user device encryption 170.315(d)(8) – Integrity
170.315(d)(9) – Trusted connection  
170.315(e)(1) – View, download, and transmit to 3rd party 170.315(e)(2) – Secure Messaging
170.315(e)(3) – Patient health information capture  
170.315(g)(2) – Automated measure calculation 170.315(g)(3) – Safety-enhanced design
170.315(g)(4) – Quality management system 170.315(g)(5) – Accessibility-centered design
170.315(g)(6) – Consolidated CDA creation performance 170.315(g)(7) – Application access -patient selection
170.315(g)(8) – Application access -data category request 170.315(g)(9) – Application access –all data request
170.315(h)(1) – Direct Project    

CQMs Certified:

CMS22v7 Preventive Care and Screening: Screening for High Blood Pressure and Follow-Up Documented
CMS65v8 Hypertension: Improvement in Blood Pressure
CMS68v8 Documentation of Current Medications in the Medical Record
CMS69v7 Preventive Care and Screening: Body Mass Index (BMI) Screening and Follow-Up Plan
CMS139v7 Falls: Screening for Future Fall Risk
CMS160v7 Depression Utilization of the PHQ-9 Tool
CMS165v7 Controlling High Blood Pressure
CMS177v7 Child and Adolescent Major Depressive Disorder (MDD): Suicide Risk Assessment

Costs and Limitations of Certified Health IT

Contractual Limitations:

Limitations may include, whether by contract or otherwise, the use of any capability to which technology is certified for any purpose within the scope of the technology’s certification, or be in connection with any data generated in the course of using any capability to which health IT is certified.

Limitations that could affect the usage of certified capability include:

  • One-time license fee, applicable per Provider.
  • Fixed monthly fee per provider to use the software and services as stated in the signed contract.
  • One-time cost per each integration setup. The integration fee is for each health information exchange, such as Lab Interface, HL7 Interface, Immunization Interface, Imaging Interface, etc. where applicable.
  • Monthly cost per e-prescribing/e-checking Provider.
  • Additional charges to enable EPCS prescribing per Provider & to establish connection with new Trust Network.
  • Provider licenses as PhyGeneSys is licensed on a per Provider basis that cannot be shared between Provider.
  • Third-Party Interfaces.
  • Signed contract when purchasing PhyGeneSys.  That contract does not contain limitations for the certified capabilities.
  • In order to use the Patient Education InfoButtons, our software is dependent on the NLM MedlinePlus Connect API launching secure website: and
  • In order to use Implantable Device List, our software is dependent on the NLM AccessGUIDID Device Lookup API:
  • The PhyGeneSys software does not directly encrypt data at rest.  PhyGeneSys recommends the use of third party software to fully encrypt all disk drives where the software is used.  This whole disk encryption ensures that all data stored on the end user device is encrypted in a FIPS 140-2 Annex A compliant method so that the PHI is protected.  For example, BitLocker ( can be set to encrypt an entire disk volume using the AES encryption algorithm.
  • Pursuant to Secure Exchange Solution (SES)’s security policy, the Direct Messaging capability is restricted, and users will be unable to exchange messages with users of third-party HISPs with whom the developer does not have a trust agreement.  Secure Exchange Solutions is a member of the DirectTrust community and is capable of exchanging with others within the DirectTrust community.
  • Electronic Prescribing [Relevant certification criteria: §§170.315.b.3] – This functionality allows providers to send unlimited prescriptions electronically to pharmacies and receive unlimited refill requests from pharmacies. Providers may pay an annual or monthly subscription fee ongoing based on their preference. No contractual limitations.
  • Receiving/Transmitting Transition of Care Summaries [Relevant certification criteria: §§ 170.315.b.1 and 170.315.h.1] – This functionality allows users to send and receive Direct-based messages to/from other users of certified health IT systems. Direct messages may include clinical data, notes, and other information. Providers may pay a monthly fee ongoing for Direct messaging service. Users will be limited to exchange Direct Messages with users and 3rd party Health Information Service Providers (HISPs) that have a trust agreement with EMRDirect.


Some of the costs listed above recur monthly/yearly and some are one-time setup costs.

There are costs associated with the software itself, user licenses, monthly subscriptions, any third party options / modules as selected by the client and for implementation and training. Third-party vendors are integrated within the software; therefore, the client may not choose any service they wish for integration purposes.

Technical Limitations:

Limitations may include, but are not limited to, technical or practical limitations of technology or its capabilities, which could prevent or impair the successful implementation, configuration, customization, maintenance, support, or use of any capabilities to which technology is certified; or that could prevent or limit the use, exchange, or portability of any data generated in the course of using any capability to which technology is certified.

  • There are no technical limitations to PhyGeneSys version 5.0.

Additional Software Required:

  • SQL Server 2008 R2 or later
  • Windows 2008 R2 Server or later
  • Windows 10 Professional
  • MS Office 2010
  • MD Toolbox for eRx
  • EMR Direct for Direct Messaging
  • Medline Plus

Link to the Drummond Certificate:

Click here to view the PHI Medical Office Solutions ONC Certification Certificate for PhyGeneSys.