Getting Started

While it is possible for healthcare facilities to internally implement CDA for HAI reporting, NHSN recommends considering a software or electronic health record (EHR) vendor with demonstrated expertise in this area.

What is a “CDA implementer” and how do I locate one?

A CDA implementer is an organization with expertise in CDA standards and ability to develop software according to the CDC NHSN Healthcare Associated Infection (HAI) Implementation Guide (IG). Many NHSN reporting facilities contract with an external CDA vendor (business) with this expertise. However, very large organizations may have the capability to develop and implement CDA with their internal resources. The Association of Professionals in Infection Control and Epidemiology (APIC) maintains a list of vendors that have expressed willingness to provide CDA services for NHSN reporting. Visit the APIC Website to locate the vendor list.

If you are a healthcare facility interested in reporting data to NHSN via CDA with the services of an external software vendor, start by talking to your IT staff to determine whether your facility has worked with any of the self-identified vendors on the APIC list (see link above) and whether any of the vendors’ software is currently implemented in your system.

CDA vendors are encouraged to contact APIC to be added to this list at or by phone at (202) 789-1890.

Vendors that specifically support the NHSN Antimicrobial Use & Resistance Module can be found on the Society of Infectious Diseases Pharmacists  website.

 Top of Page

Is patient consent required for a CDA vendor to report to NHSN?

The federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allows Clinical Document Architecture (CDA) vendors in their roles as business associates of healthcare facilities, to disclose patient identifiable information (PII) without patient consent to CDC’s National Healthcare Safety Network (NHSN) for public health purposes.  For additional information, NHSN recommends that CDA vendors, NHSN administrators and users in healthcare facilities, and staff in healthcare facility legal departments visit the HHS HIPAA website, in particular the “Public Health Uses and Disclosures” and “Business Associates” sections.

Can my facility implement CDA reporting on our own?

Can our Information Technology (IT) department export the data from our electronic medical records to import into NHSN?

Creating CDA files is more complex than simply exporting data in the correct file format. Your facility may not need an official CDA vendor, but expertise to interpret the NHSN Healthcare Associated Infection (HAI) Implementation Guide (IG) and familiarity with Health Level 7 (HL7) standards is required for success.

If you are a facility or vendor or interested in implementing CDA reporting on your own, or to learn more about requirements for CDA creation, view the Implementation Toolkit & Resources.

The toolkit contains the latest CDA Implementation Guide (IG), all associated vocabularies and value sets, business rules, example files, and other documentation necessary to implement CDA reporting into NHSN.


How should my facility get started?

Locate a CDA implementer. This may be your electronic medical record (EMR) vendor, a third-party CDA vendor, or for some very large organizations, your Information Technology (IT) department. Ensure the CDA implementer is signed up to receive regular e-mail updates from  Complete NHSN enrollment and set-up for your facility if you are not already enrolled in NHSN.

 Top of Page

How should I complete the NHSN Enrollment and facility set-up?

View the link below for a complete set of instructions to enroll and set-up your facility.

Complete NHSN enrollment and set-up for your facility.


What is the procedure for Object Identifier (OID) assignment?

Within each release of the HL7 Implementation Guide for CDA: NHSN Healthcare- Associated Infection (HAI) Reports document, guidance is provided for uniquely identifying a facility that sends CDA reports to NHSN.  Please refer to the following document for instructions to obtain an assigned OID for your facility:

OID’s are a 1:1 relationship. One OID to one facility.

The facility OID is assigned by PHINTECH and is unique for each facility. Some facilities may already have an OID assigned, but if not, please refer to the OID assignment procedure listed above to apply for an OID for each facility.

If you have more than 10 facilities requiring OIDs, please contact and we will send you a spreadsheet to complete.

To verify if a facility has or needs an OID, navigate through NHSN application as shown below.

Screenshot for entering assigned facility OID

Things to remember if facility is NOT yet doing CDAs

  • An OID is not required for enrollment into NHSN.
  • An OID is only required if the facility is importing CDAs.

 Top of Page