Sphere EHR
- Developer Name:
- Sphere Technology
- Product Name:
- Sphere EHR
- Version:
- 1.0
Sphere EHR is a modern, cloud-native electronic health records platform built for ambulatory practices. It unifies scheduling, charting, e-prescribing, lab and imaging orders, results review, billing, and patient engagement in a single workflow, with standards-based interoperability through FHIR R4 / US Core, SMART App Launch, and the Direct Project. Sphere EHR is designed to keep clinicians focused on patients — reducing documentation burden, surfacing the right information at the point of care, and supporting safe, coordinated treatment across the care team.
Disclaimer: “This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.”
Criteria Pending Certification
- § 170.315 (b)(10): Electronic Health Information Export
- § 170.315 (d)(12): Encrypt Authentication Credentials
- § 170.315 (d)(13): Multi-Factor Authentication
- § 170.315 (g)(4): Quality Management System
- § 170.315 (g)(5): Accessibility-Centered Design
Multi-Factor Authentication (MFA)
Sphere EHR supports Multi-Factor Authentication (MFA), a layered sign-in process in which users supply a second credential in addition to their password. Requiring more than one factor helps keep accounts protected even if a password is leaked or stolen.
Electronic Health Information (EHI) Export
Sphere EHR supports export of Electronic Health Information (EHI) for both individual patients and entire patient populations. Step-by-step instructions, the export format, and the data scope are documented on our EHI Export guide.
Types of Costs
The following table itemises every additional cost a customer may be required to pay to implement or use the certified capabilities of Sphere EHR. All recurring fees are disclosed in the master services agreement. No additional fees are charged for ONC certified functionality beyond the items listed.
- Subscription: Per-provider monthly fee covering all certified criteria. Set at contract signing; reviewed annually.
- Implementation: One-time onboarding fee covering tenant provisioning, identity setup, FHIR data migration assistance, and clinician training. Quoted in writing prior to signing.
- Direct messaging: Pass-through fee for DirectTrust-accredited HISP service required for ONC § 170.315(b)(1) and (h)(1). Billed monthly per Direct address.
- e-Prescribing (SureScripts): Pass-through transaction fee per prescription routed for § 170.315(b)(3).
- Bulk-data API access: No charge for the certified API itself; third-party app developers register at no cost.
- SMS-OTP MFA: Pass-through carrier fee per text message when the SMS factor is enabled. WebAuthn/TOTP factors carry no incremental cost.
Contractual Limitations
The following contractual terms apply to customer use of the certified Health IT Module:
- Use is governed by a signed Master Services Agreement (MSA) and Business Associate Agreement (BAA). The BAA covers the Cloud Run / GCP infrastructure hosting Sphere EHR; sub-processor disclosures are published with the MSA.
- Customers may terminate the agreement at any time. Upon termination, Sphere Technology will export the customer's complete EHI dataset using the certified § 170.315(b)(10) export capability within thirty (30) days of the termination date.
- There are no “data hostage” provisions. EHI export is available to customers on demand at any time during or after the term of the MSA. There is no additional fee for exporting EHI.
- Re-distribution of the certified Health IT Module to third parties is permitted only under written sub-licence from Sphere Technology. Sphere Technology imposes no restrictions on the customer's right to communicate about its experience with the product, including safety and usability concerns.
Technical Limitations
Sphere EHR is delivered as a multi-tenant Software-as-a-Service. The following technical conditions apply to its use of the certified capabilities:
- Browser: The clinician web client targets the latest two stable releases of Chrome, Edge, Firefox, and Safari. Internet Explorer is not supported.
- Network: Continuous internet connectivity with TLS 1.2 or higher. Offline mode is not supported.
- Identity:Single sign-on requires the customer's identity provider to support OpenID Connect or SAML 2.0. Multi-factor authentication is available via WebAuthn, TOTP, or SMS-OTP.
- FHIR API: The § 170.315(g)(10) Standardized API conforms to FHIR R4 (4.0.1), US Core 6.1.0, SMART App Launch 2.2.0, and Bulk Data Access 2.0.0. Earlier IG versions are not supported. Public API documentation is available on the API Documentation page.
- Direct: Direct messaging requires a DirectTrust-accredited HISP counterparty. Sphere Technology has integrated with the Surescripts Direct network; other HISPs are supported on request.
Required Third-Party Costs and Components
The following third-party components and services are required to use one or more certified capabilities of Sphere EHR. Sphere Technology has not received any payment, rebate, kickback, or other consideration from any of these vendors in exchange for specifying their products.
- DirectTrust HISP (Surescripts or equivalent): Required for § 170.315(b)(1) Transitions of Care and § 170.315(h)(1) Direct Project. Customer pays the HISP directly per their pricing.
- Surescripts e-Prescribing Network: Required for § 170.315(b)(3) Electronic Prescribing. Customer pays per-transaction routing fees.
- Drug knowledge base (First Databank or Multum): Required for § 170.315(a)(4) Drug-Drug / Drug-Allergy interaction checks. Licensed by Sphere Technology and included in the subscription.
- Identity Provider (optional): Customer-supplied OIDC or SAML 2.0 provider when SSO is configured. No additional cost from Sphere Technology.
Data Provisioning Practices
Sphere Technology applies the following practices when provisioning, maintaining, and exporting customer EHI:
- All electronic protected health information (ePHI) is encrypted in transit (TLS 1.2+) and at rest (Google Cloud KMS, AES-256).
- EHI is stored in a customer-dedicated logical tenant within Sphere Technology's FHIR data store. Row-level security and tenant scoping prevent cross-tenant access.
- Audit logs of every read, write, query, prescribe, MFA event, and EHI export are retained for a minimum of six (6) years per § 170.315(d)(2) / (d)(10).
- Customers may request a complete EHI export at any time at no charge. The export format is documented on the EHI Export guide page and conforms to § 170.315(b)(10).
Product Updates and Release Procedure
Sphere Technology delivers certified Health IT Module updates as follows:
- Cadence: Continuous deployment of bug fixes and minor improvements; quarterly release notes summarising material changes; an annual release notice identifying any change to certified capabilities.
- Notice:Customers receive at least 30 days' advance notice of any change that materially modifies a certified criterion or that may require customer-side configuration.
- Pricing: Updates to certified capabilities are included in the subscription at no additional cost. New non-certified product modules may be sold separately.
- Security patches: Critical security patches are deployed without advance notice when warranted by risk. Post-deployment notice is provided within one business day.